Choosing an SSL Cert

Choosing an SSL Certificate is a difficult task for business owners to tackle these days. Attempting to determine uninformed what SSL cert. that you need can cost you lots of money.

http://www.geotrust.com/ssl/

On the comparison page above you’ll notice each of the SSL certs have bulleted features. The first thing that I want you to notice is the 256-bit encryption. You’ll notice that all of the offerings have the same encryption. What this means is that the actual transmission of data is the same level of encryption for all the certs.

The second item of interest is the warranty. If you read the disclaimers of any of the SSL providers you’ll note that the warranty they offer only covers your site if they (the issuer) were negligent in some way when providing you with, or producing the SSL cert. I don’t want the warranty to give you an false sense of security. It’s extremely unlikely that the SSL certification will be the source of the problem for any potential malice that your site might endure. SSL is a proven technology and there is very little room for the SSL company to be negligent.

So far we’ve identified two bullet points which you can safely ignore.  Let’s look at some that matter. There are essentially two types of validation:  Domain Name Validation and Full Business Authentication. Domain name validation simply ensures that you do in fact own the domain name for which you are ordering the SSL cert. They do this by sending an email to one of the email contacts on record with your registrar. This method is quick and you can get approval in a matter of minutes. Then there is the full business authentication, which a person is involved that checks the business license, and makes a phone call to the business owner listed on the license to confirm the purchase.

Why would I go to all the extra trouble just to pay a higher amount you ask? Well the SSL providers would say that it all comes down to trust.

In the browsers above notice how all the address bars are green. This is what a site looks like that has an “EV” or Extended Validation cert. SSL certs that are advertised as “EV” have this “green bar” effect. This is supposed to inspire trust in the end user of your site and increase you conversions because the user can determine that you are who you say you are.  Verisign claims a 17.8% higher conversion due to this green bar. However, I would like to see an independent study.

There is another aspect of trust that you see related to SSL certs and that is the “trust mark”.  See below for some examples of these.

The trust marks have an animation or dynamically-generated dates to prove authenticity and reduce counterfeited use of their logos. These are essentially an act of branding. If you think there is value to the brand of the certificate which inspires trust in the customer then you should consider purchasing that cert. If you have purchased one of these EV certs, by all means, put the trust mark on your site, because if the myths are true, you might be missing out on ~20% increase in sales. If you click on one of these marks, typically the provider offers some basic security checks and displays them to the user. If, for some reason, the site does not pass the security audit, you are alerted and the trust mark simply doesn’t show.  Trust marks can only affect your site in a positive manner.

Hopefully, this post has given you the information you need to help make your decision. In an effort to make the web secure, Whiteboard is offering, for a limited time, to install any GeoTrust or Verisign EV for your site free of charge if purchased through us.

We are also offering free consulting on choosing a certificate that is right for you. Give us a call today! (800) 940.3703

Talk about us!