Recently, I received this question from a long-time Texas subscriber about getting a security certificate:
On July 1, Google will begin marking all sites that have not migrated to HTTPS as “not secure” in its Chrome browser. I want to move my website to HTTPS, but I’m not sure which of the three different SSL Certificates I should purchase: Domain Validation (DV) certificate, Organization Validation (OV) or Extended Validation (EV).
I’m sure that many agents are not even aware of this coming change and the potential negative effects it will have if they do not switch. I could certainly use some help in understanding the different types of certificates and what they do.
Thanks, Joe D.
I’ve written quite a bit over the last couple of years about why your agency website needs to be secured. Joe’s question again highlighted the importance of this issue because Google is taking a hard-line stance. You can find two previous articles here and here.
I decided to answer his questions about the best type of SSL security certificate here in case there were others who haven’t yet taken the step to add a security certificate to their website.
Website Security Certificate
After doing a little research, I would suggest adding an Organization-validated certificate at the very least.
The following are steps anyone can take to add an SSL security certificate to your website:
- Contact the host for your site: The actual software that runs your website is hosted on somebody’s computer somewhere. Examples include Amazon (Click here for the FAQ on Certificates), SiteGround (the host for my sites), 1&1, and BlueHost. Many companies will host your website.
- Contact your website developer: This is the group that creates the look and feel for your website. They may or may not host your site. However, they should be able to help you with the steps necessary to install a security certificate.
While you might be able to add one on your website yourself, it’s probably not worth your time and effort.
A Bit of Background
There are five different types of SSL certificates. The company that hosts your site should be able to help.
1. Standard Domain Validation SSL (DV)
This type of certificate may be an option for personal websites but not for a commercial site. Domain validation happens quickly because the only thing a Certificate Authority needs to confirm is that you own the domain name used for the website. All SSL certificates encrypt data flowing to and from your site.
2. Deluxe Organization Validation SSL (OV)
This certificate is appropriate for information-only websites that don’t sell things (e.g., education, non-profit websites, etc.). This type of certificate validates both your ownership of the domain name (website address or URL) as well as the existence of your organization. Data is encrypted flowing to and from your site and does show a padlock icon in their browser bar.
3. Premium Extended Validation SSL (EV)
The recommended certificate for financial websites (your agency,) and eCommerce sites that accept payments online, this certification validates your ownership of the domain name and the legitimacy of your business through a stringent process conducted by an actual human (a test that no hacker could hope to pass). In addition to the lock icon in the browser bar, it also turns the user’s browser bar green, a high-visibility security sign.
4. Multiple Domain SSL (SAN/UCC)
Designed for organizations that need to secure multiple domain names and websites. The information customers submit to any of these sites will be safe. These certificates are also sometimes called Unified Communication Certificate (UCC) SSL.
5. Wildcard SSL
This is best for websites with subdomains. One Wildcard SSL protects an unlimited number of servers and subdomains.
While this may be a bit more information than you wanted about security certificates, hopefully, understanding the options will allow you to make sure your website is secured with the right certificate so that you provide the protection your clients and prospects need.
In May, I wrote about how to test your website security. You may want to revisit that article and go through the test process.
What have you done to protect your agency website properly?