Industry guru Dave Taylor offers free tech support on a wide variety of technical and business topics, including HTML, Apple iPhone, online advertising, Cascading Style Sheets, Web design, management, Unix, Linux, search engine optimization, online dating, Mac OS X, shell script programming and Microsoft Windows.

What is an Extended Validation EV SSL Certificate?

I'm building an online store with the help of a consultant and when we started talking about shopping cart backend systems, he told me that a standard SSL certificate was not sufficient for my needs and that I needed an "extended SSL certificate"? What is that, and is he right, or is it a hustle to get more $$ out of me?

Dave's Answer:

Hmmm... It's pretty clear that you don't entirely trust this consultant with which you're working. I'm wondering if they're the right company for you to be entrusting this project if you don't even trust their basic recommendations? Hate to put it that way, but you might want to spend a few minutes checking out references before you go further down the road with this person or company.

Let's talk about SSL certificates and extended validation certificates too, so you also have a sense of what he's talking about when he is trying to "sell you" on the more sophisticated type of secure socket layer (SSL) cert.

To start with, an SSL certificate has two primary functions: to authenticate the identity of your site to people visiting it and to allow the information sent between your server and the visitor's browser to be encrypted. This protects your customer's privacy, of course, encrypting credit card numbers, addresses, email, phone numbers, and so on.

Just about every decent ecommerce online store has an SSL certificate for at least the shopping cart system (it's not necessary that all your product pages also be encrypted). Most importantly, it shows your customer that you're serious about protecting their privacy and confidential personal information.

An extended validation certificate is a higher level of certification and is only available to the following business entities:

* Government entity
* Legal corporation
* General partnership
* Sole proprietorship
* Unincorporated association

In the latest versions of Internet Explorer and Firefox, the address bar actually turns green if you're on a site with an Extended Validation Certificate SSL: again, it's a visual mark that helps your potential customers know that you're serious about security.

That may sound like it's irrelevant, but talk with people that have stores, online and brick and mortar, and you'll find that letting customers know how you're addressing their concerns about security can be just as important - or more important - than how you actually address them.

It's also worth pointing out that while you can set up a server to have a secure connection (since it's just a communications protocol, after all) you can't get a seamless secure connection that doesn't trigger warnings in your customers browser without purchasing and installing an SSL certificate.

The question, then, is just how secure do you want your customers to perceive your online business? If you want to maximize that, it might well be worth the extra few hundred dollars to get an Extended Validation SSL Certificate.

And if you haven't settled on an SSL certificate vendor, you should know that there are a number of them out there, including one of my favorites, Register.com. In fact, if you use the following link you can actually save a pretty decent 25% off the cost of either a regular or EV SSL certificate: Get SSL Certificates for 25% off: use coupon code REGCOUSSL25

Hope that helps you get up and online with your store!

Note: the above is an affiliate link: by clicking on it and purchasing your SSL certificate from Register.com, I'll earn a few pennies and you'll do your bit to help keep the lights on in my office. Thanks!

Help others find this article at Del.icio.us, Digg, Netscape, Reddit, and Stumble Upon

Subscribe!

Never miss another useful Q&A article again! Subscribe to AskDaveTaylor with Google Reader.

Comments

This story kind of bothered me. I doubt the CONSULTANT was going to get any extra money out of recommending the EV certificate. Most likely the cert would have been purchased directly from the CA and the cost wouldn't (and shouldn't be) marked up. Sounds like he was just recommending the more secure option which is probably a good idea anyway. If I was the consultant, I wouldn't take this job. The person is starting off on the wrong foot (distrust) and down the road I can just see the nightmares coming a mile away.

Posted by: Luke at July 16, 2009 12:59 PM

Dave provides a complete and definitive explanation of Extended Validation SSL. I would just like to add my thoughts on today’s sales experience.

Online sales today are affected not only by economy but fear of ID theft, fraud, etc. all causing serious buyer anxiety. Handling these types of customer concern successfully can be achieved by presenting an online shopping experience that is positive, intuitive (easy to navigate), add a degree of entertainment/fun-factor, and encourages regular visits (remember their profiles).

Above all, it has to shout, “We value your trust in us!” that is why we implemented the highest level of security. As Dave mentions price should not be an issue for an EV SSL certificate when compared with the ROI advantages realized through repeat sales.

Posted by: DJ McHugh at July 16, 2009 4:07 PM

I have a lot to say, but ...

I have a lot to say, and questions of my own for that matter, but most of all I'd like to say thank you for all your efforts on this Web site by buying you a chai!

I do have a comment, now that you mention it!