An SSL certificate encrypts information sent between a server and the users who connect to it. All websites that collect customer information are recommended to have an SSL certificate installed, and it is an absolute requirement for any site that takes credit card payments. Without an SSL it is possible for a third party to intercept and read your data (sometimes known as a man-in-the-middle attack) whereas an SSL certificate will make any interceptions unreadable.
There are many different trusted SSL providers (called Certificate Authorities) such as GeoTrust, Verisign and Thawte. There are also various types of SSL certificates, including standard, wildcard and Extended Validation (EV) certificates. These certificates will appear subtly different depending on the browser used, but will include some variation on a padlock symbol. Below is an example of a standard SSL certificate (well, it’s actually a wildcard but you can’t tell the difference):
An Extended Validation certificate means the website has undergone more rigorous testing (and paid a lot more) for their certificate, and allows more information to be included, such as a company name. The images below are from the same website, Paypal.com, displayed in different browsers.
The higher the validation (more identity checks) the more trusted the SSL certificate. A standard SSL certificate can be issued in a few hours whereas an EV SSL certificate may take days or weeks to pass all the authentication checks. Most websites don’t need anything more than a standard SSL certificate, well written and maintained code (important!) and a great website host (aww shucks, nice of you to say) to protect their customers from hackers and identity thieves.
HostAway can provide SSL certificates from multiple trusted vendors so if you have a preference please contact us and we can provide a quote.