SSL: now essential for every website and webshop

It's very important for a webshop or website to have a functional SSL certificate. An SSL certificate is a protocol for data encryption, which prevents cybercriminals getting hold of your customers' personal data, passwords, PINs, and bank and credit card details. Various types of SSL certificate are available. So how do they differ, and which is best for your site?

New legislation

If you run a webshop or website that handles personal data, you're required by law to secure the exchange of that data over the internet. In the Netherlands, failure to provide adequate security is a breach of the Data Protection Act. Nevertheless, many websites aren't protecting visitors against fraud and other abuses of their personal data. An SSL certificate guarantees visitors the privacy that the law demands. And the importance of ensuring privacy becomes even greater on 25 May, when the General Data Protection Regulation comes into force. Under the new rules, website proprietors can face heavy fines if their security isn't up to scratch.

Various types of SSL

There are three types of SSL certificate. They differ in terms of data verification, or the validation method used when the certificate is issued. The more thorough the issue validation method, the more information the SSL certificate contains.

  1. Domain validation

    A domain SSL certificate confirms only the identity of the domain's registrant. The registrant's details are checked against the Whois data recorded for the domain name. Because the identity of the associated company isn't verified, a domain SSL certificate is appropriate mainly where data needs to be sent securely, but the identity of the website is less important.

  2. Organisation validation

    An organisation SSL certificate confirms both the domain registrant's identity and the identity of the associated company, as verified with the Chamber of Commerce. The certificate enables website visitors to view the relevant details.

  3. Extended validation

    An extended validation certificate incorporates full details of the company, as verified by detailed cross-referencing with the Chamber of Commerce. It also confirms the webshop proprietor as the certificate applicant. It's only with an extended validation SSL certificate that both the company name and the green padlock icon appear in a browser's address bar. And it's that combination that inspires real consumer confidence.

                                                Domain validation Organisation validation Extended validation
   Http-slotje  Http-slotje  http-slotje-met-bedrijfsnaam
Green adress bar X X
Secure connection
Higher in Google
Registrant verification
Organisation details in certificate X
Organisation details validated with Chamber of Commerce X
Applicant verification X X
Extra security mobile support
Type website

Non-public websites (e.g. intranet sites)

public websites

Webshops, Banks, Commercial websites

Current situation 

In the Netherlands, there are about 3.6 million unique .nl websites. Of those, a little more than half a million (15.5 per cent) have SSL certificates. We did a survey to find out what percentage of business websites and webshops were using SSL certificates, and we got the following results.

                               Total  Number of SSL
Business websites  757,000 225.000 (approx 30%)
Webshops   80,000   47.000 (approx 59%)
Type-SSL-certificaat

In principle, all webshops and business websites should be using SSL. In other words, there is plenty of room for improvement. The majority of .nl websites that are using SSL have domain SSL certificates.

SEO ranking

For the last two years, a (valid) SSL certificate has boosted a site's ranking in Google's search results. Google doesn't take account of the type of SSL certificate. However, to get the ranking boost, SSL needs to be used for the whole website. It's not good enough to secure just your checkout page, for example. Being higher in Google's results will increase traffic to your website and therefore your potential income. Certification is therefore a win-win strategy. What's more, starting in July 2018, Google's Chrome browser will label websites without SSL certificates as 'insecure'. At the moment, Chrome puts an 'i' icon in the address bar when you visit a site without a certificate. From July 2018, that will probably be replaced by the red 'Insecure' warning triangle.

login-example

Current situation

From July 2018

melding-niet-veilig
melding-veilig

In other words, there's soon going to be even more reason to get an SSL certificate for your website or webshop.

Questions?

If you're one of the many people who find it all too technical, don't worry. Your web hosting firm or registrar will be happy to advise.

Comments

  • Friday 20 April 2018

    About SIDN

    A proactive and collaborative DDoS mitigation strategy for the Dutch critical infrastructure

    Thumb-DDoS

    Acting reactively and individually is insufficient

    Read more
  • Wednesday 17 January 2018

    About SIDN

    SIDN and Connectis: a year of investment

    Thumb-Connectis

    First fruits of the new strategy

    Read more
  • Wednesday 8 November 2017

    SIDN Labs

    Low-quality smart devices threaten the internet's reliability

    Thumb-IoT-cybercrime

    Open standards for a secure Internet of Things

    Read more

Sorry

Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.