Website Security Certificates

SuttonNet requires all websites that we host to maintain a valid security (SSL or SSL/TLS) certificate. Each site's security certificate is installed and managed by us as web hosts.

A website security certificate helps protect your website, your site visitors, our web server and our other clients' sites.

Our current pricelist is shown below.

Let's Encrypt

Like many around the Internet world, we chose Let's Encrypt (Domain Validation level) certificates at first for our clients' websites. There's no purchase or renewal fee for a Let's Encrypt certificate. The certificate auto renews, so maintenance is much lower than for commercial certificates.

We have become uneasy about the Let's Encrypt option, not over its security but over the way certificate issuance is managed. Our concern is about protection for Internet users from phishing sites. You can read more on our main website.

New webhosting clients from 2021 will need to purchase a commercial certificate. Current clients may need to buy a non LE certificate in 2021. Changes to LE threaten to render LE-encrypted sites inaccessible for users on older platforms after September 2021. The affected platforms include Android 7.1.1 and earlier Android versions.

FAQ's

• What is a security certificate?

  +

  A security (SSL/TLS ) certificate is software that gets installed on your website. It allows data on your website to be encrypted during transmission between the web server and site users' browsers.

  There are 3 levels of certificate: Domain Validation (basic), Organisation Validation, Extended Validation (the top level). All encrypt webpages and other data securely. See Certificate Levels below.

• What does a security certificate do for my website?

  +
  • Encryption helps protect your site from infiltration by hackers. It protects private data when customers buy ecommerce products, fill in & submit a website form or enter a password on your website. It encrypts your own password when you use the Bizazz cms to update your webpages.
    
  • Browsers can block access to sites without a security certificate.
  • Browsers mark your site as 'secure' with a padlock in its address bar, rather than 'not secure'.
  • Search engines rank your website a little higher than without a certificate.
    
  • With a higher level (OV or EV) certificate, there are more reasons for online buyers to trust your website. Your business has been independently validated as a genuine entity, not fraudulent.

• Why do the security certificates cost so much?

  +

  They don't, but you are used to paying $0.

  SuttonNet offers better value than most. We receive major wholesale discounts which we can pass on. We charge far less than many retail suppliers. Free installation is included for each website hosted on our server. Our supplier would charge c$50US for that!
  

  If you look online, you'll find that TLS/SSL certificate prices vary wildly. Sometimes the price jumps are a mystery. Other times, they reflect product variations:

  • in level of validation: DV, OV or EV;
  • in quality (Is the certificate widely recognised by mobile platforms or older browsers? Some certificates have stronger encryption available on newer platforms. Some are faster and perhaps more robust with a shorter 'chain' of intermediary steps);
  • in reputation (eg paying for a certificate with trust seal from a well known brand can help satisfy your customers that their online payment is safe);
  • in how many domains & subdomains you can secure with the one certificate;
  • in support. Certificate choice is not easy. (My take on it is that some sellers wouldn't pass Australian false & misleading advertising laws.) Neither is installation.

  Some certificates come bundled with extra features at higher cost: added security software or a dynamic 'trust seal'. Is the extra cost worth it? That depends on your line of business, your website(s), your customers and your competitors.

  For our pricelist, we avoided the lowest priced TLS/SSL certificates. They tend to perform less well on mobile phones and they tend to rely on a longer chain of 'intermediate' certificates - more to go wrong, visitors take a little longer to access your website. We also didn't include higher end certificates that are beyond the budget of many of our clients. But if you want to pay $2000 and more for the best, please get in touch. We won't say no!
  

• Does a security certificate mean the website is totally safe from hackers?

  +

  No. A security certificate does NOT guarantee that a website is free from malware, viruses etc.

  It protects webpages and other data from being intercepted and read or altered, between web server and user. But there are other ways that hackers can get at a website.

• What else can I do to keep my website safe?

  +

  More expensive SSL/TLS certificates include daily malware and virus checks. That sounds good; but it can add a significant load to our server and slow websites down. Talk with us if you are interested in using these scans.

  We believe these protections are key:

  1. secure website software
  2. secure webhosting
  3. IT security within your business, eg password management, access to PCs.

  SuttonNet provides the first two; (iii) is up to you. Contact us if you need advice or help.

• Which certificate is best for me?

  +

  It depends on how many websites you have, whether you use ecommerce and other factors.

  We are not going to tell you which certificate to buy. We will help you sort through the complexities. We've researched and clarified many points already to write this page.

  SSL/TLS certificates are a bit of a lottery; there's plenty of !!!! HYPE out there. It's hard for us to get reliable information. Certificate brands are sold and resold by Big Tech players; names that were trusted 5 years ago are now owned by their (once) less favoured competitors.

  If it's any comfort, the risk is bigger for SuttonNet. Some certificates will be harder to manage and that chews up our time, not yours.

  Our list covers a selection of midrange certificates that claim very high compatibility with the range of platforms people use for the Internet. None claims 100% compatibility. There'll be someone out there with a Flintstones version smartphone that doesn't recognise the best of SSL certificates.

  Read the information on this webpage, on our main website and in emails and client newsletters. Ask if you don't understand. If we know any reasons why some products are better than others, we will tell you.

  If you need to secure several websites: compare the Multi/Flex products with buying several Single certificates. Which certificate is best value for you depends on how many domains you need to secure. Remember that forwarding domains don't need a security certificate; only your website domain name(s).

  Worst case scenario: your certificate turns out to be less than desired, eg some key mobile phones or browsers won't accept it. Let us know asap. We have a 30 day money back guarantee from our supplier, so we can quickly swap it for another product. You will need to cover any additional costs.

Pricelist

About the pricelist

We've shown mid range certificates from well known brands. These all offer excellent browser & mobile compatibility. None claims 100% compatibility. They all use similar encryption technology. Some certificates are better regarded and perhaps more robust with a shorter chain of intermediary steps.

Read our notes to understand what's what. We have demystified certificates as best we can. The SSL Store have been very patient with our questions, and generous in placing a very small reseller in their top bracket. You benefit from big wholesale discounts.

All prices are ex GST and are subject to changes in our supplier's prices & special offers. Prices include free installation to websites on our server (and for multi year products, re-installing an up to date certificate each year).

Prices do NOT include us adding to your website:

• any associated trust seal (small additional fee applies); or
• any virus/malware scans and checks that may come free with your certificate. More on that below (Other Differences).

We have only shown 1 and 2 year subscription prices here because of the uncertain state of the world, including the Internet. We assume most clients would prefer a shorter term commitment. There are 3, 4, 5 and even 6 year subscription plans, with savings on per-year costs. Contact us if you are interested.

There is no need to secure both www.and non www. versions of your domains. Buy a certificate for the www. version only. Our hosting settings will automatically redirect yourdomain.com.au to www.yourdomain.com.au. This setup reduces costs for Multi or Flex products and it helps SEO.

Expand your vocab

Certificates are either:

1. Single = secures 1 domain or subdomain.
2. Flex = secures 1 domain or subdomain for the base price.
3. Multi domain = secures (usually) 3 domains or subdomains for the base price.

With Flex or Multi domain, you can add extra domains/subdomains (SANs) at time of purchase for the 'extra SAN' price shown here. You can also add 'extra SANs' later; we'll charge a re-installation fee on top of the 'extra SAN' price, because we'll have to re-install the certificate on all domains.

A SAN means something akin to 'a domain or subdomain'. These are all SANs:

A trust seal or site seal is a small image that can be placed on your website to remind site users that it's secured by your chosen brand of 'Certificate Authority'.

Dynamic site seals can be clicked on to display important security details; static seals are... static. They're called trust seals because they can increase visitor trust in your website. Eg a well placed dynamic site seal on your payment page can reduce the number of abandoned shopping carts.

TLS/SSL Certificate Pricelist

Product Name	Level	Type	Trust Seal	1 Year Price	2 Year Price	Comments
Sectigo SSL	DV	Single		$110	$205
Thawte SSL123	DV	Flex		$100 + $85 per extra SAN	$195 + $165 per extra
GeoTrust DV SSL	DV	Flex		$125 + $100 per extra SAN	$195 + $165 per extra
Comodo Elite SSL	OV	Single
Sectigo SSL	OV	Single	Dynamic	$180	$340
GeoTrust TrueBusiness ID	OV	Single	Dynamic	$190	$350
GeoTrust TrueBusiness ID	OV	Multi	Dynamic	$500 + $80 per extra SAN	$900 + $150 per extra SAN	Secures 5 SANs for base price
GeoTrust TrueBusiness ID	EV	Single	Dynamic	$340	$650
GeoTrust TrueBusiness ID	EV	Multi	Dynamic	$715 + $95 per extra SAN	$1300 + $180 per extra SAN	Secures 5 SANs for base price

Guidelines

If you have only one website, maybe with other domains that forward to it:

1. look at Single & Flex certificates;
2. decide if you want a static or dynamic "secure site seal" (or none) on your website;
3. decide if you want DV, OV or EV (see below);
4. select a certificate and contact us with your order.

If you have > 1 website:

1. look at Flex & Multi product options;
2. decide if you want a static or dynamic "secure site seal" (or none) on your website;
3. decide if you want DV, OV or EV (see below);
4. do some arithmetic, select a certificate and send us your order.

Complications?

If you have domains forwarding to your website: the forwarding domains do not need a certificate.

What if you make a mistake in your order? We know the domains and websites that every client has on our server. We'll notice if there is anything strange in your order, and we'll ensure the right domains are secured.

Do you need to cover more than one IP address (eg you have a website hosted with us and you want to secure your own mail server for mail.mydomain.com.au on another IP)? This can be done with a multi domain or flex certificate, but it is more secure to use a separate TLS/SSL certificate for each server.

If you can't see what you want: ask us. There are many more options.

Multi-domain/multi-subdomain & flex certificates

You can cover more than 1 website with a single TLS/SSL certificate. Read the pricelist carefully; one product is the cheapest for 2 websites, another is best option if you have 3 sites, or 5, or....

The main difference between flex & multi is:

• you can start out with just 1 or 2 domains on a flex certificate;
• but the multi products need more domains/subdomains to be specified at time of purchase, usually at least 3 or 5
• you include wildcard SANs on a flex certificate (at a higher cost), but we don't recommend this.
  

For clients with several subdomains (yourdomain.com.au, training.yourdomain.com.au...), there is an option called a wildcard (not shown here). We recommend that you don't buy a wildcard certificate because there is a security weakness. You could secure a phishing website unawares.

Certificate levels

There are 3 levels: DV, OV, EV.

EV & OV certificates are the top rating certificates. They validate your business as well as encrypting your website data. They assure site visitors that you are not a con artist, but a genuine business. You really will send top quality caterpillar pj's in exchange for $200 from your customer's credit card. EV is stronger verification than OV. Visit our main website to know more.

OV or EV is an extra cost but the returns may be worthwhile. EV has long been acknowledged as the best option for ecommerce. For small businesses without online sales, the (usually) cheaper DV is a realistic choice.

• Some OV certificates are heavily discounted at present.
  
• Ideally we'd like all the ecommerce sites that we host to use EV or OV certificates. It gives extra assurance for online payments. OV or EV assures buyers that you can be relied upon to deliver the goods.
  Sadly, many site visitors don't understand EV or OV. Add a trust seal to a prominent place on your website, briefly explain its significance to your site visitors and lift your website above the pack. Promote your site as a reliable online supplier. SuttonNet can help with some sample wording; watch this space.
• If you deliver online services that require transfer of highly personal data, particularly of minors or vulnerable people: it is wise for your website to show that its ownership is valid. We recommend OV or EV in this case, with a site seal and few bright words about how your organisation and domain name have been independently verified by a trusted online security authority.

We maintain an EV certificate on this website. (We've been slack about adding the trust seal; too busy working on your websites.)

Other differences?

• Some certificates are faster and more reliable, eg they work on more platforms than others. Hard data is hard to get. We have tested a few certificates on our own sites.
• A dynamic site seal has bigger impact than a static one. Read more on our main website.
• Some certificate products include extras that help with PCI or similar compliance.
• Some give the option of free daily malware/vulnerability scans of your website. Given the security on our server, these are of uncertain value. They can slow down your website and other websites on our server. They could also conflict with other software on your website, or duplicate anti malware products on our web server. They may only be available free for a limited time.
  If you are interested in this, talk with us before you select a certificate.
  We may charge a fee to install the programs and get them working on your website.
• Each 'multi year' certificate needs to be re-issued by the CA and re-installed by SuttonNet each year. This ensures the most up-to-date security. You'll get the same result by re-ordering a 1 year certificate after a year, although at a higher cost.
  

How to order

Email us with:

1. domain name(s) to be secured
2. product name
3. certificate level (DV, OV, EV)
   
4. no of years
5. whether you want us to install a site seal on your website (for SuttonNet-built sites only).
   

Allow some lead time when ordering certificates. We need to arrange currency transfer to US$, order through our supplier, guide you through OV/EV verification (if needed) and install the certificate keys on your website.

For an OV or EV certificate, it takes c 1- 5 days for the Certificate Authority (CA) to verify your business/organisation. You supply identifying data (eg physical street address, website with contact details, ABN, DUNS (Dun & Bradstreet) number). The CA checks multiple public records and phones you to help confirm that your application is genuine.

All your business/organisation's records must match perfectly, otherwise the OV/EV verification might fail or be delayed. Digicert offers fast tracked OV/EV verification in 24 hours; you need to have the right documentation ready.

Check it out

If you are comparing with other SSL/TLS certificate prices online, bear in mind:

• prices are usually in US$;
• cheapest certificates often have weaknesses, eg they are not recognised by all platforms & especially not on mobile phones (you could be worse off than with the free Let's Encrypt);
• it might not be clear from a certificate's name whether it is DV, OV or EV;
• navigating the OV/EV validation process may require support; and
• you'll need to pay us to install certificate bought from a third party supplier. "Multi year" certificates need to be re-installed each year.

Long term

Like a domain name, a commercial SSL certificate needs to be re-purchased when it is near its expiry date. You needn't to stay with the same brand, but for an OV/EV re-order this can speed up the verification process.

Our supplier offers big specials to its resellers. We don't guarantee that the same specials will be in force when you re-purchase your certificate in a year or more.

We would expect that LE will become accepted on more platforms over time. You could wait until your paid certificate expires and then revert to LE again, if that seems reliable. We would charge an LE certificate re-installation fee.

Due to the other (integrity related) problems with Let's Encrypt, we might decide not to use it at all on our server in future. This is not a decision we would make without advance notice to clients, or without further research. The alternatives might be as bad or worse!

Updated 20 January 2021