SSL: Free, Shared and Private – what’s best for you

Posted on Nov 30, 2017


For years, Google has been actively encouraging website owners to implement SSL certificates. Google has now kicked it up a notch by moving from a reward system to a punitive one. Previously, websites using SSL get an SEO boost, but now any HTTP websites with any kind of text input will be flagged with a “Not Secure” warning in the address bar, like this:

If your website is displaying the Info or Not Secure status, then you need to ask yourself a few questions:

  1. Does your website take any text input? This includes contact forms, search bars, login panels, etc.
  2. Are your using HTTP://?

If you answered “yes” to both of these questions, then the only way to resolve this is to install SSL on your website.

 

What is the difference between a Shared SSL and a private SSL Certificate?

 

There are two types of SSL you can get for your website: Shared SSL and private SSL certificate. Three, technically, but we will go over why you should stay away from free SSLs in a bit.

There is no difference between a Shared SSL and a private SSL certificate when it comes to the level of encryption. After all, having a shared certificate is better than having no certificate at all.

The difference between a shared and private SSL certificate lies mainly on the URL of the encrypted website and costs.

 

Shared SSL

 

Shared SSL means the SSL certificate is installed on the web server, and in a shared hosting environment, that means you are sharing the SSL with other hosting accounts on the web server. Instead of https://yourdomain.com, your URL will be https://youraccount.doteasyserver.com.

While a Shared SSL is an affordable site security solution, it comes with its own set of issues.

 

1. SSL not installed on your domain name

 

Because you use your web server’s shared SSL, the SSL is not linked specifically to your domain name, but rather to the shared server’s domain name. This may prompt the web browser to send an alert or certificate warning to your visitors when trying to accessing your website – the domain name they are visiting does not match the domain name listed on the SSL certificate.

Shared SSL is intended to be used in situations where you need a secure connection to the server that is not typically seen by the general public. For example, when logging into webmail or the admin area of your website.

 

2. Your business name is not on the certificate.

 

Another downside to shared SSL certificate is that your business name is not on the certificate.There is a lot of information in an SSL certificate, including:

  • Validity period
  • Issuing Certificate Authority (CA)
  • The domain it was issued to
  • The company operating the website

You can view SSL Certificate details on your web browser. For example, if you are using Google Chrome, you can get the scoop on a website’s SSL certificate by going to More tools > Developer tools > Security.

You can also view a SSL certificate’s details in Firefox, Safari and Internet Explorer.

Having this information available to your visitors will help them determine who they are doing business with and let them know your website is safe and not some bogus phishing website. However, because the shared SSL is issued to the shared web server, your business name will not be on it. While your website is protected by the SSL certificate, it lacks the added benefits of trust that a private SSL certificate provides.

 

3. Some shopping carts require you to use a private SSL.

 

PrestaShop is a very popular eCommerce platform, unfortunately, it is also known to have issues with shared SSL.

While there are many other eCommerce solutions out there that works fine with a shared SSL, shared SSL is not recommended for eCommerce websites. Several major banks will not issue internet merchant accounts to business utilizing a shared SSL certificate.

Furthermore, in order to accept credit card information on your website, you must pass certain audits and validations that show you are complying with the Payment Card Industry (PCI) standards, and one of the requirements is a properly installed SSL certificate.

 

4. Google gives more credit to private SSL certificates.

 

Whether or not using a shared SSL would affect your search engine ranking is yet to be expressly covered – we are unable to find much information on that on Google’s website. But we have all reasons to believe that Google favors websites that have their own SSL certificate.

 

What about free SSL certificates?

 

Yes, they do exist and a quick search on Google will find you a number of companies that offer free SSL certificates.

However, we strongly recommend staying away from free SSL certificates for many reasons.

 

1. They may not come from a globally trusted certificate authority.

 

Often, the certificate authority that issues a free SSL certificate might not be at all that trustworthy. Depending on the issuer of the certificate and the level of encryption, Google might not actually trust the certificate at all.

You may have heard of the company Symantec. They are one of the bigger players in the SSL and website security industry. However, did you know that millions of websites that use Symantec-issued SSL certificates could potentially be “untrusted” by Google?

While many of the Symantec SSL certificates involved were not of the free kind, but the moral behind this is, Google has the power to “untrust” any website, especially HTTPS websites that are using a questionable, misissued SSL certificate.

 

2. They might not be very well encrypted.

 

SSL comes in various strengths. Weaker encryption is generally cheaper and you can bet that any free SSL certificate is going to be of the weakest possible encryption.

 

Private SSL Certificate

 

There are simply too many risks associated with free and shared SSL certificates for anyone serious about their website and business to use one. Yet, it doesn’t mean you have to go out there and buy the $1000+ private SSL certificate. In fact, paying for such a high-cost certificate is overkill for all but the most sensitive government websites.

For the rest of us, there are two ways to getting a private SSL certificate.

 

1. Purchase an SSL certificate and install it onto your current hosting plan.

 

You can purchase an SSL certificate and a dedicated IP (which is required for the SSL installation) as an add-on to your current hosting plan. When you purchase both from Doteasy and we will take care of the installation for you. If you prefer to purchase the SSL certificate elsewhere, simply contact us for purchasing the dedicated IP and you can install the SSL certificate in your cPanel.

 

2. Automatic Installation with Doteasy Business Hosting Plans.

 

For a cost and time effective option, there’s the Doteasy Business Hosting plans. Included as part of the plan is a private SSL certificate (and the dedicated IP required for the installation). The private SSL certificate protects all domains you have on your hosting account, including subdomains and add-ons. So, if you manage multiple domains, you can consolidate all of your domains under one business hosting plan and be assured that they will all be protected by a private SSL certificate.

You can find more information about our business plans here.

To enhance the credibility of your web store and to avoid any type of browser warnings or run into any problems with Google, you may want to purchase a private SSL certificate. Let us know if you need help or if you have any questions – we are always here to help you find the right solution for your needs.

Comments

comments