Securing website with a SSL Certificate

What is SSL or Secure Sockets Layer?

An SSL Certificate can be seen as an identity card for your website and gives a clear signal to your visitors that the connection to the website is encrypted and all data that you enter or share with this website is protected.

Secure Sockets Layer (SSL) is the name for the encryption protocol that makes it possible to secure communication on the internet. By means of a complex encryption of the transmitted data, both the authenticity of a website and the security of the connection over which the data is transmitted can be guaranteed. In other words, a website with an SSL connection can guarantee that the website is from whom a visitor thinks it is.

The communication with the website, when data is sent (for example, filling in online forms), can not be listened to.

SSL is a powerful tool for protecting your customers or visitors against the misuse of data that is filled in or retrieved on your website. Examples include credit card information, online orders for products, contact details, passwords and user names, and confidential communication via a website.

When dealing with sensitive personal data – such as passwords, name and address details and payment information – SSL certificates have been mandatory since the introduction of the new privacy law (GDPR) and certainly contribute to the visitor’s trust of your website.

The use of SSL also has a positive influence on the position of your website in the Google search results. With this, Google motivates owners of websites, more and more to contribute to the safe use of the internet.

Difference in SSL certificates

You can roughly classify SSL certificates into 4 categories:

LE – Let’s Encrypt
DV – Domain Validation
OV – Organisation Validation
EV – Extended Validation

The big difference between the different certificates lies in the level of checks that are carried out to establish the identity of the organization applying for the certificate. This is dealt with in the frequently asked questions regarding SSL. You will find these questions and answers on this page.

Let’s Encrypt provides free SSL certificates

DigiState also provides the free SSL certificates from Let’s Encrypt for your hosting environment. Let’s Encrypt only provides certificates with domain validation, which provide a secure connection (encryption), but does not provide an identity guarantee (authentication). Visitors to websites with an LE know that their data is sent securely, but unfortunately can not check in the details of the certificate to whom the data will be sent.

Where there is little or no control with a free Let’s Encrypt certificate (and everything is fully automated without the possibility of contacting someone) for Extended Validation that is an entirely different story.

It happens more and more that on the so-called phishing domains LE and DV certificates are being used, with these certificates, cyber criminals try to give phishing websites a reliable look. Because of the simple availability without real checks when issuing these LE certificates, the abuse has increased enormously in recent times.

This makes, in addition to encryption, the identity check an even more important function of an SSL certificate. For this you need a certificate with minimal company data (OV or EV certificates). Because these company details must be checked manually, Let’s Encrypt can not provide these certificates. For the delivery of an OV or an EV certificate, you will always have to fall back on certificates from other SSL issuers, the so-called Certifcate Authorities (CA), which you can request via DigiState.

SSL – FAQ – Frequently Asked Questions

Why would I want SSL for my website?

SSL provides the “S” in HTTPS. It is not without a reason that HTTPS becomes the new standard for websites.

An SSL certificate:

Protects the data of your visitors.
Prevents error messages from browsers (for example the “not safe” message).
Ensures that you comply with the legislation.
Ensures a higher position in the Google search results.

What are the differences between the types of SSL certificates?

The names for the different certificates are:

Domain Validation – DV
Organisation Validation – OV
Extended Validation – EV

Product details	LE	DV	EV
Secure connection	yes	yes	yes
Company details in certificate	no	no	yes
Green address bar	no	no	yes
Insured value	none	low	high
Identity check applier	no	no	yes
Domain check	yes	yes	yes

Commercial	LE	DV	EV
GDPR compliant	yes	yes	yes
Prevent browser warnings	yes	yes	yes
Suitable for non-business sites	yes	yes	yes
Suitable for public sites	no	no	yes
Suitable for business sites	no	no	yes
Conversion enhancing	no	no	yes

Which organizations should use Extended Validation (EV) SSL certificates?

For all business and / or commercial websites (eg webshops) an EV certificate is a must. The reliable appearance that the green address bar with company name (green in most browsers) that is shown in the browser is seen as one of the big benefits.

Due to the strict issuing process and the recognizable visual characteristics, EV certificates give website visitors more security. Very important, therefore, if you run a business website.

Several studies show that due to the increasing Internet crime, the fear of data abuse increases. If you can provide an EV certificate on your website and show that visitors can safely leave their data on your website, you give your visitors an extra sense of security.

These EV certificates are especially important for:

Web shops
Government
Financial institutions
Insurence companies
Other legal organizations and healthcare

Why are EV certificates more expensive than other versions such as DV and OV?

This is mainly due to the strict, labor-intensive, manual checks that are carried out during EV validation. Fully automated initiatives such as the free certificates of Let’s Encrypt, can not provide certificates with company data, this is also one of the most important differences.

Can an EV SSL prevent phishing?

Phishing is very popular among internet criminals and certificates without company data are therefore increasingly used for the so-called phishing domains. This is intended to give phishing websites a reliable image.

Since the introduction of free certificates that are widely available, the abuse is increasing. So in addition to encryption via the SSL certificate, the identity check has an even more important function of an EV SSL certificate. In itself, the use of an EV certificate can not prevent phishing, but it does help to allow visitors to distinguish legitimate websites from phishing websites.

Only the EV SSL certificate will eventually display the green lock (in most browsers) and the company name, which gives visitors a higher feeling security and reliability. Visitors to your website(s) will immediately see that the data they fill in will be encrypted and that they have actually landed on your organization’s website and not on a phishing website of internet criminals.

Which SSL certificate is the most suitable for my organization?

If you have not found out the answer based on the information on this page, do not hesitate to contact us, we are always happy to provide you with appropriate advice for your specific situation. Feel free to contact us!

With the introduction of the GDPR, the use of SSL for the protection of visitor data entered in forms on websites, is practically mandatory at European level. Google has been working on adjusting how SSL looks like in the Chrome browser for some time. HTTP now receives a ‘Not secure’ warning.

Because of these developments, more websites worldwide use HTTPS than HTTP. Websites with HTTPS will soon be displayed as ‘neutral’ by the browser Chrome (Google), only websites with an EV-SSL certificate will receive a positive sign. The other major browsers (Firefox, Edge, Safari, Opera etc.) will undoubtedly follow. One therefore expects a further shift in SSL usage due to these developments, whereby HTTPS becomes the standard instead of HTTP, and EV certificates become the new standard for business websites.

More reliability with Extended Validation SSL

The website you are visiting now, for example, is provided with the most extensive SSL certificate, the Extended Validation (EV) certificate.

Although the cost price of an EV-SSL certificate is higher than that of a DV SSL certificate and the application for one is a bit more complicated, there are indeed a number of important advantages attached to the first option:

An Extended Validation SSL certificate ensures a higher level of customer confidence. A website shows visible identification with which a company gains credibility. Extra confidence and a secure online shopping environment will encourage potential customers to actually make a purchase. Ultimately, using an EV SSL certificate translates into more conversions and higher customer loyalty.
EV SSL certificate helps visitors to distinguish legitimate websites from phishing websites. By using an EV you can see that shared data is encrypted and that you have actually landed on the website of the organization who claims to own the website.
EV SSL certificate ensures compliance with many standards such as ISO and GDPR.

“We can generally deliver an EV-SSL certificate within 24 hours.”

Do you want a more reliable look of your website? Then order an SSL certificate, we will help you in providing advice and actually requesting and installing the certificate. Do you still have doubts about which certificate is best for your website or do you want more advice about SSL? Do not hesitate to contact us.