SSL certificates: why it makes sense to buy a certificate
SSL certificates have become standard. Google with its “HTTPS Everywhere” initiative forces the usage of SSL websites. As of July 1, 2018, the Chrome browser will display any website as “unsafe” that does not have an SSL certificate. Google has also made SSL mandatory for the new .APP domain. In conjunction with the .APP domain, a website must have an SSL certificate for the website to function properly.
SSL certificate and security
At the technical level, an SSL certificate has the task of encrypting the communication between the visitor’s web browser and the web server. Any certificate can do that. But why are there different types of certificates?
SSL certificate types DV, OV, EV
We explain in simple words what that means, more details you can learn on our website here.
- DV – Domain Validated
This means that only the domain is checked. If you have technical access to a domain’s website, you can create this certificate. It fulfills the basic requirement of a certificate, the technical encryption of communication between web browser and web server. The advantage of these certificates is that they are available immediately or within 15 minutes.
- OV – Organization Validated
For this certificate, the certification authority also checks the company or organization. In addition, the company name and registration number of the company can also be found in the certificate. This certificate meets the technical requirements ofcourse, and also guarantees the operating company behind the domain and the certificate.
- EV – Extended Validation
With an EV certificate, the company is also checked as with an OV certificate. In addition the company name is displayed directly in green letters in the browser’s address bar. This makes it immediately obvious to a visitor which company he is communicating with.
letsencrypt: The free SSL certificate for everyone
letsencrypt is an open source certificate whose main sponsors include the Electronic Frontier Foundation (EFF) and the Mozilla Foundation. The goal is that every website operator can encrypt his website for free. letsencrypt certificates have brought a lot of movement into the SSL market. Letsencrypt certificates make perfect sense because it allows any web project to be encrypted instantly and at no extra cost. However, letsencrypt certificates are just DV (Domain Validated) certificates.
Why buy an SSL certificate?
Transparency, trustworthiness and security are not just technical claims. The technical claims cover all certificate types. Depending on which offer is on a website, it is important for visitors to know which company they are dealing with. Often the domain name is not always the same as the company name. Such as with us – ihost24 is a brand of VIRTEXXA Cloud Services SRL. With an OV or EV, the visitor can be sure that the certificate was issued not only for a domain name but also for a verified company. For this reason, the process takes longer to get an OV or EV certificate. Likewise, the certification authority contact the applicant of the certificate by a telephone call.
This process is also repeated when renewing a certificate.
For this reason, it makes perfect sense to purchase certificates. Of course with regard to the offer on your website.
SSL with multiple domains and redirects
A different topic, but what we also want to discuss here, are domain redirects. With SSL certificates, certain domain configurations can quickly land on pages that are suddenly unavailable.
We own the domain ihost24.at -> This is a redirect to https://ihost24.com/de/
If you only enter “ihost24.at” in the address field of the browser, the browser first searches for port 80 (http – unencrypted) and then carries out the forwarding. This works fine.
Many visitors are becoming more and more accustomed to putting an “https” in front of the domain name. If someone enters now https://ihost24.at, he would get as answer, the site is not available.
Therefore it is necessary that “ihost24.at” receives a certificate too. Here it makes sense to use a letsencrypt certificate. We have letsencrypt certificates on all our additional domains that are redirected. The main domain itself has an EV certificate.
If you run an offer on your website, which requires trust on the part of your visitors, the purchase of an SSL certificate makes sense. So both free and paid SSL certificates have their advantages.