by | 24 Dec 2015

Free HTTPS for eCommerce sites, is that true?

The use of SSL/TLS certificates is especially relevant when you have to secure an eCommerce website. However, it made little financial sense for small websites with low readership to buy a certificate. Some companies such as StartCom are offering free certificates, but they are difficult to implement and can not be used for a commercial purpose. Here come Let’s Encrypt, aiming to change the rules for eCommerce owners wanting to secure their sites easily at no cost. Is that really effective and easy to use? Is it enough to protect your online shop?

The HTTPS paradigm for eCommerce sites

You know how when you visit a secure site when you have the little green lock icon in your browser’s toolbar:


The HTTPS locks is your assurance that traffic between your browser and the site that you are visiting is encrypted and not hackable. It is not just limited to keeping your credit card details safe, all of your web traffic can be encrypted.

Adopting HTTPS also comes with other benefits, like higher rankings in Google’s search results and adhering to Apple’s guidelines for delivering Web content to mobile devices.

As a website owner, if you want to turn that icon on and enable encryption, you will need obtain a secure certificate from a trusted party that has been authorized to issue them. Like a lot of things on the Internet designed to make your life better, you will need to pay a recurring fee for it. Certificates can be purchased from a few different places online.

Pricing for secure certificates varies and can be very expensive for small eCommerce site. Whitout forgetting that SSL certificates are all the same.

Let’s Encrypt to protect your eCommerce site

Last year, the Electronic Frontier Foundation along with Mozilla and Cisco launched an initiative called “Let’s Encrypt” that promised to hand out free certificates anyone can use. Today, the team has released its first one and everyone can see it in action on the group’s website. The project aims to make HTTPS implementation easier for website and online shop owners, in order to ensure the safety of customers’ data.

Certificates created by Let’s Encrypt are functionally identical to any certificate you would spend money for elsewhere. They are recognized as secure across all major web browsers with no additional work or configuration required by users.

HTTPS is not enough to protect your business

Migrate your website to HTTPS is an important step to protect your connection betwen the server and the browser. However, the FREAK, Poodle, ShellShock, BEAST and Heartbleed vulnerabilities on the encrypted SSL/TLS connections exposed the need of an additional security layer.

OZON understands this requirement and delivers a 360° cybersecurity solution dedicated to online shops and SMBs who need to protect themselves against sophisticated cyber-attacks and frauds. Don’t be affraid anymore of data customer thefts (SQL injections, XSS), compromised sites (malwares), or sites unavailability (DDoS). All these functions are performed in real time and does not require technical skills or significant financial resources. So, what are you waiting for? Try OZON Cybersecurity for free!