With Google Chrome browser now labeling all websites using HTTP encryption as “not secure”, installing SSL and implementing HTTPS on your website is no longer an option. Sites without SSL tend to be bumped down the search ranking ladders, so if you haven’t already – it’s way past time.
If you haven’t made the switch to HTTPS and would like to learn more, this article is for you.
It will also help first-time SSL users gain an overview with a comparison of popular Certificate Authorities.
| SSL Providers | Single Domain (DV) | Organization Validated (OV) | Wildcard SSL | Order Now |
|---|---|---|---|---|
| SSL.com | $36.75/year* | $48.40/year | $224.25/year | Click Here |
| Namecheap | $5.99/year | $52.88/year | $120.88/year | Click Here |
| TheSSLStore | $14.21/year | $30.40/year | $62.29/year | Click Here |
| GoDaddy | $63.99/year | $159.99/year | $295.99/year | Click Here |
| GlobalSign | $249.00/year | $349.00/year | $599.00/year | Click Here |
| DigiCert | $218.00/year | $399.00/year | $595.00/year | Click Here |
| Thawte | $149.00/year | $238.00/year | $344.00/year | Click Here |
| GeoTrust | $149.00/year | $238.00/year | $688.00/year | Click Here |
| Entrust | $199.00/year | $239.00/year | $699.00/year | Click Here |
| Network Solutions | $59.99/year | $199.50/year | $579.00/year | Click Here |
If you are new or starting a simple blog, a free Let's Encrypt or Auto SSL is sufficient. For easy setup, go with a hosting provider that support free SSL. For small businesses, SSL.com and NameCheap offers best value of money.
Table of Content
There are plenty of Certificate Authorities (CA) that you can go for securing an SSL certificate on your website. The 10 providers that we’ve listed below are the places that we recommend due to their business track record and pricing.
SSL.com is a top rated certificate authority (see BBB rating A+ here) that was founded back in 2002. They offer a wide range of digital certificates such as SSL/TLS server certificates, document signing code signing, and S/MIME email certificates.
Being a leading authority in the industry, SSL.com offers a number of features for its users, such as 256-bit SHA2 https AES encryption, free site seal, 24/7 support, and free unlimited certificate reissues during the lifetime of the certificate.
NameCheap offers the full gamut of SSL certificates so you’ll find something there no matter what your requirements or budget. Standard Domain Validation certificates (PositiveSSL) start from $5.99 per year, but there are also premium certificates that go for up to $120.88 per year.
The SSL Store was founded in 2009. The company partnered with some of the biggest Certification Authorities (CAs) and offer a wide range of website security solutions. CAs in The SSL Store's partners list include: Symantec, RapidSSL, Thawte, Sectigo (Comodo), as well as GeoTrust.
Standard Domain Validation certificates (Positive SSL) start from $14.95 per year (RapidSSL), but there are also Organization Validated and Extrended Validation certificates that go for up to $2,600 per year.
While GoDaddy is more known for being a domain registrar with aggressive discounts for its first-time customers, they also offer SSL certification services. Their SSL certificates are often issued online within minutes and come with a 256-bit encryption.
Founded in 1996 and based in Portsmouth, New Hampshire, USA, GlobalSign is one of the more popular SSL Certificate Authority in the market.
GlobalSign established themselves as a well-reputed identity service company by providing cloud-based PKI solutions to business who wants their website to have secure connections, conduct safe e-commerce transactions, and perfect content delivery to its users and customers.
The company motto for DigiCert is “Your success is built on trust”. This should give you a good idea of how seriously they take security. With a primary focus on SSL innovation, DigiCert aims to be the trusted security partner for all avenues of industry and commerce.
DigiCert was also the founding member of the CA/Browser Forum, and it's one of the few authorities involves in developing new SSL technology. The SSL certificates that they provide are OV Certificates, EV Certificates, and even DV Certificates for smaller businesses or websites.
Thawte has been known for providing affordable SSL certificates as well as 17 years of reliability. They offer a comprehensive list of SSL products which includes EV, OV, DV, SGC, Wildcard, and even SAN SSL certificates.
As a low-cost SSL certificate provider, Thawte SSL plans are priced reasonably with their cheapest price going for $149 per year which includes a number of features such as 256-bit encryption. There is an option available to add Wildcard to the plan with additional charges.
At GeoTrust, you can opt for a number of SSL certificates which include True BusinessID with EV, True BusinessID, True BusinessID Wildcard, and QuickSSL premium. Among them all, True BusinessID with EV is the recommended SSL certificate with the highest assurance and warranty at a competitive price.
Startups and small business would find GeoTrust pricings attractive, plus they offer a number of features such as 256-bit encryptions, extended validation, warranty ranging from $100,000 to $1.5 million, 99% browsers compatibility, and unlimited customer support.
Entrust considers themselves as a forward-thinking company that provides security in a wide breadth of diverse industries. They provide security solutions for those in need of transactional security, secure mobile authentication, and of course, SSL certificates.
Entrust offers EV and OV SSL certificates with prices starting at $199 per year.
Established in 1979 and headquartered in Herndon, Virginia, USA, Network Solutions have constantly evolved their SSL services throughout the years and continues to provide the lowest priced SSL certificates for users.
Especially when it comes to multi-year term SSL certificates, Network Solutions offers some of the more affordable pricing in the market. For example, their nsProtect Secure Express will only set you back $59.99 for a 2-year term. In comparison, GoDaddy offers similar services that cost $63.99 per year.
Secured Socket Layer (SSL) is the technology that makes sure data between two machines (in our case – a browser and a server) is transmitted securely in an encrypted connection (HTTPS).
An SSL Certificate is a digital certificate that confirms the identity of a website.
To implement SSL on your website, you will need to get an SSL Certificate from a SSL Certificate Provider, aka. Certification Authority.
The following diagram shows how data is transferred through an SSL connection.
The use of an SSL Certificate on a website is usually indicated by a padlock icon on web browsers and the website address will show HTTPS. In some cases, a green address bar is shown.
If a SSL certificate is not recognized by the browser (or it does not pass certain checks), the browser will display a warning to the visitor.
When you purchase an SSL/TLS certificate you’re making a decision on two primary questions:
When you can answer these questions, picking a certificate becomes a matter of brand and cost, you’ll already know the product type you need.
Now, before we go any further let’s establish one very important fact: regardless of how you answer those two questions, all SSL/TLS certificates offer the same encryption strength.
Encryption strength is determined by a combination of the cipher suites supported and the computing power of the client and server on either end of the connection. The most expensive SSL/TLS certificate on the market and a completely free one are going to facilitate the same level of industry-standard encryption.
What varies with certificates are the level of identity and their functionality.
Let’s start with what surfaces you need to cover.
Nowadays organizations have complicated web infrastructures, both internally and externally. We’re talking about multiple domains, sub-domains, mail servers, mobile applications, etc. Fortunately, SSL/TLS certificates have evolved alongside modern websites to help better secure them. There is a certificate type for every use case, but it’s incumbent upon you to know what your specific use case is going to be.
When you are purchasing an SSL certificate, you need to choose the number of domains you want to secure. There are three levels of certifications: Single, Wildcard, and Multi-Domain.
After you figure out what surfaces you need to cover, it’s time to determine how much identity you want to assert. There are three levels of validation, these refer to the amount of vetting the Certificate Authority that issues your SSL/TLS certificate will put you and your website through.
There are three types of SSL certificate – Domain Validated (DV), Organizational Validated (OV), and Extended Validated (EV).
The most basic level of validation is called Domain Validation. It takes just minutes to complete this validation and issue the certificate, but it provides the least identity information – authenticating just the server. DV SSL/TLS certificates are the most commonly used, but owing to their lack of identity, websites that use them receive neutral browser treatment.
Organization Validation provides more organizational information, which gives your site’s visitors a better idea as to who they are dealing with, provided they know where to look. OV SSL/TLS certificates require a moderate amount of vetting, however, they do not assert enough identity to avoid neutral browser treatment. OV SSL certificates can secure dedicated IP addresses, too. They are commonly used in Enterprise environments and on internal networks.
The most identity an SSL/TLS certificate can assert comes at the Extended Validation level. EV SSL/TLS certificates require in-depth vetting by the CA, but they assert enough identifying information that web browsers will give websites that deploy them unique treatment – displaying their verified Organizational name in the browser’s address bar.
Despite the types of validation, all the certificates are having the same levels of data encryption. The only difference is the assurance about the identity of the business behind the website. You can compare the costs and features of different types of SSL certificates at SSL.com.
Here are examples of different types of validation.
That depends on what you’re looking for.
For many simple websites that don’t need to assert much identity, a free DV SSL/TLS certificate from Let’s Encrypt is a good choice. It doesn’t cost anything and it’s sufficient for what you need.
Anything north of that, or if you’re not especially technically savvy, you should go with a commercial Certificate Authority like DigiCert, Sectigo, Entrust Datacard, etc.
But here’s the thing: You don’t get the best pricing buying direct from the CAs.
You get the best combination of pricing and selection by purchasing through an SSL Service offering SSL/TLS certificates from multiple CAs like SSL.com, NameCheap and The SSL Store mentioned above. The reason for this is simple, these SSL services purchase certificates from the CAs in bulk at much lower pricing than retail customers get. That lets them sell the certificates at deeply discounted rates, passing the savings to consumers.
In some cases, you can save as much as 85% off manufacturer's suggested retail price by going through an SSL service instead of buying direct.
Keep in mind, dedicated SSL services specialize in SSL/TLS, they’re going to offer better customer support, they can help you install it and they know how to optimize your implementations to provide your website the best possible security.
Contrast that with free CAs (and even some commercial ones) where you’ve got to work through a ticket system or sift through old forum posts for crowdsourced support and the value is clear. Granted, for some tech-savvy website owners, the support issue isn’t a problem. And there’s certainly nothing wrong with going the free route if you know how to support everything yourself.
But for other site owners, you’re paying less for the certificate itself and more for the support apparatus that’s been built around it. You also don’t have access to higher validation levels (OV/EV) or advanced functionality (Multi-Domain, Wildcards) with free SSL/TLS. You’ve got to get those from commercial CAs or SSL services.
A cheap SSL offers the same security as the expensive ones. So in most cases, there is no need to opt for a “branded” SSL certificate – which be expensive.
The only time that you should really consider purchasing an expensive SSL certificate is if you’re a big eCommerce company that’s looking to perform transactions on a device that uses its own proprietary software.
Larger businesses should also opt for a “branded” SSL certificate as part of your due diligence process. The reason for this is that the companies issuing these certificates often have reputable track records which might be necessary for selection justification.
To make sure that your SSL purchase process goes smoothly, we recommend that you get the following things ready.
* Note: If you are not using a dedicated IP address you will have to select one from the IP Address menu.
To validate if your installation was successful, you can use this free SSL validation tool.
If you check your website’s internal links you will notice that they are all using HTTP. Obviously these need to be updated to HTTPS links. Now in a few steps we’ll show you a way to do this globally using a redirection technique.
However, it is best practice to update your internal links from HTTP to HTTPS.
If you’ve got a small website with just a few pages that shouldn’t take too long. However if you have hundreds of pages it would take ages so you’d be better off using a tool to automate this to save time. If your site runs on database, perform database search and replace using this free script.
Once you switch to HTTPS if you have external websites linking to you they will be pointing to the HTTP version. We’ll be setting up a redirection in a few steps time, but if there are any external websites where you control your profile then you can update the URL to point to the HTTPS version.
Good examples of these would be your social media profiles and any directory listings where you have a profile page that’s under your control.
OK onto the techie bit and if you’re not confident with this type of thing then it’s definitely time to get some expert assistance. It’s pretty straightforward and doesn’t take much time at all in fact, but you just need to know what you’re doing.
With a 301 Redirect what you’re doing is telling Google that a particular page has been permanently moved to another address. In this case you’re going to tell Google that any HTTP pages on your site are now HTTPS so it redirects Google to the correct pages.
For most people who use Linux web hosting this will be done through the .htaccess file (see code below – as per Apache recommendation).
ServerName www.example.com Redirect "/" "https://www.example.com/"
Also read: The basics of .htaccess – Use cases and examples
This is actually an optional step because not everyone uses a CDN. CDN stands for Content Delivery Network and it’s a geographically distributed set of servers that store copies of your web files and they present them to your visitors from a geographically close server to improve the speed that it loads for them.
As well as performance improvements, a CDN can also offer better security because it’s servers can monitor and identify malicious traffic and stop it reaching your website.
An example of a popular CDN is Cloudflare.
Either way, just ask your hosting company if you are using a CDN. If you aren’t fine, just move on to the next step.
If you are then you need to contact the CDN and ask them for instructions to update your SSL so that their CDN system recognizes it.
SSL stands for Secure Sockets Layer, and it was the original version of the encryption protocol that we use to secure our connections to this day. We got all the way to SSL 3.0 before vulnerabilities forced the industry back to the drawing board, where Transport Layer Security (TLS) was designed to be SSL’s successor. Today we are on TLS 1.3, SSL 3.0 has been almost entirely deprecated and by 2020 TLS 1.0 and 1.1 will be deprecated, too. While today’s internet relies almost exclusively on the TLS protocol, it’s still colloquially known as SSL.
The primary reason for using an SSL certificate is to make sure the data sent across the Internet become encrypted. So, everyone else can't read the information except for the server you are sending the information to. This can prevent hackers and cyber-thieves from stealing your data. Also, having an SSL certificate can earn your visitors' trust because the visitors know their data is secure.
The SSL certificate prices vary depending on the type of certificate and the number of domains you want to protect. A dedicated SSL certificate for a single domain starts at $5.88 per year. A wildcard SSL certificate that protects unlimited sub-domains starts at $70.88 per year. You can compare the costs and features of different SSL certificates here.
It's recommended to install an SSL certificate for your online store even though it's not compulsory. SSL certificate encrypts customer data, sensitive information, payment details, etc and keeps it protected during transfer. Besides securing the website, by installing an SSL certificate, it helps to gain customers' trust and encourage them for safe and secure online shopping.
There's no difference in security between a free SSL certificate and a paid SSL certificate. The major differences between both are in terms of the type of certificate, level of validation, support and warranty. For instance, free SSL certificates only come with Domain Validation (DV) and no warranty. On the other hand, a paid SSL certificate covers everything you required.
This is where different pricing also comes into play with SSL certificates. Warranties on paid SSL certificates can differ vastly – from as low as a few thousand dollars up to two million dollars (As far as we know, only DigiCert goes this high).
If you are running a small website or a blog, a Domain Validation (DV) certificate is good enough. If your website conducts financial transactions, it's best to go for an Extended Validation (EV) certificate that turns the address bar to green.
Yes, there's no risk of using a free SSL certificate. However, a free SSL certificate does have some shortcomings such as limited period, only offers domain validated, no support from the company, and no warranty. If you are running an online store, a free SSL certificate might not be a suitable choice.
You can buy SSL certificates from a Certificate Authority (CA). These are companies that digitally sign your SSL certificate. Alternatively, many web hosting service providers also act as SSL resellers.
SSL certificates are available in various tiers, with the most basic starting at around $10 per year. The more advanced certs are upwards of $300 or more. Personal websites can use free Let’s Encrypt SSL certificates.
You can buy SSL from many places. The only important thing is that you buy it from a reputable company with a good reputation for providing quality products and services. Examples of reputable SSL companies include Comodo, DigiCert, and GeoTrust.
Google does not sell SSL certificates. However, some Google products include automatic issuance and installation of SSL certificates. For example, Google Sites, Google My Business, and Firebase.
You don’t always need to pay for an SSL certificate. A free SSL certificate from Let’s Encrypt is acceptable in some cases. However, websites that sell products or services online or store user data should get a commercial SSL certificate.
GoDaddy does not provide free SSL certificates except in a few cases. For example, you won’t get a free SSL with their basic web hosting plans. Those that include SSL certificates are generally their more expensive options.
For many websites, an EV SSL/TLS certificate is more of an investment than an expense. There is no other way to assert maximum identity and get your website preferential browser treatment. When visitors arrive at a website and see the organization’s name displayed in the address bar it has a profound psychological effect. While that effect is difficult to quantify on paper, surveys consistently find that people feel better about visiting sites with EV than visiting sites without it.
On the internet, every little bit counts, so if you’re an organization that wants to assert identity on the web, EV SSL/TLS certificates are the best available method to do so.
It’s nice to have a large warranty with any product, and the SSL/TLS industry provides some of the most generous warranties out there. They pay out in the event that the CA that issued your certificate ever encounters a problem that costs your organization money. Admittedly, this isn’t all that common, which is kind of an endorsement for SSL/TLS certificates in general, but also something we’d be remiss not to point out.
