Every website should use SSL certificates. We take a detailed look at SSL certificates and discuss the benefits that they can offer your charity
Imagine that a supporter makes an online donation to your charity, only to discover that the website they have visited is a fake one and the donation has gone straight into the pocket of a hacker.
It’s a scenario that highlights the importance of trust. Before donating, a supporter needs to be able to trust that the charity website they visit is genuine. They also need to trust that their credit card details and any other details they provide are secure so they can’t be intercepted by a hacker.
That’s where SSL certificates can help. Using SSL certificates means donors can verify your website belongs to your charity and personal information will be secure while they make a donation, thanks to the use of hacker-proof encryption
There are other benefits to using SSL certificates, too, including:
In this article, we will run through the benefits of using SSL certificates to help you can get started.
SSL stands for Secure Sockets Layer, which was a standard security technology for establishing an encrypted link between a browser and a website. SSL has now been replaced by a technology called Transport Layer Security (TLS), so SSL certificates should more accurately be called TLS certificates.
A digital certificate is a small computer file stored on a web page which certifies that the web page belongs to your charity. The obvious question, then, is why should anyone trust the certificate?
The answer comes down to who has verified the certificate. If the certificate has been verified by a “trustworthy organisation”, you can trust what the certificate certifies.
But what is a “trustworthy organisation”? It turns out that reputable web browsers like Firefox, Chrome, Safari, and Edge, as well as some computer operating systems such as Windows and MacOS have a list of organisations that verify certificates – known as Certificate Authorities (CA) – that have been examined and can be trusted.
That means that if a digital certificate can be trusted if it has been verified by a CA that is in your browser’s or operating system’s list. If it says that the website belongs to your charity, visitors can be sure that it really does.
If the CA is not trusted by your browser or operating systems then a warning will appear on the screen.
Websites secured with SSL certificates have a web address starting with "https://" rather than "http://.". A padlock icon is also displayed in the browser before the web address.
Clicking on the padlock will reveal details about the certificate, which will usually include the name of the owner and the name of the CA.
This is where things get a little more complicated – and to understand the answer to this question completely you need to know about something called Public Key Infrastructure (PKI).
But all you really need to know is that an SSL certificate also includes an encryption key that a visitor to your site’s web browser can use to encrypt credit card details and other information so that it can be sent to your charity’s site securely. Should a hacker intercept the details they would not be able to read them because they are encrypted.
When a CA certifies a certificate, there are three levels of certification leading to three types of certificate:
The process involves generating an SSL certificate and other digital files which support it, submitting it to a CA, and putting the verified SSL certificate on the web server that hosts your site.
Many CAs can create and certify SSL certificates for you. Among the most popular CAs are:
You can compare prices and buy SSL Certificates from all of these CAs through the SSL Store.
To get an idea of the time and cost involved, Thawte offer an EV certificate for about £100 per year, with a turnaround time of about three days.
Many charities use a web platform such as WordPress or a web hosting company to host their website. The good news is that many of these organisations can arrange for SSL certificates to be created and installed for you.
Other hosting organisations have automated the process. You may be able to log in to your web hosting account and choose an option to add SSL certificates through the popular cPanel, Plesk, or some other control panel. This will take you step-by-step through the process of uploading a certificate and other files to your website.
If your charity hosts its web site on its own server then the web server administrator will be able to handle the installation of SSL certificates.
One final thing to remember is that once your certificates are installed, your charity’s web address will change from ’’ to ’’. That means that you have decide what happens when anyone tries to visit the old ’’ address.
The most common option is to redirect "http://" traffic to "https://." automatically. Other options are simply to block the old address, or to allow visitors to the old non-SSL certificate protected version of you site.