Utilizing Web Security Certificates

Overview

A security certificate is a vital component of any website. We recommend that all websites, whether they are facilitating ecommerce transactions, utilize a security certificate to secure all web pages of their website. 

The certificate allows for secure transmission of data between a client, or web browser, and a web server. The term SSL certificate is often used to describe a web security certificate. The SSL (Secure Sockets Layer) technology is no longer considered secure and the term SSL certificate is still used even though it is outdated and inaccurately reflects the technology used for most current security certificates, which is TLS (Transport Layer Security).

Prior to 2018, security certificates were primarily necessary for websites transmitting credit card data. In 2018, Google Chrome started reporting to users that a website is insecure if it does not have a security certificate installed on every page. This change by Google makes the need to have a security certificate much more of a necessity, even if a website does not have any data that needs to be secured. 

Your Options

With HEROweb, you have several security certificate options to secure all pages of your website.

  1. Use the low-cost "Let's Encrypt" security certificate that we can install and maintain for your domain.
    Cost: $75 per domain, one-time setup fee and $5/mo.
  2. Purchase a security certificate through HEROweb and have HEROweb install it.
    Cost - Basic Validation: $275 for one year per domain; $400 for two years.
    Cost - Extended Validation: $450 for one year per domain; $650 for two years.
  3. Purchase your own security certificate through a third-party vendor and have HEROweb install it.
    Cost: $150 for one year per domain; $175 for two years. (You will additionally need to purchase the certificate somewhere else.)

If your knowledge of security is minimal and you are primarily wanting all your pages to have the secure lock in the web browser, we recommend getting the low-cost option.

There are many vendors who provide security certificates, and quite a few levels of "strength" and protection that are offered with each type of certificate. Because there is so much terminology associated with security certificates and so many marketing approaches taken by vendors, it is sometimes difficult to determine the best and most cost-effective option.

Before Purchasing

Before you purchase a security certificate from a third-party vendor, please review and follow these steps:

  1. Your website already has a certificate available for your use, so it is possible that you don't need your own security certificate. A key difference is that the share security certificate utilizes the domain "https://mimosa.secure-datahost.com/" at the start of each secure page address. When you have your own certificate, it will use "https://" followed by your domain name.
  2. Review the security certificate costs from HEROweb, associate with having a custom security certificate.
  3. If you are going to purchase a certificate from a third party, you want to make sure you select a certificate that is compatible with the Apache web server running on the Red Hat Linux operating system.
  4. The creation of a security certificate always requires the generation of a special file called a Certificate Signing Request (CSR). 

In order for HEROweb to generate a CSR for your website, please contact webhelp and provide the following information.

Hostname to use for the certificate. (Typically, this is the domain with which you want to associate the certificate. We recommend including the www.):  
Email:
Street Address:
Country (2 letter abbrev):
State (no abbrev):
City:
Postal Code:
Company (the name under which your business is legally registered):

Take Your Website From Zero to Hero!
Let Us Know
How We Can Help!
MightyMerchant