Communication integrity is an issue humanity has grappled with for as long as there has been communication. The challenge is simple – sending a message over any distance means exposing that message to risk – the message carrier could, willingly or by accident, give the message to the wrong person, or the message could be taken from him by force, etc. Man, over the years, has employed various strategies to combat this issue: seals, signet rings and cyphers are a few. With the advent of computing and the digital age these techniques, unfortunately, became obsolete and a new protocol was necessary. That where Magento SSL certificates came in.
Secure sockets layer (SSL) technology (or its successor transport layer security, TSL) has, at its most simple, two main applications: to confirm that the message recipient is who they claim to be and to guarantee the message is received unchanged or unmolested. To achieve these goals SSL uses cryptography to create a secure channel between two remote computers, like a web browser and web server or between you and your bank, through which communication can be sent, and which, in conjunction with high level encryption, ensures confidentiality and message integrity. And SSL accomplishes this with almost no burden on servers and because SSL runs entirely in the background there’s no experience change for visitors (beyond seeing the HTTPS and padlock icons that are shown in the image below).
Who needs Magento SSL certificates?
The short answer: every website that handles customer data, and any business that uses email or has remote locations. SSL certificates are cheap enough, between $300 and $600 per year, that not taking advantage of their availability is needless, foolhardy and arguably criminal. Additionally, studies have shown a strong correlation between the presence of an SSL certificate and increases in conversions, with some in the industry claiming increases as high as 15%. The bottom line is that the cost to benefit ratio is skewed so far in favor of having an SSL certificate, even it only functions as a placebo, that you to not have one would be, simply put, stupid.
What types of SSL certificates are there?
SSL certificates are available in three basic website validation tiers: domain, organization and extended validation, each with a different level of validation attached. The domain level has the least vetting requirements – demonstrating control of an admin email address is enough – and cost the least $200 per year. The organization SSL requires a far more stringent vetting process, requiring 3rd party confirmation and some documentation, and costs $300 per year; both of these SSL certificates add the padlock and HTTPS signifiers. The EV level SSL certificate has the most extensive vetting process – in line with the CA/B form guidelines – and the most identity validation, as well as offering the most visibility to users because it adds a green band containing the website’s name and location right to the address bar.
Each of these three certificates covers a single domain name, and is available in 1-5 year periods. Alternatively, users can opt for a Wildcard SSL which is issued to *domain.com allowing a single SSL certificate to provide coverage for an unlimited amount of sites. One final option available is acquiring an SSL certificate with Subject Alternative Names (SAN) which allows user to add up to 40 domain or server name variations (e.g. paypal.com vs. www.paypal.com) to their certificate, achieving functionality similar to that of a Wildcard SSL certificate but with a higher level of security, since each name variation is registered in advance.
All of this adds up to something pretty simple: getting a Magento SSL certificate for your e-commerce site is a must, and as a bonus it is also probably the easiest, most cost effective way to raise conversions.
To find out more about Magento SSL certificates from Hara Partners.