Website Security Certificates
All websites that we host have a valid security (SSL or SSL/TLS) certificate. A website security certificate helps protect your website, your site visitors, our web server and our other clients' sites.
Each site's security certificate is installed and managed by us as web hosts.
What is a security certificate?+
A security (SSL/TLS ) certificate is software that gets installed on your website. It encrypts data on your website during transmission between the web server and site users' browsers.
There are 3 levels of certificate: Domain Validation (basic), Organisation Validation, Extended Validation (the top level). All encrypt webpages and other data securely. See Certificate Levels below.
What does a security certificate do for my website?+
- Encryption helps protect your site from hackers. It protects private data when customers buy ecommerce products, fill in & submit a website form or enter a password on your website. It encrypts your password when you use the Bizazz cms to update your webpages.
- Browsers mark your site as 'secure' with a padlock in its address bar, rather than 'not secure'.
- With a higher level (OV or EV) certificate, there are more reasons for online buyers to trust your website. Your business has been independently validated as a genuine entity, not fraudulent.
- Browsers block access to sites without a security certificate.
Why do the security certificates cost so much?+
The certificates that we sell don't cost much and the price even includes installation! Many site owners are used to Let's Encrypt which is free and is designed to auto-renew. It's big jump from $0 to annual fees.
Certificate prices can vary by 200% or more. Sometimes the price jumps are a mystery. Other times, they reflect real product variations:
- level of validation: DV, OV or EV;
- quality (is the certificate widely recognised by mobile platforms or older browsers? Some certificates have stronger encryption when used on newer platforms. Some are faster and perhaps more robust with a shorter 'chain' of intermediary steps);
- reputation (paying for a certificate with trust seal from a better known brand can satisfy your customers that online payment is really safe);
- extra features: added security software or a dynamic 'trust seal';
- how many domains & subdomains you can secure with the one certificate;
- customer support;
- whether installation on your website is included. This can be very tricky or quite easy, depending on the certificate and the host server. As a managed webhosting service, we install and re-install the TLS/SSL certificates for all our clients.
Is the extra cost worth it? That depends on your line of business, your website(s), your customers and your competitors. For our pricelist, we didn't include higher end certificates that are beyond the budget of many of our clients. But if you want to pay $2000 and more, please get in touch. We won't say no.
Does a security certificate mean the website is totally safe from hackers?+
No. A standard security certificate does NOT guarantee that a website is free from malware, viruses etc. It protects webpages and other data from being intercepted and read or altered, between web server and user. But there are other ways that hackers can get at a website.
Almost yes. Higher end certificates often add a daily malware scan and anti malware protection. It depends how good these products are.
What else can I do to keep my website safe?+
More expensive SSL/TLS certificates include daily malware and virus checks. That sounds good; but it can add a significant load to our server and slow websites down. Talk with us if you are interested in using these scans.
We believe these protections are key:
- secure website software
- secure webhosting
- IT security within your business, eg password management, access to PCs.
Which certificate is best for me?+
It depends on how many websites you have, whether you use ecommerce and other factors.
We don't tell you which certificate to buy. We do help you sort through the complexities. We've put many hours into researching and clarifying information. Like with any other purchase, you need to put in effort to make your own informed decision.
Certificate brands are sold and resold by Big Tech players; names that were trusted 5 years ago are now owned by their (once) less favoured competitors. It's very hard to compare products because of this.
On top of this, there's plenty of !!!!HYPE that means little. We suspect that some overseas sellers wouldn't satisfy Australian false & misleading advertising laws.
If it's any comfort, the risk is probably bigger for SuttonNet. Installing difficult certificates or cancelling a poor performing product and re-ordering chews up our time, not yours.
Our retail pricelist covers a selection of certificates that claim very high compatibility with the many platforms people use for the Internet. None claims 100% compatibility. There'll be someone out there with a Flintstones phone that doesn't recognise any SSL/TLS certificate. We test certificates after installation to verify their quality (pity we can't do that beforehand). Most certificates that we purchase come with a 30 day any-reason refund policy.
Read the information on this webpage, on the Pricelist page, on our main website and in emails and client newsletters. Ask if you don't understand. If we don't know the answer, we can ask our supplier's support crew.
What about a trust seal?+
A trust seal or site seal is an image inserted in your website. It shows that your site is encrypted, its security certificate brand and (for higher level certificates only) that the website owner has been verified as a legitimate business or organisation.
For ecommerce, we recommend a trust seal aka site seal. For other sites: it depends on your website and your target market.
Site seals aren't magic bullets. They vary with brand and with product. Some seals offer a great deal of information, if site visitors know how to read them. Others are just a static image with the name of the issuing Certificate Authority. Well known brands carry more weight, of course. If you buy a very cheap certificate, don't expect its site seal to be a gamechanger for your website.
If a trust seal is important for your business: buy the best certificate you can afford, one that includes validation of your business identity.
We charge a small fee to modify your Bizazz website template & add the trust seal and code required by the issuing Certificate Authority. The seal will then display on all pages. For our ecommerce websites: there's a fee to add the seal to your payment page. For sites built by other web developers: please talk to your developer.
There are 3 levels: Domain Validation, Organisation Validation, Extended Validation.
EV & OV certificates are the top rating certificates. They validate your business as well as encrypting your website data. EV is stronger verification than OV. EV & OV certificates assure site visitors that you are not a con artist, but a genuine business in a real location. You really will send the customer a set of top quality caterpillar pj's in exchange for $200 from their credit card (and they can find you if you take $2000).
OV or EV is an extra cost but the returns may be worthwhile. EV has long been acknowledged as the best option for ecommerce.
For small businesses without online sales, the usually cheaper DV can be a realistic choice. Sometimes wholesale discounts bring OV or EV prices down dramatically, so check the whole pricelist.
- We prefer ecommerce sites to use EV or OV certificates. It gives customers extra assurance for online payments.
- If you buy a high end certificate, put it to good use: make the most of its trust seal and its extra validation. Many site visitors don't understand EV or OV yet, but they will notice a trust seal in a prominent place on your website. This promotes you as a reliable online supplier.
- If you deliver online services that require transfer/storage of highly personal data, particularly of minors or vulnerable people: use an OV or EV certificate, with a site seal and some bright words about how your website's ownership has been independently verified by a trusted online security authority.
- Whether EV/OV is cost effective depends on what you sell, how much profit your website can generate, & how well your business is known or is warranted by other trusted sources.
Like many around the Internet world, we chose Let's Encrypt
(Domain Validation level) certificates at first for our clients'
websites. There's no purchase or renewal fee for a Let's Encrypt
certificate. Because the certificate auto renews, maintenance is much
lower than for commercial certificates. On the downside, there is no
trust seal option and only the base level (DV) certificates are issued by
Let's Encrypt. DV does not attest that the website's owner is a
We became uneasy about the Let's Encrypt option, not over its security but over the way certificate issuance is managed. You can read more on our main website.
LE-encrypted sites will be inaccessible for users on older platforms after September 2021. The affected platforms include Android 7.1.1 and earlier Android versions, unless their software has been updated.
Our response: SuttonNet is a 'high service level' web developer and hosting provider. We don't gear our services to minimal cost for minimal results. All websites (re)built by SuttonNet from 2021 use a commercial security certificate. Ecommerce sites that we (re)develop from July 2021 use an EV certificate with trust seal.
Go the extra mile
Visit our main website to learn more about website security certificates, trust seals and their importance.
Or stay on our client support site and brush up on online and general IT security for your business or NFP group.
Updated 15 September 2021