An SSL certificate: why you need one

  • 3 March 2014
  • Reading time: 3 min
  • News

SSLAn SSL certificate is profitable to your visitors, but you too can benefit from it. Trust in your website or web shop indeed translates into an increasing number of visitors and/or a higher turnover. Here are a few reasons why you should request an SSL certificate and why it is very dangerous to let that certificate expire.

Febelfin, the Belgian Federation for the financial sector, makes huge efforts to inform users on safe e-banking. After shocking the viewers with a video clip that shows how much information you can find about someone on the Internet, a second clip shows what phishing and identity theft can lead to. Fortunately, users become increasingly aware of the dangers lurking on the Internet. They will click less often on links contained in e-mails that were allegedly sent by their bank and they also know that they can identify a secure website by the little key in the task bar or the address bar and the “https://” in the web address. In other words: users want security.

A sense of trust

The Secure Socket Layer or SSL connection provides that security. Here, data are encrypted when they are exchanged between the user’s computer and the website he visits. Before, an SSL connection was mostly used for web shops or sites on which financial transactions were processed. In light of the revelations about bugging by the American security services NSA, an increasing amount of websites today use SSL, even if they are not selling anything. Microsoft’s search engine Bing currently allows you to perform safe searches via the address Yahoo Mail has made the transition to a standard https address. Microblogging platform Tumblr offers its users the opportunity to have their blog visited through an https:// address. Deutsche Telekom will upgrade all its e-mail servers by the end of March so that they can use an SSL encryption. And those are just a few examples. According to a recent study conducted by Netcraft, SSL traffic on the million most visited websites in the world has increased by 48% between January 2013 and January 2014.

Which websites need an SSL certificate?

As explained in a previous article, you can only establish an SSL connection if the involved website has a certificate. Such a certificate, however, costs money. Many web shop and website owners therefore wonder if they actually need to spend all that money.

To put it briefly, such an SSL certificate is direly needed for every web shop, if said web shop wants to gain and maintain the user’s trust. Some web shops however seem to think that they should not be the ones to offer an SSL connection. They count on the security offered by the payment provider, Ogone for instance, during the payment procedure. And that’s a mistake, because this security only applies to the payment procedure itself, not to the rest of the website. It would be good to also have the shopping procedure with the shopping cart go through a secure connection.

More and more experts think that every website where personal data are sent by users to the server should be secured. The log-in procedure itself should also be processed by an https site. The login data may be sent to a secure https address, but they can be intercepted by a hacker in what is referred to as a man-in-the-middle attack. This video clip shows you how such an attack is performed.

If you own an SSL certificate that allows you to offer an https:// connection, then use it to its full potential. Do not use a pop-up window for the login process, because it will not show an address bar and does not mention the https:// address. This would leave your users in doubt.

The dangers of an expired certificate

A certificate confirms that the owner of your website is who he claims to be. One cannot stress enough that such a certificate must be renewed in time. When your website’s certificate is expired, the browser will notify users and ask them if they still wish to visit the site.

This will bother most users and compel them to forgo a visit to your site. This can have disastrous consequences for you. Not only are you at risk that the customer will visit a competing business, but your customer’s carefully established trust in your company would also be broken.

Some customers may even contact your customer service by phone to address this problem, which represents extra pressure on that service. And other customers will ignore the warning and visit your website anyway. And this is a bad thing for Internet security, because users adopt the idea that there is no danger in ignoring those warnings...

Not only can Combell assist you with requesting an SSL certificate, but they can also help you renew your certificate in time, so that you do not end up in such a terrible situation!