SSL (Secure Sockets Layer) is a security protocol designed to send or receive sensitive information over the internet. Typically SSL is used by websites which collect personal or financial (e.g. credit card) information and its use is recognised by the https://URL. Data sent between the server and the users’ browser is encrypted.
Why do I need one?
Particularly for e-commerce websites, many users won’t trust the validity of your business without an independent verification in the shape of an SSL certificate. Any organisation or website that wants to demonstrate they’re serious about data protection should have an SSL certificate.
Which SSL is right for me?
Firstly, choose the certificate type that you require – either a simple domain level authentication, organisational level authentication, or extended validation certificate.
Domain level – useful for sites where encryption is required, but there is no need to demonstrate trust with the user. Examples include intranets and forms submitting non-sensitive data. These take around 24 hours to apply.
Organisational level – useful for any logins to websites, shows the user that the organisation is secure and validated as well as the domain displaying a site seal. Useful for any organisation expecting to handle transactions with the public. These take up to 5 days to apply.
Extended Validation – turns the browser bar green, provides more visual information to demonstrate the security of the site. Used where trust and validation is absolutely required for the end-user, for example important e-commerce websites, logins to sites with sensitive data, banking facilities and so on. These take up to 10 days to apply.
Wildcard SSL – this is a type of SSL that enables unlimited subdomains to be secure. E.g. subdomain.domainname.com, subdomain2.domainname.com
Site Seals – these aren’t an SSL, but certifies that the owner of the site has been verified and that the site is free of malware. This can be used in addition to an SSL certificate, or simply to demonstrate any website is free of malware.
SiteLock seal – similar to Site Seals, these provide a deeper analysis of the website and website owner's contact information. They checks for malware, viruses, SQL injections and cross-site scripting vulnerabilities, and verify that email addresses and servers haven't been included on spam blacklists.
Code-signing certificates – used when downloading software, these certificates verify the software and the organisation supplying the software. Most often found on software publisher websites.
The next step is to choose the vendor that you feel offers the best type of certificate for you and what you feel represents best value for money – visit the vendors’ websites for further information on each certificate type.