At the end of September last year, we set a milestone in the quest for ensuring a secure internet with FreeSSL. To date, no other web hosting provider had offered its customers free encryption of data sent between the website and web browser with domain-validated, dedicated certificates. A few weeks later, another provider, Let’s Encrypt, was set up with the aim of making the internet a more secure place.
The encryption of all data traffic between the web server and visitors represents a major step towards more security on the internet. But there’s a catch: with simple, domain-validated certificates such as FreeSSL and Let’s Encrypt, it remains uncertain who users are actually entrusting their data to even though data traffic is encrypted. This is one of the reasons why we at Hostpoint continue to recommend that our business customers use organization-validated (OV) certificates or, even better, SSL certificates with extended validation (EV).
SSL encryption is all well and good…
In contrast to the simple, domain-validated certificates, OV and EV certificates are only issued after a precise check of the requesting party. People who order an OV or EV certificate must demonstrate in a multi-step verification process that they have control of the domain name, that the company in the Whois entry for the domain is actually entered in the commercial register, and that they are authorized to act on behalf of the company. The verification process for an EV SSL certificate is even more stringent. In our Support Center, we explain in detail how the verification process works when ordering such certificates.
Validated SSL certificates create trust
Companies that use SSL certificates requiring a check of the owner signal to their visitors that they have undergone a multi-step verification process and are trustworthy. With an EV certificate, the extended verification is also easily visible by means of the green background on the address bar.
For website visitors, this means that they can be certain that the owner of the site is indeed the person or entity that it claims to be. A click on the encryption icon displays details about the company behind the website. Visitors therefore know that the company behind the website to which they are submitting private information or credit card details is a credible company. The risk of falling victim to a fraudulent website is reduced to an absolute minimum.
SSL certificates: more than just encryption
An SSL certificate can do much more than just encrypt data traffic. Companies are well advised to use SSL certificates with organization validation or even extended validation.