SSL What Why Where

What

SSL stands for secure socket layer.  It is the technique used to encrypt and secure data over the internet.  It is most known for use in web browsers.  When you go to a secure web site (known as http over SSL or https), you will see a little lock icon somewhere which shows you that the site is secure.  Things get complicated when you shop for SSL certificates where you can also get site seals or EV SSL and you’ll find a wide range of prices ranging from $30/year to over $1,000/year.

Terminology

1. SSL certificate – A basic SSL certificate is all you need for a lock to be displayed in a browser.
2. Site seal – If you purchase an SSL certificate, it often comes with a site seal which is a little graphic you can display on your site which will tell visitors that your site is secured by that SSL seller.
3. “Deluxe” or “Premium” SSL – Most SSL sellers offer some more expensive version of SSL which is typically the exact same SSL certificate accompanied with a site seal or more advanced site seal.
4. Multi-domain SSL – It is possible to purchase one SSL certificate that can work for multiple domains which makes it much easier to manage if you need to secure many domains.  This is typically only worth getting if you have a lot of domains.
5. Extended Validation (EV) SSL – This is the latest and most expensive SSL which in addition to basic SSL will also cause a green security bar to be shown in the latest web browsers.  The green bar means the SSL purchase was verified as a real business which is supposed to make the visitor feel all warm and fuzzy inside.  Considering it isn’t that hard to make a fake business, I never get that feeling.  Also, less than 1/3 of browsers in use right now can show the green bar and most people don’t even know what it means yet.

Why

Without encryption, everything you send from your computer to a web server is totally readable by anything in between.  Things get even more unsafe if you are at an open wifi spot at a cafe where anyone around you can watch all the unencrypted data you are sending and receiving.  As a result, some actions such as site logins or purchasing online must be encrypted with SSL.

Where

There are several places you can buy SSL certificates.  Many are extremely overpriced for no good reason.  From cheapest to most expensive, I’d recommend the following:

1. GoDaddy.com – The standard SSL from GoDaddy is $30/year and you can typically get a discount off of that with a promo code.  They also offer EV SSL for $500/year.  Sadly, that is relatively cheap for EV SSL.  One complaint I have about GoDaddy is their site to manage your SSL is ugly and confusing.  Another problem is they are not a top tier SSL provider so you have to install what’s called a certificate chain file in addition to the certificate.  If you can handle the extra work and poor site, they are the cheapest way to go and in the end, the SSL works the same.
2. Geocerts – This is a site that resells GeoTrust certificates for cheaper than GeoTrust sells directly.  GeoTrust certificates are easier to install than GoDaddy because you don’t have to deal with a certificate chain.  They also make the process quick and easy.  Their basic SSL is $99 and their Premium is $129.  If you want a good site seal that is clickable that brings up a useful dialog box about your SSL, GeoTrust Premium is the way to go.
3. VeriSign – These guys have been around for a long time and they do a good job but their prices are nuts.  $400 for basic SSL and $1000 for EV SSL.  If money is no object, you can consider them.