Before buying SSL certificates for your small business, consult the table below. Digital.com offers real user opinions on the industry’s biggest providers, and we compile real user ratings from Twitter comments to give you an overall approval score. Here’s how to choose the best SSL certificate for your small business or startup website or online store.
| Company | Main features | Price | Rating | More |
|---|---|---|---|---|
 Comodo | Trusted by 99.9% of web browsers Up to $1,750,000 warranty Full 128/256 bit encryption Free 1 year PCI & vulnerability scanning 30-day money-back guarantee More features at comodo.com | From 12.99 /year | 40% score | Visit website Read reviews |
 GeoTrust | Up to 256-bit encryption Trusted by 99% of web browsers Up to $1,500,000 warranty Free SSL certificate management console Free 30-day trial plus money-back promise More features at geotrust.com | From 65.00 /year | 67% score | Visit website Read reviews |
 RapidSSL | 30-day money-back guarantee Up to 256-bit SSL encryption Trusted by 99% of web browsers Up to $10,000 warranty Free SSL reissue & competitor replacement More features at rapidssl.com | From 16.89 /year | 40% score | Visit website Read reviews |
 Symantec SSL | Up to $1,750,000 warranty ECC, RSA & DSA algorithm support Nearly 100% compatible with browsers & systems 30-day free trial Includes trust mark "Norton™" secured seal More features at symantec.com | From 274.00 /year | 67% score | Visit website Read reviews |
 Thawte | Trusted by 99% of web browsers Up to $1,500,000 warranty Full 128/256 bit encryption Free EV upgrader tool Free 21-day trial plus money-back promise More features at thawte.com | From 45.00 /year | 50% score | Visit website Read reviews |
SSL stands for Secure Sockets Layer. SSL ensures that the connection between a web server and a web browser is secure. So if a hacker is eavesdropping on your connection, they can’t see what you’re doing online.
If you’ve accessed online banking or a webmail account like Gmail today, you’ve already used SSL without even noticing.
The SSL certificate is key, because it verifies that the web server is genuine. If you run a small business, an SSL certificate is recommended to show your users that you respect their privacy and security. And if you conduct financial transactions online, SSL is essential.
Why Small Businesses Need SSL
SSL was created by Netscape, the same company that produced one of the first web browsers. It was originally designed to encrypt the connection between two computers on the same network, but ended up having a much bigger impact across the entire web. Version 2.0 — the first public version — was released in February 1995.
As cyber attacks become more and more sophisticated, security is increasingly important. If your email account has been hacked, you’ll know just how inconvenient and unnerving it can be. Every e-commerce store in the world should now have SSL enabled to protect customer data. And if you run a small business, you should implement it too.
Why? Most online consumers now recognize a secure connection, because it’s highlighted by their web browser. Many will refuse to go ahead with an enquiry or purchase if the SSL padlock icon isn’t present in the browser URL bar. And with good reason. Unsecured transactions represent a gold mine for hackers, and even a small data leak can result in identity fraud.
Even if you don’t accept payments on your website, you should still use an SSL certificate to secure users’ browsing. Since 2014, Google has given secure sites a boost in search results. (In fact, it has been keen to encourage the use of SSL since 2012.)
It’s a very small boost, but in competitive markets, it makes sense for small businesses to take advantage of any SEO advantage that comes along.
How SSL Sessions Work
Initiating a session is as simple as loading a web page that begins with the https:// protocol.
Note the difference between http:// and https://. That extra ‘s’ is what makes the connection secure.
When you press enter, your web browser initiates a connection to the website. It will send information that is not confidential to do this. When the server replies, it sends the browser its certificate and a public key.
Your web browser then validates the certificate and returns a secret key to confirm that the connection is secure. Once that happens, all data is protected by a virtually unbreakable encryption algorithm.
What’s In an SSL Certificate?
SSL certificates are issued by trusted providers (also called ‘authorities’ or ‘issuers’), that are responsible for authenticating the business requesting the certificate. There are dozens of providers on the market, including Thawte, Symantec, and GeoTrust.
Prices vary from provider to provider. So it’s important to compare SSL certificate providers to ensure that you’re getting the best deal.
The SSL certificate verifies the identity of the server. For small businesses, the certificate will typically confirm your:
- Domain name or hostname
- Company name
- Location
- Date of certificate creation
- Date of certificate expiry.
SSL certificates can be forged. So the issuing authority is important. It’s the authority that confirms that your small business is genuine.
In most circumstances, your browser will try to verify the signature from a list of known authorities. This list is built into the code of the browser itself, so verification adds very little overhead to loading times.
Understanding SSL Certificate Types
Now that you understand how certificates work, we can get into the detail of what each type does. Right now, there are three different types of SSL certificate. Let’s look at each one in turn.
Extended Validation SSL Certificates
Extended Validation – or EV – certificates are only issued once the provider has validated the website. This vetting makes the approval method very reliable. Typically, this type of SSL certificate is used for government agencies and very large businesses.
Organization Validation SSL Certificates
Organization Validation – or OV – certificates verify the business only. The provider, or authority, conducts a series of checks before the SSL certificate is granted. That includes the business’ trading address. If a website has this kind of certificate, customers should assume that the website is legitimate and connected to a genuine, functioning business.
Domain Validation SSL Certificates
The final certificate type is Domain Validation, or DV. This type of SSL certificate involves the least amount of verification; the provider simply checks that the domain name is legitimately owned, and the registration data matches the SSL certificate application. The provider does this by running a check on the WHOIS record for the domain.
Are Non-Secure Connections Risky?
In a word: yes. And they’re risky for your small business, as well as your customers.
You might have read about the dangers of public WiFi. On an unsecure WiFi network, it’s technically possible for anyone to see what you’re doing online.
If your website doesn’t have SSL, hackers and other criminals can view personal data when forms are submitted. They can use packet sniffing to see the data that is being transferred to your server. You may also be susceptible to attacks from compromised computers, such as a machine running malware.
A malicious observer could scrape credit card details and logins, for example. And that could have massive consequences for your customers.
Let’s face it: for any retail operation, a personal data breach is a huge no-no. It will almost certainly result in bad press for your brand, and it could lead to fines and penalties.
At best, you’ll lose custom and revenue. At worst, your business will crash and burn. It just isn’t a risk worth taking.
