Smart to be Secure: Choosing the Right SSL Certificate for an E-Commerce Site

Now more than ever before it’s very important for any website that allows for transactions between vendor and purchaser to have an SSL certificate. This is in large part because Google’s newest update is now geared to make any site without one very visible to anyone visiting it. In fact it’s actually even taking punitive measures against sites that don’t feature an SSL cert. In previous versions, websites with an SSL would get an SEO boost, but now any HTTP websites with any kind of text input will be tagged with a “Not Secure” warning prominently – and painfully – displayed in the address bar.

Here at 4GoodHosting, we pride ourselves on being a Canadian web hosting provider that has something for everyone when it comes to taking your venture, business – or even just yourself – onto the World Wide Web. A good many of our customers are in business online, and we’ve been offering quality, affordable SSL certificates for many years now. Some people many not like this new reality, but it is what it is and in the big picture of things it’s a positive as identity theft and fraud are ever-increasing threats to those making transactions online.

Let’s start with a little self-diagnostic tip. If your website is displaying the ‘Not Secure’ status, ask yourself these two questions:

  1. Is your website set up for taking text input? This can include contact forms, search bars, login panels, etc.
  2. Are you using HTTP://?

Answer “yes” to both of these questions and – long story short – you need to install an SSL certificate for your website. But let’s dig into this deeper.

Difference between a Shared SSL and a private SSL Certificate?

There are differences. The two types of SSL available for a website are Shared SSL and private SSL certificates. Free SSLs are a third one, but there are plenty of reasons why you should stay away from free SSLs and we’ll get to that.

We’ll start by making clear that there is no difference between a Shared SSL and a private SSL certificate as far as the level of encryption is concerned, or how effective that encryption is.

The difference between a shared and private SSL certificate lies primarily in the URL of the encrypted website and the cost of purchasing them.

Shared SSL

Shared SSL means the SSL certificate is installed on the web server, and that means you are sharing the SSL with other hosting accounts on the web server in a shared hosting environment. Rather than https://yourdomain.com, your URL will then be https://youraccount.4goodhosting.com.

While a shared SSL certificate is an affordable site security solution, it’s not always ideal and here’s why.

  1. The SSL not installed on your domain name

Due to the fact you’re using your web server’s shared SSL, the SSL is not linked specifically to your domain name, but instead to the shared server’s domain name. This may resulting in the web browser sending an alert or certificate warning to your visitors when they try to access your site – the problem being that the domain name they are visiting doesn’t match the domain name listed there on the SSL certificate.

To summarize, shared SSL certs are best used in situations where the need is for a secure connection to the server that will not be seen by the general public. This could be when logging into webmail or the admin area of your website, as one example.

  1. No business name is on the certificate

Another drawback to a shared SSL certificate is that your business name is not on the certificate. While there is a lot of information found on an SSL certificate:

  • Validity period
  • Issuing certificate authority (CA)
  • The domain of issuance
  • The company operating the website

The business name isn’t one of them

SSL Certificate details can be viewed on your web browser. I you are using Google Chrome, you can get the scoop on a website’s SSL certificate by going to More tools > Developer tools > Security.

You can also view a SSL certificate’s details in other browsers – Firefox, Safari and Internet Explorer – depending on your preference.

Making this information available to your visitors will help them make a comfortable determination who they are doing business with, as well as assuring them that the website is safe. Keep in mind though that because the shared SSL is issued to the shared web server, your business name will not be on it. Yes, your website is protected by the SSL certificate, but it will not have foster the same of level of trust in the visitor that a private SSL certificate will.

  1. Some shopping carts require you to use a private SSL

There are many other eCommerce solutions out there that work well with a shared SSL, but shared SSL is not recommended for any eCommerce website. It’s worth nothing that a number of major banks will not issue internet merchant accounts to business utilizing a shared SSL certificate.

It’s helpful to understand further that in order to accept credit card information on your website, you must pass certain audits and validations showing you to be in compliance with the PCI (payment card industry) standards, and one of the requirements is a properly installed SSL certificate.

  1. Google offers more credit to private SSL certificates

These days some are asking whether a shared SSL would affect search engine rankings, and the verdict seems to still be out on that one. Many experts, however, believe that Google favours websites coming with their own SSL certificate.

What about free SSL certificates?

It’s not difficult to find companies that offer free SSL certificates. Avoid, and here’s why:

  1. They maz not come from a globally trusted certificate authority, and Google might not actually trust the certificate at all. By the time you become aware of that the damage may well already be done is as far as your SERPs and lost customers
  2. They might not be insufficiently encrypted. SSLs come in various encryption strengths. Any free SSL certificate is going to be of the weakest possible encryption.

Private SSL Certificate

Purchasing a private SSL certificate is the smart choice, and decidedly affordable too.

You can purchase an SSL certificate and a dedicated IP (which is required for the SSL installation) as an add-on to your current hosting plan. Purchase both from 4GoodHosting makes the process quick and easy,, but SSL certs purchased elsewhere can be installed through your cPanel.

Another cost and time effective option is 4GoodHosting’s Advanced Hosting plans. Included as part of the plan is a private SSL certificate which will protect the domain with 100% reliability.

You can find more information about our advanced plans here.

Let’s keep people darkening your virtual door, and keep you standing in good stead with Google!

Dead Drain: Staring Down the Zombie Server Problem

What’s that, you say? This week’s topic may seem a little ‘surreal’, but there is, in fact, such a thing as a zombie server and there’s increasing numbers of them out there draining away power and resources that could otherwise be put to more productive purposes.

It’s certainly a power efficiency problem, but it’s also an environmental problem as well as a capital resource problem. Zombie servers have now become a major hassle for data centres around the world. Comatose devices running with no external communications or visibility, and contributing nothing in the way of computer resources.

Here at 4GoodHosting, we like to think that staying on top of major trends in the industry is a big part of what makes us a good Canadian web hosting provider. And considering that estimates now suggest that there are over 10 million zombie servers worldwide, this is definitely one that we’d prefer to never be discussing again.

These 10 million+ servers are wasting the equivalent of the electrical power generated by eight major power plants. Reliable research indicates that 30% of servers are comatose, and that means that almost one-third of capital in enterprise data centres is squandered. Then you add the security risk posed by zombie servers because of how they aren’t patched or maintained.

The Horde is Growing

It’s a fact that identifying a zombie server isn’t easy, and particularly for those who don’t interact with them frequently or extensively. More and more data centres with hundreds and thousands of comatose servers are completely unaware of the power these devices eat up. Many of these ‘zombies’ remain anonymous, devouring energy while providing no real active function.

Example of their evil ways include dozing off for months at time, generating heat for no real reason, and accelerating the power meter simply for the sake of doing so. And more often than not the only way to identify them is to walk up down the aisles of a data centre with a clipboard taking notes of the transgressors. That’s something few operations managers have the time to do.

Consider as well that another massively problematic issue related to these zombie servers is the physical space they take up. Keep in mind that servers are huge machines that occupy precious and often pricey real estate in city centres. Hyperscalers understand this and are pushing forward to design the most energy-efficient data centres. For example, in 2011, Facebook launched the Open Compute Project. The initiative to rethink and re-implement hardware design was prompted by the company’s determination to design a data centre that could handle unprecedented scale, while being cost-controlled.

Taking that lead, Apple has announced plans to build a $1.3 billion, state-of-the-art data centre that will be located in less-pricey Iowa and run entirely on renewable energy. In this era of energy-consciencous data centre operations, it seems we’re finally taking aim at zombie servers.

Rabid Consumption

Data centres around the globe host vast and ever-growing silos of information. Supplying the needed energy for these centres has become a MAJOR expense. Long story short, tens of billions of dollars are wasted on these walking dead, and eliminating them would free up some 2 gigawatts to support new IT loads performing real work instead of wasting electricity and space.

A 2012 investigation turned up some 20,000 zombie servers. Shutting them down resulted in a 5 megawatt reduction in IT load and an additional 4 megawatt drop in cooling and infrastructure load. If we put these savings in a global context, eliminating all the zombie servers around the world might just create a 4 gigawatts of combined IT and infrastructure load reduction. All of this redirect able infrastructure could support new IT loads that deliver real work instead of simply wasting electricity and space.

This is a big deal no matter how you want to look at it, especially when it’s estimated that U.S. data centres consume over 91 billion kilowatt-hours of electrical energy on average each year. By 2020 that number is expecting to jump by 53%. Eliminating zombie servers and boosting energy efficiency could cut electrical usage by 40%, and it’s really something that’s both necessary and attainable.

Time to Go

Fortunately, energy remains the one cost data centres can reduce via proper facilities design and management. Some centres have taken the lead in finding, waking up, or shutting down zombie servers. Proper facility management means many servers that are no longer needed can be identified and shut down, while others are oriented to now run their software on the cloud. It’s quite telling when some companies report cutting their energy consumption by over a third by taking these steps.

Any operations manager that’s up for that challenge will find that it takes a coordinated effort to see these energy savings happen. Only an IT technician will know which devices can remain live, and which ones can be turned off. Those decisions should only be made by a person who is explicitly in the know and entirely aware of what they’re doing! We’ll need both of them walking the server tunnels, and making a joint decision on which zombies get their plugs pulled.

Unfortunately, this day or reckoning rarely comes for most of the zombie servers.

Yes, data centres are eager to solve the problem, but they’re impeded by the need to keep idle servers running lest they accidentally make a mission critical server inoperative. Yes, in many cases the zombies are kept alive ‘just in case’ there’s been an error in their identification.

Some new data centre tools, however, allow their operators to easily spot and shut down zombie servers, and that includes physical, virtual or even cloud versions. Doing so creates a dramatic improvement in the sustainability of their infrastructure, with a marked increase in both economic and environmental efficiencies. Next-generation software can optimize on-premises infrastructure, including IT servers, storage and network, plus virtual machines (VMs) and off-premises cloud constructions.

We’ll guess the majority of data centres will keep their heads in the sand about zombie servers. Some may continue to attack the problem with half-hearted combat efforts – shutting down a server here and there – but not really making much of a dent in the problem. Without a truly holistic and far-reaching approach to the problem, the efficiency and very existence of many of these data centres may eventually fall victim to the undead hordes of the web computing world.