Beginner's guide to understanding SSL certificates

Nick Pinson gives you an introduction to SSL certificates for designing ecommerce sites.

As online payments become more and more commonplace, it's never been more important to ensure your e-commerce site is as secure as it can be.

Also read: essential ecommerce upsells for web designers

The number of high profile hacking incidents and online security issues in the last 12 months should only serve to indicate how vital it is today to ensure your website has the best security needed, with the right SSL certificates.

What are SSL certificates?

An SSL certificate is effectively a digital public document, which verifies that the appropriate, legitimate company owns the website which is being accessed.

They ensure that visitors are accessing the correct site they want to visit by proving relevant ownership. As an e-commerce business, this helps prevent any attackers from impersonating your company and your website.

For customers, an SSL certificate establishes a secure connection between their web browser and your site server. This protects important information like passwords and credit card details by adding a layer of encryption when the data is sent.

Different types – basic and EV

When it comes to purchasing or upgrading your site security certificate, there are two broad types to consider; the basic types (which include domain validation and organisational validation) and the extended validation type.

All SSL certificates must be purchased from a Certificate Authority. Common CAs include Comodo, Symantec, GoDaddy and GlobalSign. These all use SHA-2 security protocols, which is extremely important as we'll explain later.


These certificates do what they say on the tin. They verify your website identity by ensuring that the registered owner has the right to manage that domain name. Once you've passed this procedure (often automatic), your site will display a secure padlock and the URL address will change to HTTPS.

Extended Validation

If you want more serious security checks, an EV certificate requires more rigorous vetting criteria to be passed, the majority of which is checked manually. This often means the provision of corporate documents and the receipt of phone calls to your listed business number.

In return, alongside the padlock and HTTPS benefits, you'll also be able to light the browser address bar green and display your company's legal name alongside the domain name, further increasing the legitimacy of your website.

Prices for SSL certificates vary depending on the level of support, number of sub domains and extra features you might want. A basic RapidSSL one can cost as little as $9 per year, whilst EV certificates from GlobalSign begin at $899.

Next page: the value of SSL, and new security updates