By Mike Belasco and Michael Kuehn
More and more websites are moving from unsecured sites to SSL. There are two primary reasons for this sudden increase in SSL sites. First, Google is strongly encouraging the web to become a more secure place and has incentivized website managers to move to SSL by offering a “rankings boost” for secure sites.
There are many studies out there regarding exactly how much of a boost a site might receive, as well as some of the drawbacks that could impact traffic and usability if the migration is not handled correctly. Second, Google also announced changes to Chrome, which will make users more aware of sites that are secure or not secure. (There is more on this below).
So you’re convinced moving to SSL is a good idea and investment. Your next step is to acquire an SSL certificate. A question we often get from clients who are moving to an SSL site is “which SSL certificate should I choose?” The options seem virtually endless and can be quite confusing.
As an eCommerce Marketing company, actually securing the site and database is a bit out of our wheelhouse, however, there are some “marketing” considerations that should be included in the selection process.
What Type of SSL Certificate do I Need?
- Domain Validation certificates (DV)
- Organization Validation certificates (OV)
- Extended Validation certificates (EV)
It is likely when you are shopping for an SSL certificate, you’ll see more than three options. Let’s take a look at Symantec’s offerings, as well as Comodo:
Comodo InstantSSL makes it a little more clear in their comparison table which type of validation is used for each product. Regardless, you’ll notice both Instant SSL and Wildcard SSL utilize Organization Validation. In this case the difference isn’t the validation type, but rather it is the ability to secure subdomains, as well as your main domain. A Multi-Domain certificate is also an option not shown in the table above.
EV certificates are not available as a “Wildcard” option. Symantec (top comparison table) does allow you to purchase an add-on Subject Alternative Name (SAN) to use your EV certificate on a subdomain or TLD. If you are an eCommerce site, you really need an EV certificate and the extra security it provides.
Here is a nice breakdown of each type of certificate from HostingAdvice.com:
Where to Get SSL Certificates?
SSL certificates are sold by Certificate Authorities (CAs). You can buy SSL certificates directly from the CA or sometimes more expediently and seamlessly through your hosting company. Here are the top Certificate Authorities, according to Wikipedia. As you can see above, the prices, products and options can really vary.
Which SSL Certificate Type is Best for SEO?
According to Google’s John Mueller, currently Google doesn’t care what type of SSL certificate you use (in order to get the rankings boost) because they are all treated the same. “It either works or it doesn’t work,” said Mueller. He subtly mentions after that, at some point Google might differentiate between the types of certificates. Depending on the cost of the certificate, from an SEO angle, it might make sense to upgrade to EV as extra insurance because you’ll be in a good spot if Google does decide to handle certificate types differently.
While it may seem clear that Mueller is saying it doesn’t matter which SSL certificate you choose so long as it is working, there is always a little more “around” the story to consider. For example, we know that Google is utilizing quality signals such as click-through rate from the SERPs or dwell time and bounce rate once a user has clicked a search result. It is possible that the type of certificate you choose and the accompanying trust seals many SSL solutions come with could affect these metrics positively or negatively. More on this below.
Which SSL Certificate Type is Best for Conversions?
More Trust = More Conversions
Trust is one of the biggest factors when users decide where to shop. Among other things, knowing a site is secure, especially when either personal or payment information is requested, makes a huge difference. If you can address this right up front by showing your site to be secure, you handle that objection before the user has a chance to even consider this factor. In this regard, the ability to show the little green lock through the entire session allows your user to breathe easy from the get go, and it will become even more important with the pending change to the Chrome browser.
Separately, we know that trust seals on your site help conversion. We have also seen throughout various tests that the familiarity a user has with your 3rd party trust seals can impact how much this helps – having an unrecognized logo sometimes actually hurts conversion. However, it’s important to note that the provider of your SSL certificate need not be the same provider as other trust elements or security services. For example, Google Trusted Store is a huge trust factor, as is a strong BBB rating – displaying these through the shopping process can have the same, if not a bigger, impact on user behavior than showing who is providing your SSL certificate, especially if that provider is not well recognized.
Also important to note – from a conversion perspective the level of your SSL certificate is likely to have minimal impact. To the average user, the display difference between the levels of verification is unnoticeable. Additionally, very few users actually click this area to see the details of the certificate. Unless your site requires the added security for some reason – dealing in highly sensitive information, working with security professionals, etc. – you can probably get by with the cheaper options. As always, it is recommended you test this for yourself if possible. Most SSL companies should facilitate this testing as it opens the potential for upselling your business to the new certificate.
It’s important to show badges to build trust, and equally important for trust to have a secure site, but your trust elements need not specifically refer to who provides your SSL certificate. Make sure when showing logos on your site that they are recognizable brands in order to get the biggest possible positive impact.
If you still need help picking an SSL certificate provider and a migration, give us call. We can help from consultations to full strategies.