Blog

Why Speak recommends a dedicated SSL certificate for every site

What is an SSL certificate?

SSL stands for Secure Socket Layer, which is web security technology that will allow an encrypted connection between a website and user. An SSL certificate signifies to the browser and to the web user that your site is secure and safe to enter login information and make payments on.

Web users will see the little green lock symbol in the browser, and if they click on it, it will reveal the valid site certificate that is required for all SSL certificates. The certificate is the proof that the website owner has taken several steps to prove that they are legitimate:

  • Provided a certificate signing request from the server where their website is hosted
  • Verified that they are the controlling domain owner
  • Agreed to the terms surrounding an SSL certificate

There can only be one SSL certificate per domain, and it can only belong to the site where the domain has been verified. In many documented cases, hackers and phishers set up similar copies of a site and trick users into entering their login information or their secure payment information.

The copied site might look very similar to the real site, but the main difference is that the hackers cannot replicate an SSL certificate, or that little green lock in the browser like you see below.

SSL Certificate - https - Sitewrench CMS Blog

When your site is secure, it is reachable at the https:// URL. For example, Speak’s site is available at http://madebyspeak.com, but it will automatically load at https://www.madebyspeak.com because it is secure. If a web user tries to navigate to a URL using https:// when no SSL certificate is applied to the site, it would look like this:

no https - Sitewrench Blog

I’m a SiteWrench client. I thought my site was automatically secure?

As a SiteWrench client, your site is secure. It is not required on our end for you to have a dedicated SSL, as your site will automatically use SiteWrench’s wildcard SSL certificate if a page needs to be secure for donations and payments.

A wildcard SSL certificate is a super SSL certificate that protects any subdomain. In this case, the wildcard SSL certificate is *.sitewrench.com, so anything that comes before .sitewrench.com is protected. All SiteWrench sites exist at the .sitewrench.com side of this domain and are therefore secured.

Here’s an example using a fake domain: if http://mydomain.com wanted to have their users donate using the SiteWrench page parts, SiteWrench would automatically take the user to the secure side of the site using our wildcard SSL certificate: https://mydomain.sitewrench.com/. It protects the web user and keeps the information encrypted.

There are a few key things to consider if you do not have your own SSL certificate

You lose key analytics data surrounding payments on your site

Our digital marketing team recommends that a site has their own dedicated SSL certificate (rather than use our wildcard SSL certificate), as it is becoming increasingly preferred by browsers and helps with your analytics.

When your site redirects to the SiteWrench wildcard SSL certificate(the .sitewrench.com side of your site), Google Analytics does not track that activity because it is technically considered a secondary site. So yes, your users are protected and you can safely take payments on your site, but you lose all of the data surrounding your user’s interaction with the site.

Search engines can rank you lower

According to our digital marketing experts, https:// is a ranking factor and is becoming more and more important in the search space. There’s enough data out there that proves this — if two sites with the exact amount of “optimization” were side by side and one was secured and one wasn’t, Google has stated that they’d choose the secure URL over the unsecure URL.

Browsers, especially Chrome, are favoring secure URLs that have those “comforting UI signals,” like the secure green lock in the browser.

This could affect your site seriously, as one of your key pages might be yourdomain.com/donate. However, as described above, if you rely on our wildcard SSL certificate, your donors will be taken to yourdomain.sitewrench.com/donate in order to be secure.

This page does not improve your search rankings for your pivotal donation page, because technically the yourdomain.sitewrench.com/donate version of your domain is considered a secondary site. 

Your donors may not want to supply personal info

From your client’s perspective, going to a site that is displaying as secure provides them with much less trepidation. They are much more willing to donate and provide you with their contact information if you prove that you are secure. Your site usage and interaction will go up as your clients feel more confident in trusting your site.

Browsers are starting to require HTTPS for certain functionalities

Browsers are building features that only work over HTTPS — so we are moving in a direction where it is better to have HTTPS or you will not be able to use those features.

One example is our Locator Map page part. Many websites use this to help their web users locate a particular store or business location. With this page part, you can decide to auto-populate a zip code based search using the browser’s geolocation. In Chrome, the geolocation API that this page part relies on requires HTTPS to function. Without HTTPS, you could not use this very important tool.

You run the risk of users navigating to https:// and hitting an error

If someone accidentally types in https:// or clicks on a link that is referencing https:// on your domain when it does not exist, your users will hit that error message displayed above. Web users are naturally concerned when they hit this error, as they should be. Browsers put this warning in place to protect against sites that are phishing for private information.

Setting up your Site with an SSL certificate

I’d like to have a new dedicated SSL certificate

We are happy to assist in this process. First we will need to determine if you would like a single certificate to protect one domain, a multi-certificate to protect up to 5 subdomains, or a wildcard certificate to protect all subdomains. The yearly cost changes significantly depending on the option.

  • $200 for a single certificate to protect your primary domain (in most cases, this is all that is needed)
  • $300 for a multi-certificate for up to 5 subdomains
  • $450 for a wildcard certificate to protect all subdomains

The cost includes the cost of the certificate as well as our time involved in implementing the certificate on our servers. Our team will:

  • Purchase the certificate
  • Provide the CSR (certificate signing request) from our servers
  • Apply your certificate to our servers
  • Run tests to ensure it is working properly
  • Configure your SiteWrench site to accept the certificate
  • Assist in changing your A record’s IP address to point to the new IP where your SSL certificate is pulling through

I’m a new Speak client, and my current non-SiteWrench site is protected

In this instance, it is imperative to prepare your new SiteWrench site for an SSL certificate prior to launch. If Google has cached your existing site as secure, launching your new site without an SSL certificate would risk your users hitting an error message. Our team will need to discuss steps with your team during the Launch Preparation process.

I have an existing SSL Certificate that I prefer to use

We will need to look into the kind of SSL certificate you have, who hosts it, and the expiration date of the certificate. There is a $150/hour charge for our team to apply your existing certificate to our servers and setting up the SSL certificate for your site.

If your current website company manages your SSL certificate and hosts it on your behalf, we highly suggest you let that certificate expire and move the management of your SSL certificate into our care. Otherwise, you are relying on your old providers to manage your site’s security when you are no longer their client, and every year you will have to ask them to update it.

If your IT department manages your SSL certificate and hosts it on your dedicated internal server, then they can provide our team with certificate and private key so we can get the certificate up on our servers where your new website is hosted.

If your IT department has purchased a certificate but needs to rekey it to work with our servers, we can supply a CSR (certificate signing request) and then have your team supply the certificate so that we can get the certificate up on our servers.

Note: If you control your security certificate and supplied it to our team, you are responsible for the yearly management and upkeep. You will need to renew your SSL certificate and supply our team with the required information so that we can update the certificate on our servers. Otherwise you risk your site losing its secure status.

Additional Resources about SSL recommended by our team

Posted by Nicole Davis at 8:04 AM