TL; DR: Demand from consumers and browser vendors makes SSL certificates practically mandatory for today’s online businesses. The certificates identify the owner of the server and secure the connection with a browser. SSL Dragon, a top SSL certificate reseller, offers affordable, consistent pricing and in-depth customer service so business clients can stay safe and on budget. The company has seen growth in the SSL market, and it plans to develop its own line of branded certificates and LEI certificates for business-entity verification.
Google began as an early, innovative search engine, but its role transformed over the years into that of a custodian of internet standards. Sites that meet Google’s expectations often find success, while those that fail to adhere to minimum privacy and security standards may be eliminated from its index altogether.
Once such standard involves the Secure Sockets Layer (SSL), technology that encrypts traffic between a browser and a web server. SSL substantially improves online privacy, and SSL certificates build trust between businesses and online consumers. That’s why Google announced long ago that by the end of 2017, it would flag any site that didn’t use SSL to secure communications in its Chrome browser.
That’s about the same time SSL Dragon launched to help connect businesses with SSL certificates.
“We started in 2014 when a friend and I noticed that SSL certificates were trending,” said Roman Munteanu, SSL Dragon Founder and CEO. “Google posted a blog that said it’d mark websites as insecure if they didn’t have a certificate. So we said, ‘This is going to be big.’”
The SSL Dragon team began its preliminary work in 2014 and launched an SSL plugin as its first product in 2015. The company was up and running publicly by the first half of 2016. Today, it focuses on cost-effective SSL certificates for different brands and types of validation. SSL Dragon also offers CSR generation and a quiz-based tool for picking the right kind of certificate for selected use cases.
“Back then, Google only gave us a glimpse of what was going to happen,” he said. “In the last year, we’ve learned that most browsers are heading toward not displaying sites that aren’t secure. Users will receive an alert, and we will get there at some point.”
Without an SSL certificate, companies risk losing access to their customers. What used to be a nice option for major players has turned into a necessity for any site builder active on the web.
SSL Certificates Encrypt Connections Between Servers and Browsers
SSL uses public-key encryption to secure a two-way connection between nodes. In a typical web-browsing scenario, a browser initiates a special handshake message using the Transport Layer Security (TLS) protocol when users access a website. When the server responds, they exchange a public key. Then they generate a session key that encrypts the messages between the two machines for the duration of that visit.
TLS ensures that the server is what it claims to be. That means an online shopper will know that the small business shopping cart belongs to that small business. Likewise, TLS offers a guarantee that the data between devices hasn’t been altered as its constituent packets hop around the internet; it includes a message authentication code that serves as a validation mechanism.
Technically, any server owner can generate an SSL certificate and install it on its servers. That self-signed certificate offers the security of SSL, but it doesn’t prove the identity of the certificate holder. Many site builders use tools, including Let’s Encrypt, to generate such certificates. They still work with the HTTPS protocol, but browsers offer a lower degree of trust to self-signed certificates.
A certificate authority (CA) is a company that issues SSL certificates on behalf of others and offers a higher level of trust. SSL Dragon is a CA and requires companies that request certificates to prove their identity through such steps as transmitting certified articles of incorporation. With a CA-issued certificate, the built-in browser trust increases, and consumer confidence in the company behind the website also increases.
But not all CA-issued certificates are the same. CAs rely on validation types, and these certificates usually come with various mixes of use cases, warranties, delivery time frames, and price points. Among the cheapest validation types is domain validation, which means the certificate verifies the domain on which it’s used. Other types verify subdomains (wildcard certificates) or display company information (organizational validation). Still, others work for code signing, email, or other forms of encryption.
For SMBs with an online presence, a CA-issued SSL certificate for the right validation types is a valuable — and increasingly necessary — part of doing business. SSL Dragon offers those essential tools for site building in an ecosystem driven by tightening browser security standards.
A Provider that Differentiates on Pricing and Support
“There’s a lot of competition in the SSL certificates market,” Roman said. “Unfortunately, we’ve seen some unfair business practices where some companies will offer very low prices without saying they’re discounted, and the next year, they charge their customers a lot.”
Unlike the lower-trust free SSL certificates, CA-issued certificates come with a cost. Prices vary widely among providers, based in part on the validation type, and pricing strategy differs, too. It’s not uncommon for providers to undercut invoicing the first year but charge significantly higher renewal rates — when the cost of migrating comes with additional headaches.
“The prices you see on our website are what customers pay, and the next year the price will be the same, or it will fluctuate 3% to 5% maximum,” he said. For SMBs on a budget, a predictable annual cost is a net plus.
Apart from price, certificate authorities compete on service, given the complexity included in installing a certificate. It must be issued by the CA, downloaded, installed on the relevant servers, and the server software adjusted to use the certificates. SSL Dragon has a reliable tech-support team, which proves to be an asset for inexperienced customers.
“We find good quality customer support people,” Roman said. “We solve more than 95% of our customers’ problems for them. And we see them happy by having these problems resolved on time.” The only problems SSL Dragon cannot solve relate to specific customizations on the customer’s end.
In addition to routine support tickets, SSL Dragon actively engages with customers, including through debriefing sessions. During those sessions, the support team explores the problems customers are trying to solve and their general impressions of SSL Dragon and SSL technology. The company also performs A/B testing for new features and promotions and periodic reviews of competitor offerings.
That commitment to quality goes straight to the top. Even Roman, as CEO, routinely enters the support system to assess responsiveness and satisfaction.
SSL Dragon: Helping SMBs Secure Connections with Customers
With the browser vendors, including Google, pushing web security, the days of getting by without an SSL certificate are over. This technology identifies servers while encrypting the communications between a server and any given browser. It’s a significant improvement for privacy, and it should be a core requirement for any new site building project.
SSL Dragon transfers extra trust to a certificate, particularly around identity, that a free, self-signed certificate cannot match. In the CA space, though, competition is fierce, with companies differentiating on price and service. SSL Dragon maintains pricing transparency so that annual costs are predictable and SMBs can incorporate them into budgets that include site building and maintenance. The company enjoys a high ticket closure rate and engages clients to discover ways to optimize its process, products, and services.
The next major projects for SSL Dragon involve branding and Legal Entity Identifier (LEI) certificates. On the branding front, the company presently sells certificates under the brands of various other CAs. The company is soon planning to launch its own branded certificates.
LEI numbers are 20-character strings that substitute for various permutations of company names in databases. For example, a search for “Bob & Associates” may not return “Bob and Associates,” and names that transliterate differently in other languages may not be accessible on a name search. LEIs are downloadable certificates that note the company’s name, registration location, ownership structure, and related information.
SSL Dragon has sold certificates to SMBs in more than 120 countries, and Roman keeps tabs on every sale.
“It’s pretty amazing to see certificates bought from everywhere,” he said. “I get notifications anytime there is a purchase.”