Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: SSL with EV?

  1. #1

    Default SSL with EV?

    I'm curious. My website does not currently use EV. Are there any great benefits to using it vs regular SSL? On google chrome my site has a green secure padlock. I noticed on microsoft edge it just has a grey padlock which got me thinking about this. According to edge only sites with EV get the green padlock. Even Amazon only has a grey padlock.

  2. #2
    Post Impressionist
    Array
    vangogh's Avatar

    Join Date
    Aug 2008
    Location
    Boulder, Colorado
    Posts
    15,061
    Blog Entries
    1

    Default

    You actually don't need a certificate to encrypt data. You can self sign a certificate that offers the same encryption as any certificate you purchase. The idea behind the certificates is that a trusted company vouches for you. The more you pay for the certificate the more they should be validating that you are who you are so in theory the more you (or your site) can be trusted by visitors.

    Should you buy the more expensive EV certificate? It's up to you. The advantage is the green padlock. My hunch is that a lot fewer people really notice the padlocks at all, but for those who do and especially those who understand the differences in color, they're going to trust your site more if it shows the green padlock.

    What you could do is test. Try with the EV one year and try without another year and see if you get more sales when you have the EV certificate.
    l Join me as I share my creative process and journey as a writer | StevenBradley.me
    l Design, Development, Marketing, and SEO Tutorials | Steven Bradley's Notebook
    l Get my book about Design Fundamentals

  3. #3

    Default

    Keep in mind the EV Certificate sometimes takes a whole different range of questions and documentations needed by the issuer. You may have to do a whole lot more work to get your site up to speed.
    Go bank direct with your Merchant Account and save money on processing fees.

  4. #4
    Discount Prodigy
    Array
    Owen's Avatar

    Join Date
    Mar 2014
    Location
    Localhost
    Posts
    767

    Default

    Quote Originally Posted by vangogh View Post
    You actually don't need a certificate to encrypt data. You can self sign a certificate that offers the same encryption as any certificate you purchase. The idea behind the certificates is that a trusted company vouches for you. The more you pay for the certificate the more they should be validating that you are who you are so in theory the more you (or your site) can be trusted by visitors.

    Should you buy the more expensive EV certificate? It's up to you. The advantage is the green padlock. My hunch is that a lot fewer people really notice the padlocks at all, but for those who do and especially those who understand the differences in color, they're going to trust your site more if it shows the green padlock.

    What you could do is test. Try with the EV one year and try without another year and see if you get more sales when you have the EV certificate.
    SSL certificates are usually insured for hundreds of thousands, possibly millions of dollars if they come from a company like Comodo.
    MANAGED WORDPRESS HOSTING >> https://enact.co >> STARTING AT $29 A MONTH!

  5. #5

    Default

    Quote Originally Posted by Owen View Post
    SSL certificates are usually insured for hundreds of thousands, possibly millions of dollars if they come from a company like Comodo.
    The "insurance" is for end users affected by "faulty encryption". It doesn't apply if the CA gets compromised. It doesn't apply if the server gets compromised or is misconfigured. It doesn't apply if the certificate is MITM'd. It doesn't apply if the user's machine gets compromised. If you're shopping for SSL certificate insurance, what you're buying is insurance against something that would take 6 quadrillion years of compute time (based on current CPUs) to actually do, and even then it only applies if the end user makes a claim against the certificate issuer instead of you.
    || VMdoh - Drupal development, consulting, and support

  6. #6
    Web Consultant
    Array
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,852
    Blog Entries
    1

    Default

    Quote Originally Posted by brain357 View Post
    I'm curious. My website does not currently use EV. Are there any great benefits to using it vs regular SSL? On google chrome my site has a green secure padlock. I noticed on microsoft edge it just has a grey padlock which got me thinking about this. According to edge only sites with EV get the green padlock. Even Amazon only has a grey padlock.
    What kind of website do you have? What's your reason for having an SSL (or TLS) ? If it's just to satisfy Google, then you're set. If you're running an eCommerce site or a site that takes in any kind of personal info, you may want the EV.

    I've personally just done the basics, free TLS since my hosting company supports it, and since none of my sites are ecommerce or ask for personal info. Also 99.9% of my traffic is via Google. I tell my eCommerce clients to get more than the free TLS and most of them have shared hosting anyway and not all hosts support the free ones.

    It really comes down to your need. What level of security are you looking to provide for your users?

  7. #7

    Default

    Quote Originally Posted by Harold Mansfield View Post
    What kind of website do you have? What's your reason for having an SSL (or TLS) ? If it's just to satisfy Google, then you're set. If you're running an eCommerce site or a site that takes in any kind of personal info, you may want the EV.

    I've personally just done the basics, free TLS since my hosting company supports it, and since none of my sites are ecommerce or ask for personal info. Also 99.9% of my traffic is via Google. I tell my eCommerce clients to get more than the free TLS and most of them have shared hosting anyway and not all hosts support the free ones.

    It really comes down to your need. What level of security are you looking to provide for your users?
    It is for ecommerce. Does EV really make anything more secure?

  8. #8
    Web Consultant
    Array
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,852
    Blog Entries
    1

    Default

    Quote Originally Posted by brain357 View Post
    It is for ecommerce. Does EV really make anything more secure?
    It's the highest level of SSL ( or TLS). If you are processing payments on site then you should get the EV.
    If you're using something like Pay Pal, it actually processes through it's own secure page.

    Some payment processors like Authorize.net may require the higher level.
    More here:
    https://www.globalsign.com/en/ssl-in...n-certificate/

  9. #9

    Default

    Quote Originally Posted by Harold Mansfield View Post
    It's the highest level of SSL ( or TLS). If you are processing payments on site then you should get the EV.
    If you're using something like Pay Pal, it actually processes through it's own secure page.

    Some payment processors like Authorize.net may require the higher level.
    More here:
    https://www.globalsign.com/en/ssl-in...n-certificate/
    I do use paypal payments pro for all my transactions.

    I'm not sure the encryption is actually any different. My impression was it just does more to confirm the owner of the site, so gives visitors a little more piece of mind.
    https://www.instantssl.com/https-tutorials/ev-ssl.html

    I could be wrong though.

  10. #10
    Web Consultant
    Array
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,852
    Blog Entries
    1

    Default

    Pay Pal processes on their own secure page. The buyer literally pays on a Pay Pal page and then redirects back to your site ( if you have it set up that way).
    Technically you don't need an SSL to run Pay Pal, at least not yet. However, in this day and age I'd get one just to give your buyers more peace of mind. I wouldn't trust ordering from any site that couldn't at least do the basics.

    Any process involving people's information that you're doing ON SITE, meaning your website and servers are taking and processing the info..they do not go to a 3rd party page to complete the transaction...you should have the higher level SSL.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •