Hey guys,
Sunday funday!
But, before we delve into euphoria: is our traffic safe?
Hacking in general is a huge concern, in a market that will be worth $2 Trillion by 2019.
One way to encrypt your traffic was to implement SSL certificates on websites, but not all certificates were created equal.
As business owners, we must protect the identity of our customers, ergo we need to implement intricate means of security such as protected servers, protected clouds, SSL certified channels and compartmentalize as well as classify different types of users.
Ok, but many users ignore the “not secure channel” warning
True, but Google and others always assume that “The Lord preserveth the simple” (Psalms 116:6), ergo they must make sure that traffic is protected, and strongarm website owners to purchase SSL certificates.
Ok, how do I choose one then?
Here’s a simple breakdown of the five major types of SSL certificates:
Single domain – as the name suggests, it encrypts the traffic on a single domain such as “zefo.com”.
Ok, sounds secure enough – what’s the problem?
It only encrypts the traffic on one domain; if you have subdomains intertwined, they are not protected!
Wildcard – this one encrypts traffic on all subdomains on a single root domain or host name.
By implementing it, your entire website’s traffic can be encrypted and not just the checkout.
It also usually doesn’t have an imposed limit when it comes to subdomains like the SAN one, so check with your registrar.
Multi Domain (SAN) – as the name suggests, these encrypt the traffic on all domains with similar names as yours, providing better security than only a single domain certificate.
The registrar may impose a limit on the number of domains that can be associated (typically 100-200+ domains or so).
Organization – this certificate is quite similar to the single domain certificate, but made for companies that deal less with e-commerce or any kind of secure checkout.
This one requires you to authenticate all details regarding both domain ownership, as well as business data.
It may not worth the hassle, as it is almost identical to the first one.
Extended – the crème de la crème of certificates – this one takes even weeks to set up, but gives you the best credibility and most intricate encryption involved in it. Think of it as a mix of the SAN with the Organization certificate, with validation reserved for the most secure of companies, which gives you also a green address bar like this one:
Ok, but that certificate isn’t cheap – and I’m only starting out now
Wrong, with Let’s Encrypt and Cloudflare, you can get a certificate for free.
It’s a free script and as such, you must proceed with caution.
Why is it that important?
Because users should feel secure, you should feel secure, and it’s also a matter of time till Google downrank sites that don’t provide that nice “https” protocol web address prefix.
True, your site may have a lot of other security loopholes, but you should at least encrypt traffic to your website to at throw a smoke screen in front of would be perpetrators out there for your traffic.