Auto SSLs as part of our hosting

Firstly, what is an SSL?

SSL Certificates are an essential and powerful tool used to secure your website. They consist of small data files that contain information to authenticate the ownership of a website and digitally bind a cryptographic key to an organisation's details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser.

Most browsers and mobile devices will discourage and/or warn you of a website's security protocols in use, based on the SSL Certificate installed. Additionally, many search engines will consider higher rank results for sites that have implemented an SSL Certificate (and using the https:// protocol over the non-secure http:// protocol).

Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to.

ssl

Why are some SSL’s better than others?

Although the encryptions are similar, there are some minor differences that are important to consider when deciding whether a Free SSL or Dedicated SSL Certificate is best for you.

Our basic rule of thumb is unless you are asking for payment, or storing private personal information on your website an Auto SSL will be fine. Online stores or other sites containing sensitive information will need to consider purchasing a Dedicated SSL.

Auto SSL is a new feature built in to cPanel which accommodates recent changes on the internet which make it more important for all sites to have an SSL certificate to be serving content securely to visitors. They auto renew on a 90 day cycle and authenticates the domain's ownership only.

The most prominent difference in any Dedicated SSL Certificate versus an Auto SSL Certificate is the validity of the certificate. Dedicated SSL Certificates may include more in depth validation. For instance, an Extended Validation SSL Certificate would authenticate not only the owner of the domain but also the validity of the business that claims to be the owner of the website. Although the encryption works the same way, this added layer of validation can help your visitors trust your website and business as one entity. It's important to note that Dedicated SSL Certificates may include different features, that Free SSL or other kinds of Dedicated SSL Certificates do not. For example, some CAs include their own support and various tiers of insurance/warranties.

Utilising Extended Validation or Organization Validation can help to reduce the threat of phishing. These Dedicated SSL Certificates require that the CA authenticate the validity of the claim that a business or organization owns the secured website. If a phishing attempt is made, it can be easily identified by the omission of these details. Your visitors will not see the trusted Certificate if lead to a website that is not validated accordingly

WE will be forcing your sites to display with https:// only. If you only install the certificate, but you don't enforce SSL-access, your site will be available both with and without SSL: http://example.com and https://example.com. This creates duplicate content, as every URL is available in 2 versions and secondly, it does not enforce the secure access you want, everybody can simply choose which version to access in the browser.