Choosing Between Shared vs Private SSL
SSL ( which stands for Secure Sockets Layer) has become an essential component in designing web applications and websites nowadays. When a user inputs information on your website/ web app, the data is sent over a network of servers. An SSL certificate ensures that any information sent over the web and across computer networks to your website or web app is secure and encrypted and that it will only be accessible by the intended recipient. If your web app/ website is not encrypted with SSL, any of the servers in between can read the information.
Hence, it has become vital for webmasters today to install SSL certificates on their websites and web apps. It is especially so if you are accepting sensitive information such as credit cards, personal information, email, passwords, social security number, etc. on your website.
In addition to encryption, an SSL certificate also ensures authentication. It helps the user be sure that they are sending the information to the right server and not to a phishing impostor who may try to steal the information.
Becoming SSL certified has become very important for websites from an SEO perspective as well. Google is encouraging you to use HTTPS instead of HTTP and the reward you will get doing this transition is higher visibility and better ranking on google search results. Web browsers such as Google Chrome give out specific visual signals such as a green bar or a lock icon, which indicates to the visitor that the site that they are accessing is secure and has a valid SSL set-up on their server.
Google has even started to flag HTTP addresses with a warning sign that the website that the user is trying to access is insecure and this serves as a clear indication that Google punishes HTTP websites in its ranking algorithms.
If you are in the eCommerce business, many banks will refuse to provide you with internet merchant accounts if you are not set-up with SSL. Additionally, having SSL installed on your website/ web application is an important prerequisite in the payment card industry standards.
How To Get an SSL Certificate?
SSL certificate is easy to set-up, and after it has been done, you just need to route your HTTP traffic to your https one.
- Firstly, you need to ensure that your server is set-up on a dedicated IP address – It ensures that all the traffic that is being directed to that IP is for your website only. If your site is set-up on shared hosting, then you may have to contact your web hosting provider to upgrade your plan.
- Next, you must buy an SSL certificate – A certificate is essentially a sequence of letters and numbers that functions as a password. There are many SSL certificate providers from where you can get it. In most likelihood, your web hosting provider will provide one for you. When someone accesses your website via HTTPS, this password is checked, and once it is verified, all the information flowing to & from will be automatically encrypted.
- Activate and Install the certificate – You can do this from within your web hosting control panel. Once the certificate has been installed, you should be able to see your HTTPS website load.
- Update Your Website – Now you can either choose to move your entire site to use HTTPS, or you redirect only certain links where you accept input and data from the user. You can then replace these links within your website or do a server-side redirection to ensure that all traffic is routed to the HTTPS version.
Importantly, you must ensure that you are getting your certificate from a reputed provider. Web browsers will verify that SSL providers are adhering to specific guidelines. There are third-party audit tools such as WebTrust that you should look out for before locking down on your SSL certificate provider. Additionally, Let’s Encrypt is a Certificate Authority (CA) where you can get your SSL certificate at no cost. You may refer to their website for more information.
There Are Two Types of SSL Certificates.
Next, the critical consideration when you are deciding to set-up your website on HTTPS is that you have two options for doing so – Shared SSL and Private SSL. There is no difference between the two when it comes to the level of encryption and security guaranteed. Any input from the user will remain end-to-end encrypted. However, the difference between the two becomes significantly apparent when it comes to the URL displayed to the user and the costs.
A Shared SSL certificate (is also called as Self-Signed) gets installed on a global server, and it protects all the clients that reside on the server. Although it still delivers encryption, it is far insufficient for setting up secure logins or payment pages on your website. Sometimes, you can see a browser message that the connection is “untrusted”. With the Shared SSL, the SSL certificate is installed on the web-server in a shared hosting environment. Hence, instead of displaying the full URL that includes your domain, such as https://yourdomain.com, the displayed URL will be using the shared server’s domain name – https://youraccount.servername.com.
Another downside of the shared SSL is that the certificate will not bear your domain’s name. Users can see your certificate in chrome by following – More tools > Developer tools > Security. It is also visible to the users on Firefox, Safari and Internet Explorer.
Because of the risks associated with a shared SSL, the private SSL is the best way forward for user-facing web apps and websites. Private SSL is issued for your website only. If your site has Private SSL installed, it will signal to the user as a trusted domain. You will have the freedom to apply it on your whole website, or you may restrict it to specific web pages only that accept sensitive information – account logins, checkout pages, etc.
It is a much more preferred option for e-merchants and most of the web pages that accept payments.
In this article, we considered the two types of SSL certificates (Private and shared SSL ) that as webmasters, you can set up on your website. While a private SSL is always the best option, it can also get more expensive to set-up. You can use the shared SSL in situations where you need a secure connection to the server, such as admin areas that will not be visible by the general public.