How do you protect your users, prospects, and customers as they browse your website? And your company, along the way? The answer is a Secure Sockets Layer (SSL) certificate.
An SSL certificate keeps your customers’ sensitive information secure as they visit pages, read posts, submit interest forms, and purchase products. In this post, you’ll learn everything you need to know about SSL certificates and the best SSLs you can get for any budget.
What Is an SSL?
Secure Sockets Layer (SSL) is a security protocol that creates an encrypted link between a web server and a web browser. It ensures that all transferred data remains confidential. You may have noticed the lock icon next to the URL in your address bar. That means the site is protected by SSL.
Why get an SSL certificate?
Your website is more than just a digital billboard — it’s a data highway between your business and your visitors. Anytime a visitor accesses your website, data, like their IP address, gets transferred from one server to another before it reaches its destination. Your visitors expect your company to keep that data secure. Without a secure connection, the data they share with you is at risk of falling into the wrong hands — compromising their privacy — which could mean steep consequences for your business.
In short, your site should have SSL, especially if you process financial transactions. This added layer of security will protect you from data breaches, and it gives visitors a good reason to trust you with sensitive information. Not to mention, SSL improves your ranking in search results.
More of a visual learner? Check out this quick video on what SSL is and why you need it:
Ready to dive a little deeper? Let's do it.
How SSL Certificates Work
SSL certificates can be a bit complicated to understand with all the technical jargon and acronyms. To give you a simple but accurate overview of how SSL certificates work, let’s imagine our friend Michelle is visiting her favorite website, hubspot.com.
Initially, Michelle opens her laptop and types “hubspot.com” into her web browser, Google Chrome. While Google Chrome is loading the site, Michelle’s computer receives HubSpot’s SSL certificate through a public key and verifies it with the certificate authority.
Michelle’s computer and HubSpot’s server come to an agreement that everything looks legitimate, and the two computers form a connection which is called a handshake.
From here, Michelle’s computer and the hubspot.com server decide on the type of encryption they’ll use to securely transmit data back and forth. What makes this connection secure is the coding and decoding of information while it is in transit between the computer and the server. The timeframe where security attacks are prone to happen is when the data is moving from one place to the next, so scrambling the information in an encrypted language, or private key, keeps everything secure until it gets where it needs to be.
Once the data is decrypted by Michelle’s computer by the private key, a lock icon appears next to the website’s name in the browser’s search bar.
Michelle is free to browse hubspot.com knowing that any data she shares is safe and won’t be intercepted by malicious hackers.
How much is an SSL?
The cost of your SSL can range from free to hundreds of dollars, depending on the level of security you require. Here are the types of SSLs, ranging from least secure to most secure (and, generally, lowest to highest in price):
- Domain Validated (DV) Certificates: For sites, such as blogs or small business websites, that don't exchange any customer information.
- Organization Validated (OV) Certificates: For sites, such as business websites with forms and lead capture capabilities, that don't exchange sensitive customer information.
- Extended Validated (EV) Certificates: For the highest level of security, capable of handling sensitive information such as financial transactions.
The type of SSL you choose depends on what types of actions you expect users to take on your site. SSL certificates can be expensive if you don't know where to look or what you're buying.
Once you choose the type of certificate you require, you can then shop around for Certificate Authorities that offer SSLs at that level. After, you’ll install the certificate on your website.
Here’s how to get an SSL certificate from start to finish:
How to Get an SSL Certificate
- Verify your website’s information through ICANN Lookup.
- Generate the Certificate Signing Request (CSR).
- Submit your CSR to the Certificate authority to validate your domain.
- Install the certificate on your website.
1. Verify your website’s information through ICANN Lookup.
Before you apply for an SSL certificate, you must ensure your ICANN Lookup record is updated and matches what you're submitting to the Certificate Authority. Access the ICANN lookup tool and look at your name server, your registrar information, and your authoritative servers.
2. Generate the Certificate Signing Request (CSR).
Before you can find a certificate authority, you first have to generate a Certificate Signing Request (CSR). You can do so through your server, through your cPanel, or through an online CSR generator.
Option 1: Server
If you have access to your server, you can generate a CSR yourself. Find your server’s specific instructions here. This option is recommended for advanced users and web developers.
Option 2: cPanel
If you have access to your cPanel through your hosting provider, you can also generate a CSR using its tools. First, access your cPanel via your hosting provider. For Bluehost, your cPanel is located under “Advanced.”
Scroll down to a section titled “Security.” Click the “SSL/TSL” option.
From there, you should find an option to generate a CSR. In Bluehost, this option is located on the right-hand sidebar.
After you click it, you’ll be taken to a form that asks for your domain, city, state, country, and company.
Done! Your CSR has been generated.
Option 3: Online CSR Generator
Lastly, you can bypass any complicated steps and simply use an online CSR generator for free. Some of your options include:
- Namecheap's CSR Generator (Recommended for Advanced Users)
- Digicert’s CSR Wizard (Recommended for Beginners)
We recommend using this as a last resort because it’s not connected to your server, hosting service, or cPanel.
If you’re not sure how to move forward, you can reach out to your hosting company for support, and they’ll give you instructions specific to your website. They can advise you on the type of CSR certificate you should request.
3. Submit your CSR to the Certificate authority to validate your domain.
When you buy an SSL certificate from a certificate authority, you’ll be required to submit your CSR. Be sure to have it on hand when you’re completing the sign-up process for your SSL certificate.
4. Install the certificate on your website.
Lastly, install the certificate on your website. The best way to do so is through cPanel. Under “Security,” click “SSL/TLS.” Then click “Manage SSL sites.”
There, you’ll be able to upload a new certificate to your chosen domain.
If you purchased an SSL via your hosting provider, the certificate may already be automatically installed on your site, so you may not need to manually do it.
Ready to dive into the best services that you can use to get an SSL?
Best Free and Low-Cost SSL Certificate Authorities
- Let's Encrypt
- SSL For Free
- Instant SSL
- Basic SSL
If you require a lower level of encryption for a blog or business site that doesn’t transfer sensitive financial information, the following authority will get the job done:
If you have content hosted on HubSpot's CMS, you can secure your content and lead data with a free standard SSL. Because we know you’re busy, HubSpot takes care of renewal for you. Your SSL certificate will automatically renew 30 days before it expires.
Price: 14-day free trial, $270 - $900 per month
Let's Encrypt was created by the Linux Foundation, and the project was sponsored by Mozilla, Site Ground, Cisco, Facebook, Akamai, and other top tech companies. It offers DV SSL certificates (no OV or EV here) free of cost, but you should be aware that these certificates are only valid for three months at a time and should be renewed every sixty days at the earliest. Why? The company has a firm stance on automatic certificate renewals to achieve their long term goal of moving the web from HTTP to HTTPS.
Price: Always free for three months at a time. Then you must renew, for free, for another three months.
Comodo offers 90-day free trials for SSL certificates, and they're recognized by all major browsers. You can cover up to 100 domains with a single certificate.
It's specially designed for MS Exchange and Office servers. Comodo offers unlimited server licenses with priority phone support. And, most importantly, Comodo is certified as a Best Seller of SSL certificates.
Price: $125 - $845 per year when you purchase a 5-year subscription duration
Cloudflare is known for their products that make websites faster and more secure. It's a CDN and security company that's used by many popular sites, including Reddit, Mozilla, and Stack Overflow. Cloud Flare blocks millions of attacks every day and provides 24/7 support.
Price: $0 - $200 per month
5. SSL For Free
SSL For Free is a nonprofit certificate authority, and it works on all major browsers. Similar to Let’s Encrypt and other SSL certificate authorities, SSL For Free offers certificates that are valid for three months at a time.
Price: Always free for three months at a time. Then you must renew, for free, for another three months.
You've heard of GoDaddy — with over 60 million domains, it's the world’s #1 name registrar. If you have an open-source project, GoDaddy will provide you with a free SSL certificate that's valid for a year.
Price: $63.99 - $149.99 per year
GeoTrust offers a full range of DV, OV, and EV SSL certificates, and automated domain name validation is included with each one. They’re known for having easy installation and speedy issuance of certificates and being compatible with leading desktop and mobile browsers.
Price: Free for 30 days, then $149 - $745 per year
GoGetSSL is another public SSL certificate provider. It gives you a 90-day free trial for SSL certificates, and it only takes about five minutes to get your domain validated (no callback or face-to-face verification required). Their certificates are compatible with all major browsers, such as Chrome, Firefox, Opera, and Safari.
Price: $4.43 - $839.88 per year with multi-year subscription durations
9. Instant SSL
Instant SSL is another option that deserves your attention. Their free certificates are good for 90 days, and they work on all major browsers. Unlimited server licensing, 24/7 support, and unlimited re-issuance are among the features included in their SSL certificate options.
Price: $125 per year and up
10. Basic SSL
Basic SSL also offers a 90-day trial before you make a purchase. With a quick and simple validation process, you can focus on other aspects of your website while Basic SSL takes care of the certificate for you.
Price: Free for 90 days
Protect your customer’s experience on your website.
Browsing the web has its risks, but it doesn’t have to when users visit your site. With an SSL certificate from a reputable company, your website can safely and securely handle data transfers between your customers and your business. With a visible lock icon in the search bar, your site visitors know they can trust your business. In the end, this creates a better user experience, increases your website’s ranking in search results, and ultimately helps your business operate to industry security standards.
This blog post was originally published May 2020 and was updated for comprehensiveness.