From Our Partners at Sectigo
If you own and operate a website in 2020, you need to make sure that your customers are safe with a robust approach to website security. Hackers and cybercriminals continue to lurk in all corners of the Internet, waiting for someone to slip up and let their guard down so they can attack and steal sensitive information.
Fortunately, you can hold off many hackers by installing an SSL certificate on your website. Once considered an “extra layer” of protection for a business, SSL certificates have now become a must-have option for anyone collecting information online. In fact, if you want to collect payment information to process purchases on your website, you won’t be able to go live with the payment system without an website security certificate in place. So, it’s important that you make it a priority.
TLS? SSL Certificates?
You’ve probably heard of ‘SSL’ and ‘certificates’ – but what are they?
SSL stands for Secure Socket Layers. It’s essentially a protocol for securing data as it travels the internet. SSL is actually the old name for the protocol – nowadays it’s called ‘TLS’ which stands for Transport Layer Security.
Certificates – still commonly called ‘SSL certificates’ are what make this security work. They contain an encryption key, as well as your domain name and often your business information too.
TLS and certificates combined provide two security features – they ensure that your web browser is sending your information securely so that no-one can intercept and read it, but also that when you think you’re sending information to ‘fakebusiness.com’ – it’s actually fakebusiness.com!
As you can imagine, this is exactly how the internet should work. Customers should be able to feel safe doing business with you, and you should be able to protect their information so that only you can access it.
SSL certificates make this possible. But when you start looking for SSL certificates, you could be overwhelmed pretty quickly. How do you know what pages are covered? If your URL is http://fakebusiness.com, will your other pages have SSL protection or just your homepage?
The answer depends on two factors: the URLs you wish to protect, and the SSL certificate itself.
Website Security for Subpages vs. Subdomains
Before you choose your SSL certificate, you need to understand how your website is set up. You can’t skip this step, or you run the risk of not having enough protection for your business and its customers.
Most websites have subpages. If you have a dedicated “About” page on your site, it might be http://fakebusiness.com/about-us. From a technical standpoint, the subpages are part of the homepage – which is the “parent” page. They all run under the same main directory.
Some, however, also have subdomains. This is important if you have a separate system you need to run. In the above example, let’s say you also operate a private email server for your employees. You might place that email server under http://email.fakebusiness.com. It’s still a part of your hosting account and the URL matches your homepage. But from a technical view, this is a separate website under its own directory. It would be considered a subdomain.
Which setup is protected by an SSL certificate?
Even if you don’t quite understand the technical details of subpages and subdomains, it’s pretty easy to determine whether or not your SSL certificate will protect them.
Pretty much any normal SSL certificate will provide website security for subpages. Any page that is a part of http://fakebusiness.com is going to offer the same protection for your customers as part of the package.
But if you have subdomains, you then have to pay attention to what kind of certificate you have. A normal certificate is “single domain,” which means it only covers one website.
If you have that email server on a subdomain, then you either need to purchase another SSL certificate for that subdomain, or better yet, purchase a wildcard certificate. A wildcard certificate allows you to protect any domains that match your URL.
Regardless of which way you have your website set up, getting the right SSL protection for the site is going to be crucial. That’s why Sectigo SSL is a good fit for you. Our team of skilled developers has created an SSL certificate that matches your needs and your budget.
Author: Nick France | CTO of SSL at Sectigo
As CTO of SSL, Nick France is responsible for the technology and practices necessary to operate Sectigo’s global Certificate Authority (CA) and related services. Nick previously served for more than 15 years as Sectigo’s Technical Security Officer. He is based in Sectigo’s UK office.
Products mentioned in this blog post include:
Images: Shutterstock