Private SSL Hosting
What is Private SSL Hosting?
Secure Sockets Layer (SSL) is a protocol designed to secure communication online. Shared SSL and Private SSL are used to encrypt data when it travels between an internet-connected device and a server. This allows users to protect confidential data like credit card credentials.
Difference Between Private SSL and Shared SSL
Knowing the differences between Shared and Private SSL is fairly important prior to commiting to a Private Certificate:
|One IP address across a handful of websites||One IP address per website|
|Encryption||Secure, although visitors can receive warnings due to IP indifference||Fully Secure|
|Trust||Site can be flagged for customers||Site will not be flagged, therefore ideal for e-stores|
|Cost||Often free and included in hosting plans||Significantly more expensive, although you get what you pay for|
Shared SSL uses the hosting company's SSL certificate to authenticate users and secure data. Private SSL requires the user to employ a dedicated IP address to run an SSL server.
Private SSL certificates are purchased individually and they are more costly than shared SSL certificates.
Private SSL Certificates and Your Business
One benefit of using a private SSL certificate is that it allows you to display your own domain name in the URL. Having your own domain name enhances the credibility of your website.
Having Your Own Domain Name
For example, the URL to your website with shared SSL would look like this - https://secure.hostingprovider.tld/~yourcompany. However, with private SSL you can end up with a much more attractive and professional looking URL, such as https://secure.yourcompany.com/.
This doesn't only build trust, but general credibility towards customers, clients, and visitors.
Shared and Root Certificates
GoDaddy offers a range of SSL options for both new and existing customers.
The certificates that website owners buy are signed by a third party. Some certificates for major providers are self-signed, such as for operating system vendors and major certificate authorities (CAs), are self-signed.
These are known as “root certificates”. This is because they are seen as the ultimate authority for all the other signed certificates in a tree-like fashion. It's a bit like notarizing a document in the real world.
Here's What Your Private SSL Hosting Needs To Offer
Lots of web hosts offer the option to purchase and use a private SSL certificate. In addition to the certificate, you’ll also need a dedicated IP address for your site in order to implement the certificate. While there are many potential providers of hosting that is compatible with private SSL certificates, we recommend you give SiteGround serious consideration.
Find The Best Private SSL Hosting For You
Securing Your Site with SSL
With a private or shared SSL key, your site can run in HTTPS mode instead of plain HTTP. With HTTPS, the site is encrypted between the user and the web server. This means that no one else can read what's being transmitted, including usernames, passwords, and credit card information.
Importance of HTTPS
In the past, HTTPS and SSL typically relegated to important parts of a site like payment information, because it was expensive and difficult to get a signed SSL certificate.
In recent years, more and more websites have gotten those little green padlocks in the URL bar. The reason is that it's become a lot easier and cheaper to obtain SSL keys.
How Do Key Pairs Work?
SSL Keys work on the principle of public-key cryptography, making use of key pairs. A key pair is issued consisting of a public key and a private key. The public key is shared with other people, namely your web users, while the private key is kept on your own server.
When the public key is matched to your private key, your site is encrypted. If something doesn't match, the browser will show an error on the user's machine that the site might be dangerous.
Why Would You Want a Private SSL Key?
In the first example, the website does not have SSL certification of any sort, as opposed the second example which has a private SSL certificate.
If you can obtain a shared SSL key from your hosting provider, why would you bother to get a private key? There are several reasons why:
- Credibility with Users
- Credit Card Payments
- Identity and Trust
- Search Engine Optimization
- The Green Padlock
Credibility with Users
Having a private key under the name of your organization will give you a lot more credibility with users.
Credit Card Payments
If you process credit card payments, you definitely want a private SSL Key. Any PCI-compliant site will have to encrypt the connection between the user and the server.
Identity and Trust
Private SSL keys affirm that you are who you say you are and aren't trying to deceive users into a man-in-the-middle attack.
Search Engine Optimization
All top results are SSL secured sites.
Search engines like Google have been giving more weight to HTTPS websites. If you're looking to boost the SEO of your site, you should seriously consider a private SSL key.
The Green Padlock
Humans are visual beings, seeing the green padlock next to your domain's URL will most certainly ignite an element of trust.
Judging from the above, trust is one of the key factors we are talking about here. Moreover, security shouldn't be undermined either.
How To Get a Private SSL Key in 6 Steps
So you have decided you want to take the leap but you're unsure how? Firstly, select an appropriate marketplace, we have few suggestions lower down this page in fact.
When you've made the decision to buy a key, there are several steps:
- WHOIS Record
- CSR Generation
- CSR Submission
- Check Validity
An example of checking the WHOIS data for a domain.
Be sure to update your WHOIS record. This information is essential since it's a partial way of showing ownership. You may or may not want this to be public.
Log into your server's terminal to generate a valid Certificate Signing Request. This must then be submitted to the correct authorities.
A message sent to the correct authorities to apply for a valid identity certificate. An important step in digitally proving your ownership of a site.
Following the submission of your CSR request, there is a simple step. Wait for it to be validated. This step is vital before continuing.
Once you have your Private SSL certificate, you can install it on your server. There is usually a user-friendly option within your control panel. It is often called 'Manage SSL Certificates', or something along those lines.
Now that your SSL certificate has been uploaded, it's time to check it. If it works, when users navigate to your site, they'll see the green padlock in their URL bar.
If you have subdomains, like store.example.com or docs.example.com, you'll want a wildcard SSL certificate so that you only need to buy one to cover all of your pages.
Private SSL is Not Just About Appearances
Your visitors can check your website's SSL validity - you can do this as a visitor too.
SSL uses double encryption to secure communications. The public key is available to everyone, but the private key is only made available to the recipient of the message, providing an additional layer of security.
Data and Website Access
Data transmitted between your browser and server is encrypted and includes information about the certificate holder.
A private SSL certificate is also helpful to users forced to rely on public or unsecured networks to access your website. In addition to adding credibility, private SSL can also help your website attain higher search rankings by offering superior security.
Higher Ranking Website
The site will rank higher because it is certified by a trusted authority and a private SSL certificate with a neat URL is good for marketing.
SSL certificates have evolved over the years. Two decades ago 40-bit keys were standard, but they eventually gave way to 128-bit keys. Today 1024-bit keys are the norm, although 2048-bit keys are starting to replace them. The longer the keys are, the more difficult they are for hackers to break.
Deploying SSL Certificates Securely
Regardless of the complexity of the crypto key, it is important to stress that proper deployment of private SSL is crucial to maintaining security. Outdated standards such as SSL v2 are practically useless today.
SSL v3 and TLS v1.0 can be vulnerable depending on how they are deployed, so they have to be configured carefully. TSL v1.1 and v1.2 are considered secure, but many platforms still lack support for these protocols.
Since SSL is used by countless financial institutions and online retailers, there is never a shortage of white hat and black hat developers trying to beat the standards, which is why they always need to evolve and address new exploits.
Hosts See SSL as a Competitive Edge
The rise in the volume of encrypted internet traffic has prompted many hosting providers to start marketing SSL services, which is a positive development - hosts can save you time and offer invaluable expertise.
Many hosts provide free shared SSL, which provides them with a couple of benefits.
How a Free SSL Works
Firstly, their domain name ends up in your URL, as we explained earlier. Since they secure their main domain and an unlimited number of sub-domains at a flat fee, it doesn't cost them much to offer the functionality, yet their name is displayed in thousands of URLs, like an ad.
The second angle involves marketing - deploying private SSL can be prohibitively expensive for a lot of small companies and most individuals. They are more likely to choose a host that offers free shared SSL, regardless of what it does to their URL.
The Cost of Private SSL
A great SSL Installation Guide by Sucuri.
Purchasing a private SSL certificate with a certificate authority (CA) can cost a few hundred dollars a year, without the added cost of deploying the certificate.
Buying Directly from Your Host
Private SSL certificates can also be purchased via hosts, who act as resellers. They usually offer discounts and other incentives, such as technical assistance or even free setup. Others charge you for the setup and you should always inquire about the combined cost of purchasing and deploying a private SSL certificate.
If you are already a hosting customer, buying a private SSL certificate from a CA probably doesn't make much financial sense. Your host should be able to provide significant discounts. Additionally, you could eventually end up paying just a fraction of the cost compared to a direct in-house deployment.
Free SSL Certificates
That situation might be beginning to change. The Internet Security Research Group (ISRG) has developed the Let's Encrypt initiative, which gives away private SSL keys for free. It's backed by major players like Cisco, Mozilla, Google, and Facebook. The goal is to spread the use of HTTPS as far and wide as possible.
Let's Encrypt is unique because it uses a client to ensure that a server controls a domain. That means that it's possible to get and renew a certificate without any human intervention, as long as the client is configured directly.
My Favourite Hosts with Private SSL
Getting a private SSL key used to be an expensive and daunting affair, but in recent years it's become a lot easier, even free. More hosting companies are throwing in SSL keys with their service and the Let's Encrypt initiative is spreading the use of SSL across the web.
More people are concerned about privacy and you're seeing the green padlock in more websites. In the future, private SSL certificates could be a standard feature and we won't need this page.
Siteground for Private SSL.
Siteground is one of the many major industry players that's backing the Let's Encrypt project. We like them for a lot of reasons, but one of the best reasons is that their shared hosting plans start at $3.95 per month.
InMotion Hosting for Private SSL.
InMotion has a shared business hosting plan starting at $2.95 a month. Other features that complement the free SSL certificates include free domain name transfers and no-downtime transfers.
A2 Hosting for Private SSL.
A2 Hosting plans start at $3.92 a month and offer unlimited bandwidth and storage space in addition to a free SSL certificate.
Things to Note about Private SSL Hosting
A private SSL key adds a lot of credibility to your site. Your key will belong to you and not just your hosting company. If you're planning on running an e-commerce store, it's all but mandatory if you want to comply with PCI standards for processing credit card payments.
Downsides to Private SSL
The downside to private SSL keys has been the expense and difficulty of obtaining them. Fortunately, that situation seems to be changing. Let's Encrypt has been promoting the wide use of HTTPS by giving out free, automated SSL keys to anyone who wants them.
The rapid growth of HTTPS over the last few years shows how well the industry is backing efforts like these. More hosting providers are offering SSL keys as part of their web hosting packages.
Private SSL Hosting Frequently Asked Questions
What is the primary difference between private and shared SSL certificates?
Both private and shared SSL certificates encrypt sensitive information exchanged between a website and its visitors. On one hand, a private SSL certificate uses a dedicated IP address to run an SSL server while a shared SSL certificate uses a hosting company's own certificate for authentication.
What is the advantage of using private SSL certificates?
Using a private SSL certificate can help bring credibility to your website because it will allow you to use your own domain name in the URL rather than the hosting company's. As a result, your website will look more professional and make your users more confident in making sensitive transactions on your website. Moreover, your website's rankings in major search engines such as Google can also increase.
When should I consider using SSL certificates?
Many website owners just post information about themselves, share a portfolio, or provide information on specialized topics. Sometimes, website owners may collect information such as name and email address to join a mailing list. In these cases, it probably does not make sense to deploy an SSL certificate.
However, if a website owner needs to collect payment information and wants to have a self-hosted payment gateway (versus a shared gateway like PayPal), then using an SSL certificate is required to ensure that customer data doesn't fall into the wrong hands.
What is the advantage of using a shared SSL certificate?
Though shared SSL certificates display the hosting company's URL, they have a number of advantages including a lower cost (in some cases included as part of the hosting package) and no need to deploy or maintain an SSL server. Deploying an SSL server can be quite complex and may involve a great deal of technical support as well as constant updates to ensure maximum security.
- What hosting companies provide private SSL certificates?
What type of pricing should I expect with private SSL certificates?
Using a private SSL certificate will definitely be more expensive than a shared one. The factors that add to the cost are the certificate itself along with the requirement to have a dedicated IP address.
In general, private SSL certificates can cost a few hundred dollars annually if purchased directly from a Certificate Authority (CA). Besides the basic costs, you should consider the cost of deployment in terms of time and level of technical support needed in case your hosting company does not include support for SSL server setup.
How can private SSL certificates be purchased?
Private SSL certificates can be purchased through an existing account with a hosting company or through a CA. Purchasing an SSL certificate through a hosting provider will make more sense if you have a hosting account since hosting providers can offer deeper discounts versus buying directly from a CA. In addition, purchasing through a hosting account may allow you to get the support you need to properly configure and maintain an SSL server.
How does SSL secure transactions I make online?
The SSL protocol uses multiple layers of encryption which involve a public and private key. The public key is available to anyone while the private key is only available to the device on the receiving end of the transaction. In addition, SSL uses varying key lengths to enhance security. For example, older SSL certificates used 40 bits while current implementations now use 1024 and 2048 bits. The longer the keys, the harder to break the encryption.
What factors should be considered when deploying private SSL certificates?
Improper deployment of private SSL certificates can create more security risks so it is important to consider factors such as SSL and TSL versions as well as server configuration.
For example, SSL v2 is considered outdated and insecure while SSL v3 and TSL v1.0 can be vulnerable depending on the server configuration. Before deciding on a configuration, check the latest documentation to see what versions are the most secure and compatible with the most platforms. This is especially important because many security specialists are constantly trying to break the current standards and find vulnerabilities.
What benefit does a hosting company have to provide a shared SSL certificate?
Since shared SSL certificates use the hosting company's own domain in each certificate, any certificate deployed on a hosting account's domain or subdomain will use the host's domain. This basically acts as a free advertisement for the hosting company which is one of the reasons why shared SSL certificates are offered at a discount. In addition, offering shared SSL as an option serves as a means for attracting new customers especially those who want to set up ecommerce stores.