Kathleen Shrimpton Team : Web Production Tags : e-commerce Compliance


Kathleen Shrimpton Team : Web Production Tags : e-commerce Compliance

In late October the Internet Security Research Group (ISRG) announced that it has received cross-signatures from IdenTrust for its automated and open certificate authority. This means that SSL certificates that are issued by Let’s Encrypt will be trusted by all major browsers.

So what’s so great about that?

Let’s Encrypt offer their SSL certificates for free. Therefore from November onwards companies will be able to use Let’s Encrypt for their SSL without having to pay any money. Considering most certificates can cost hundreds of dollars a year this is a big difference.

The ISRG made this move as they saw the importance of providing more secure connections:

"Vital personal and business information is flowing over the Internet more frequently than ever, and it’s time to encrypt all of it.

"That’s why we created Let’s Encrypt, and we’re excited to be one big step closer to bringing secure connections to every corner of the Web."

Google also announced at the Google I/O conference that HTTPS has been added as a ranking signal and called for HTTPs everywhere.

Are free certificates the best for my site?

The free Let’s Encrypt certificate won’t be the best SSL option for every website. While they provide domain validation there is no verification of the organisation sitting behind the domain. More expensive SSL certificates use Extended Validation (EV) which does verify the organisation. You might of seen the name in the HTTPs section of the URL bar before like below:

If you’re a larger eCommerce site you may prefer to show this type of validation. However if you’re happy with just showing the HTTPs then the Let’s Encrypt certificate will work fine.

There is no excuse to not have an SSL on your site now.

It’s free.