All online businesses rely on building a certain level of trust with their visitors in order for them to complete a transaction. With Google pushing for a 100% secure web, more and more people are becoming aware of HTTPS and are losing trust in sites that don’t use a SSL. If a visitor doesn’t feel like their information or browsing experience is safe, they might avoid purchasing or filling out a form altogether. According to a GlobalSign survey, 84% of shoppers abandon a purchase if data was sent over an unsecured connection. So encryption is no longer an option, it is a requirement. So take the time and establish SSL trust for your business!
Establishing SSL/TLS Trust
SSL, or secure sockets layer is the standard security technology for establishing an encrypted link between a web server and your browser. It encrypts data in the transmission and ensures that all information that is sent is secured (no data sent in plain text). SSL certificates are cryptographically signed by a Certificate Authority (CA), and each browser has a list of CAs it implicitly trusts. Any certificate signed by a CA in the trusted list is given a green padlock lock in the browser’s address bar, because it’s proven to be “trusted” and belongs to that domain.
28.9% look for the green address bar. – GlobalSign
According to a European survey from GlobalSign, 77% of websites visitors are concerned about their data being intercepted or misused online. So let’s say you have a great looking website, an informative about page, positive reviews, etc. If visitors like what you are selling this means they are probably on the edge of purchasing. But if they don’t feel secure you could suddenly break that trust and credibility that you had built with them. Below are some different ways you can establish SSL trust.
And don’t forget TLS (Transport Layer Security). SSL and TLS are often terms that are used interchangeably but SSL is generally known as the predecessor to TLS. TLS has more alert descriptions, it works not only with SHA and MD5 but a wider variety of hash functions, and the newest versions of TLS are generally more secure than SSL.
1. Install an SSL Cert
Basic domain validation SSL certificates are cheap (under $10), or even free now thanks to Let’s Encrypt. So there are no more excuses that it is expensive. Remember that you need to have an SSL certificate installed on both your origin server (web host) and your edge server (CDN). Here is a current list of web hosting providers that support Let’s Encrypt. If your web host doesn’t support Let’s Encrypt yet, we urge you to reach out to them and let them know that this is a feature you want. If you do need to purchase an SSL cert there are vendors we recommend such as gogetssl.com and ssls.com. We also have a tutorial on how to order a SSL certificate that should get you up and going in no time.
You can also obtain a Let’s Encrypt certificate for your webserver using Certbot. Certbot is an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your webserver. Certbot was developed by EFF and others as a client for Let’s Encrypt and was previously known as “the official Let’s Encrypt client.”
We here at KeyCDN believe that certs should be free and that’s why we have our own integration with Let’s Encrypt. So we’ve got you covered on the CDN side. You can enable SSL and Let’s Encrypt with a single click from the KeyCDN dashboard!
And don’t forget that KeyCDN is one of the first CDN providers to support HTTP/2. Stay ahead of your competition by taking advantage of this additional performance benefit.
2. Go Further with Extended Validation Certificates
There are different types of SSL certificates and extended SSL certs can definitely help boost your trust levels even higher! Extended Validation certs require a much more involved business verification process and are also more expensive. These types of certs show your company’s name in the address bar and are typically used by larger organizations that want a higher level of what we call “SSL Trust.”
35% look for the name of the company in the address bar. – GlobalSign
Also you can actually use domain validation assets within an extended validation website.
3. Double Check Your SSL/TLS Configuration
You can check the configuration and strength of your certificates by running them through a tool like Qualys SSL Labs. Keeping your certs up to date and in check can ensure you are protected from vulnerabilities in older versions of SSL/TLS.
The tool will scan for which protocols are running.
It will also return all the protocol details and see just how good you stack up against flaws in certain versions of SSL/TLS such as BEAST, POODLE, Hearbeat, and Heartbleed.
It is good practice to keep the configuration of your SSL/TLS on your web server up to date.
How We Protect Your Information: We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site. Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.
Simply put, enhancing your SSL trust means increased sales, conversions and a higher level of confidence from your visitors when compared to competitors without. And don’t forget there are many other benefits from SSL as well, such as HTTP/2, SEO ranking factor benefits, and more. When running a website you should be doing everything you can possibly do to reinforce your trustworthiness and show your visitors that you are care about their security and privacy.
- Complete Guide – How to Migrate from HTTP to HTTPS