Security is a necessity when you own an online business. Any time a customer enters any personal data, from login credentials and personal information to payment details, they rely on your platform to be secure and impenetrable. While e-commerce platforms like Magento or Shopware offer plenty of options to secure your platform, true security starts at the root with an SSL certificate.
What is SSL?
SSL stands for Secure Sockets Layer. It is a cryptographic internet protocol used to secure communications between computer systems in a network. In other words, it protects the data transferred from your browser to the server a website is hosted on. In your browser, the SSL protocol is recognisable through the ‘https://’ at the beginning of the URL. You can also find the certificate in your browser’s address bar by clicking on the lock symbol.
SSL works through a chain of trusted certificates, with your website’s SSL certificate at the bottom. Your certificate is issued by a Certificate Authority (or CA). They sign your certificate with a publicly known, trusted, root certificate that is included in your browser. If your customers visit your website, their browser can follow the certificate chain all the way back to the CA to confirm the validity of the certificate. It shows your users that the sensitive data they enter in your website cannot be intercepted by a third party and that your website can be trusted.
An SSL certificate is mandatory for European businesses that handle personal data as per the GDPR; however, from both a security and an SEO standpoint, SSL certificates are highly recommended for any website.
Unmanaged SSL: Let’s Encrypt
When you need an SSL certificate, you have two options: Either handle the entire process of ordering and managing a certificate yourself, or let another party handle it for you. Let’s Encrypt offers you that first option for free. The caveat: You are fully responsible for managing your SSL certificate, from installation to updates and maintaining validity. Let’s Encrypt is a Certificate Authority run by the Internet Security Research Group. They offer Domain Validated certificates through an automated process. This means that if you can prove ownership of a domain name, you can use Let’s Encrypt to secure it.
It’s not entirely as simple as that, though. If your website is hosted on a shared hosting platform, you are reliant on your hosting provider to offer support for Let’s Encrypt. If you have access to your own server however, for example when your website is running on a VPS, you can install software on your server that helps you create and install a certificate. It takes some technical knowledge to ensure that your certificate is created and installed correctly, but no worries: There are plenty of manuals available.
If you are not that technical, Let’s Encrypt certificates may seem a bit daunting and do come with a bit of risk. It is vital that you install and configure it correctly for your website to work properly. Almost every single browser, and certainly the most commonly used browsers on the market, will block access to a website without a valid SSL certificate and instead show an error. In other words, not having a valid SSL certificate will block your customers from reaching your website.
Hypernode offers SSL certificate services that manage the technical side for you. This goes beyond renewing your certificate when it’s due to run out: with a managed SSL certificate, the process of securing your website is completely handled for you. From the moment you request a certificate through your control panel, we handle everything from purchase to validation, to security updates and configuration of your certificate. If you change up your hosting plan, we ensure that everything keeps working without interruption.
Our SSL certificates, as opposed to the single Domain Validation type of certificate from Let’s Encrypt, come in three varieties: a single certificate, a wildcard certificate and an EV (or extended validation) certificate. The single certificate can only be installed on one domain or subdomain, for instance www.hypernode.com or example.hypernode.com. With a wildcard certificate, you can secure all subdomains of a single domain. The EV certificate is similar to the single domain in its application, but it is only issued after extensive verification of the requesting party’s identity.
Managed or unmanaged?
The answer to that question is of course fully up to you. While Managed SSL is a paid service and Let’s Encrypt is not, the cost of a paid certificate service is offset by the convenience of not having to worry about your certificate at all. Setting up Let’s Encrypt on your server, provided your hosting platform allows it, requires some manual labour as well as some technical knowledge. Installing it incorrectly could render your website unreachable for your customers. It is also important to remember that when you use Let’s Encrypt, your certificate is your responsibility: Hypernode has no access to your certificate and therefore cannot offer support should it end up broken or invalidated.
Are you interested in the Managed SSL service provided by Hypernode? It is available through your control panel! We would also love to tell you more about it. Get in touch with our experts for answers to all your questions about Managed SSL.