Website Security Certificates

SuttonNet requires all websites that we host to maintain a valid security (SSL or SSL/TLS) certificate. Each site's security certificate is installed and managed by us as web hosts.

A website security certificate helps protect your website, your site visitors, our web server and our other clients' sites. Sooner or later, every website on the Net will have to have an SSL/TLS certificate.

Let's Encrypt

Like many around the Internet world, we chose Let's Encrypt (Domain Validation level) certificates for most of our clients' websites. There's no purchase or renewal fee for a Let's Encrypt certificate. The certificate auto renews, so maintenance is lower than for commercial certificates.

We have become uneasy about the Let's Encrypt option, not over its security but over the way certificate issuance is managed. Our concern is about protection for Internet users from phishing sites. You can read more on our main website.

New clients from 2021 will be expected to purchase a commercial certificate. Current clients may also need to buy a non LE certificate in 2021, because changes to LE will render LE-encrypted sites inaccessible on older platforms. These include Android 7.1.1 and earlier Android versions.

• What is a security certificate?

  +

  A security (SSL/TLS ) certificate is software that is installed on your website. It allows data on your website to be encrypted during transmission between the webserver and site users' browsers.

  There are 3 levels of certificate. All encrypt webpages and other data securely.

• What does a security certificate do for my website?

  +
  • Encryption helps protect your site from infiltration by hackers. It protects private data when customers buy ecommerce products, fill in a website form or enter a password on your website.
  • Browsers mark your site as 'secure' in the address bar, rather than as 'not secure' (and perhaps blocking access altogether).
  • Search engines rank your site a little higher.
  • If you buy a higher level (OV or EV) certificate, there are more reasons for online buyers to trust your website: your business is independently validated as a genuine entity, not a fake.

• How much does a security certificate cost through SuttonNet?

  +

  Our supplier charges in US$ and there are many brands, product lines and prices. So we can't give an exact costing here.

  • DV certificates: from around AU$100 per 2 years, installation included;
  • OV, expect from AU$250 up per 2 years, installation included; EV, from AU$500 up per 2 years;
  • All prices quoted are estimates of lower cost certificates ex GST, valid at 1 May 2020 and subject to changes in our supplier's prices and specials.

  Some certificates are bundled with extra features: multi-domain certificate, wildcard certificate (for multi subdomains), added security software or a 'trust seal'. Is the extra cost worth it? That depends on your line of business, your website(s), your customers and your competitors.

• Does it mean the website is completely safe from hackers?

  +

  No. A security certificate does NOT guarantee that a website is free from any malware, viruses etc.

  It protects webpages and other data from being intercepted and read or altered, between web server and user. But there are other ways hackers can get at a website.

• What else can I do to keep my website safe?

  +

  More expensive SSL/TLS certificates often include daily malware and virus checks. That sounds good, but it can add a significant load to our server and slow websites down. There's a need to balance the risks and likely benefits against the costs of protection.

  SuttonNet believes that key protections are:

  1. secure web software
  2. secure webhosting
  3. IT security within your business, eg password management, access to PCs.

  SuttonNet provides the first two; (iii) is up to you. Contact us if you need advice or help.

Updated 22 December 2020