Website Security Certificates

SuttonNet requires all websites that we host to maintain a valid security (SSL or SSL/TLS) certificate. Each site's security certificate is installed and managed by us as web hosts.

A website security certificate helps protect your website, your site visitors, our web server and our other clients' sites.

View our current pricelist.

Let's Encrypt

Like many around the Internet world, we chose Let's Encrypt (Domain Validation level) certificates at first for our clients' websites. There's no purchase or renewal fee for a Let's Encrypt certificate. Because the certificate auto renews, maintenance is much lower than for commercial certificates.

We have become uneasy about the Let's Encrypt option, not over its security but over the way certificate issuance is managed. Our concern is about protection for Internet users from phishing sites. You can read more on our main website.

New webhosting clients from 2021 will need to purchase a commercial certificate.

Current clients may need to buy a non LE certificate in 2021. Changes to LE threaten to render LE-encrypted sites inaccessible for users on older platforms after September 2021. The affected platforms include Android 7.1.1 and earlier Android versions.

FAQ's

• What is a security certificate?

  +

  A security (SSL/TLS ) certificate is software that gets installed on your website. It allows data on your website to be encrypted during transmission between the web server and site users' browsers.

  There are 3 levels of certificate: Domain Validation (basic), Organisation Validation, Extended Validation (the top level). All encrypt webpages and other data securely. See Certificate Levels below.

• What does a security certificate do for my website?

  +
  • Encryption helps protect your site from infiltration by hackers. It protects private data when customers buy ecommerce products, fill in & submit a website form or enter a password on your website. It encrypts your own password when you use the Bizazz cms to update your webpages.
    
  • Browsers can block access to sites without a security certificate.
  • Browsers mark your site as 'secure' with a padlock in its address bar, rather than 'not secure'.
  • Search engines rank your website a little higher than without a certificate.
    
  • With a higher level (OV or EV) certificate, there are more reasons for online buyers to trust your website. Your business has been independently validated as a genuine entity, not fraudulent.

• Why do the security certificates cost so much?

  +

  The certificates that we sell don't cost much, but you are used to paying $0 for Let's Encrypt.
  

  SuttonNet receives major wholesale discounts which we can pass on. Free certificate installation is included for any website hosted on our server.
  

  Certificate choice is not easy. The jargon is obscure. Some product descriptions online are so general, they could apply to any certificate at all. That doesn't help distinguish why prices can vary by 200% or more!

  Sometimes the price jumps are a mystery. Other times, they reflect real product variations:

  • in level of validation: DV, OV or EV;
  • in quality (Is the certificate widely recognised by mobile platforms or older browsers? Some certificates have stronger encryption available on newer platforms. Some are faster and perhaps more robust with a shorter 'chain' of intermediary steps);
  • in reputation (eg paying for a certificate with trust seal from a well known brand can help satisfy your customers that their online payment is safe);
  • in how many domains & subdomains you can secure with the one certificate;
  • in customer support. It's very hard to compare products, so vendor assistance is important to clarify what's what. We suspect that some overseas sellers wouldn't meet Australian false & misleading advertising laws;
  • in whether installation on your website is included. This can be very tricky or quite easy, depending on the certificate and the host server. As a managed webhosting service, we install and re-install the TLS/SSL certificates for all our clients.
    

  Some certificates come bundled with extra features at higher cost: added security software or a dynamic 'trust seal'. Is the extra cost worth it? That depends on your line of business, your website(s), your customers and your competitors.

  For our pricelist, we avoided the lowest priced TLS/SSL certificates. They tend to perform less well on mobile phones and to rely on a longer chain of 'intermediate' certificates - more to go wrong, visitors take a little longer to access your website.

  We also didn't include higher end certificates that are beyond the budget of many of our clients. But if you want to pay $2000 and more for the best, please get in touch. We won't say no!

• Does a security certificate mean the website is totally safe from hackers?

  +

  No. A security certificate does NOT guarantee that a website is free from malware, viruses etc.

  It protects webpages and other data from being intercepted and read or altered, between web server and user. But there are other ways that hackers can get at a website.

• What else can I do to keep my website safe?

  +

  More expensive SSL/TLS certificates include daily malware and virus checks. That sounds good; but it can add a significant load to our server and slow websites down. Talk with us if you are interested in using these scans.

  We believe these protections are key:

  1. secure website software
  2. secure webhosting
  3. IT security within your business, eg password management, access to PCs.

  SuttonNet provides the first two; (iii) is up to you. Read our security page. Contact us if you need advice or help.

• Which certificate is best for me?

  +

  It depends on how many websites you have, whether you use ecommerce and other factors.

  We don't tell you which certificate to buy. We do help you sort through the complexities. We've put many hours into researching and clarifying information. Like with any other purchase, you need to put in some effort to make your own, informed decision.
  

  SSL/TLS certificates are a bit of a lottery; there's plenty of !!!! HYPE out there. Certificate brands are sold and resold by Big Tech players; names that were trusted 5 years ago are now owned by their (once) less favoured competitors. If we discover that some products within our clients' price range are better than others, we will tell you.

  If it's any comfort, the risk is bigger for SuttonNet. Some certificates may be harder to manage and that chews up our time, not yours.

  Our retail pricelist covers a selection of midrange certificates that claim very high compatibility with the many platforms people use for the Internet. None claims 100% compatibility, say with older platforms. (There'll be someone out there with a Flintstones phone that doesn't recognise any certificate.)

  Read the information on this webpage, on the Pricelist page, on our main website and in emails and client newsletters. Ask if you don't understand.

  Certificate levels

  There are 3 levels: Domain Validation, Organisation Validation, Extended Validation.

  EV & OV certificates are the top rating certificates. They validate your business as well as encrypting your website data. EV is stronger verification than OV.

  EV & OV certificates assure site visitors that you are not a con artist, but a genuine business. You really will send top quality caterpillar pj's in exchange for $200 from your customer's credit card.

  OV or EV is an extra cost but the returns may be worthwhile. EV has long been acknowledged as the best option for ecommerce. For small businesses without online sales, the usually cheaper DV can be a realistic choice. Sometimes wholesale discounts bring OV or EV prices down dramatically though.

  • Ideally, we'd like all the ecommerce sites that we host to use EV or OV certificates. It gives extra assurance for online payments. OV or EV assures buyers that you can be relied upon to deliver the goods.
    Sadly, many site visitors don't understand EV or OV. You can add a trust seal to a prominent place on your website, briefly explain its significance to your site visitors. This lifts your website above the pack and promotes you as a reliable online supplier.
    SuttonNet can help with sample wording; watch this space.
  • If you deliver online services that require transfer of highly personal data, particularly of minors or vulnerable people: it is wise for your website to show that its ownership is valid. We recommend OV or EV, with a site seal and few bright words about how your organisation & website have been independently verified by a trusted online security authority.

  SuttonNet maintains an EV certificate on this website. (We've been slack about adding the trust seal; too busy working on your websites.)
  

Updated 20 January 2021