Creating a secure website
If you’re looking to purchase an SSL certificate so you can secure your website, here are some things to keep in mind:
Choose a reliable SSL certificate issuer
While just about anyone can issue SSL validation, the legitimacy of your SSL certificate depends entirely on the reputation of the company that issued it. All universally trusted SSL certificate providers have prospered through years of intense public scrutiny. In addition to reputation, check out the provider’s customer service team and make sure they’ll be there if and when you need them.
Use strong private keys
It seems that 2,048-bit RSA and 256-bit ECDSA keys are rapidly becoming the industry norm. Most good SSL providers will not offer to create keys for you unless it is done under very specific circumstances and in a secure environment while using hardware tokens. Even the industry’s top SSL certificate providers should never be in a position to know your private encryption keys – and they do not need them to do their job properly. Give access only to people you trust and be sure to renew it regularly.
Configure servers properly
Make sure to use the latest SSL/TLS protocols and install complete certificate chains. Make sure all potential hostnames are covered with a certificate using perfect forward secrecy to ensure that compromised encryption keys will not endanger keys used for previous sessions. Consider using OCSP stapling to ensure your clients’ browsers will automatically get notified if your website’s certificates have been revoked.
To identify the best SSL certificate providers on the market, we’ve created a list of requirements that all good SSL certificate vendors should be able to satisfy.
Cost can be the key deciding factor for many people. When it comes to SSL certificate pricing, costs range from free (for a limited time) to almost $1,000 per certificate.
With such a large range in pricing, it can be tricky knowing where to start. Many people looking to purchase SSL certificates simply go for the cheapest option. While this can be a tempting route to take, you should remember that the cheapest SSL certificate plans usually include minimal setup assistance, documentation, and features.
Our advice: Prioritize the provider’s reputation and quality of service. Be sure you have a clear idea of what sort of certification you need. Then you can compare the prices of providers with a similar reputation and service quality.
One of the key tasks in picking a good SSL provider is looking at the types of certification that they provide. SSL certification generally fits into one of three categories depending on the level of validation. The best SSL certificates naturally are the most complex to implement and are therefore the most expensive.
- Domain validation: DV is the budget option. These certificates simply prove that you own a domain. They satisfy the requirement to have an SSL certificate and communications with users will be encrypted, but they don’t provide much protection beyond that.
- Organization validation: OV is the basic expectation for commercial websites. In addition to domain validation, the organization that owns the website will be asked to provide a name and address.
- Extended validation: EV is the best and most expensive option. This type of certification typically takes the longest. It’s offered only by the top SSL certificate providers. Organizations looking to get this type of validation will have to submit to a full background check that ensures they are legally registered as businesses, operate out of the addresses provided, and so on. This is the go-to certification for e-commerce websites, financial institutions, and large companies.
There’s also the matter of how many domains a certification authority covers with a particular program. Typically, programs come in Single Domain (one domain only), Wildcard (domain and unlimited subdomains), Multi-Domain (several domains), and Unified Communications Certificate (multiple domains and hostnames) flavors. Your job is to pick which one best meets your needs.
This is the time it takes to have your website certified. When you’re looking for the best place to buy an SSL certificate, processing time can be a crucial factor – especially for e-commerce websites.
While there are clear differences in speed when it comes to different certification authorities, it is usually the level of certification that plays the most important role in determining the speed of the certification process.
While it may not seem as important as the other factors we’ve mentioned, good customer support can make all the difference when buying an SSL certificate. Here we consider everything from how well documented the company’s offer is on the website to how easy it is to reach the customer support staff.