Web Security

An in-depth guide on Fixing Browser Errors, SSL Certificate comparisons, Digital certificates Features and Price , Code Signing Certificate Best Practice

Key Differences Between SSL Certificates and Code Signing Certificates

Are SSL Certificates and Code Signing Certificates Same?  

Differences Between SSL Certificates and Code Signing Certificates

The answer is NO. However, there are some similarities between an SSL certificate and a Code signing certificate 

  • Both a Code signing certificate and an SSL certificate are X.509 digital certificates that are used for cybersecurity.  
  • They both use Public Key Infrastructure (PKI). 
  • Users see a security warning in the absence of a Code signing certificate and an SSL certificate. 
  • With both certificates, the certificate authority validates the applicant’s credential before the issuance. 
  • The main purpose of both of these certificates is to save end users from becoming victims of cybercrimes.  

Now, the similarities end here!  

Code Signing Certificate vs. SSL Certificate 

These are the key difference between a Code signing certificate and an SSL certificate. 


An SSL certificate is used for websites. It secures the data transition between a users’ browser and a website’s server. An SSL certificate is installed by the website owner/webmaster

A Code signing certificate is used to protect downloadable software, device drivers, applications, executables, and scripts. A Code signing certificate is purchased and used by software developers/publishers

If you are in the business of developing downloadable software and own a website for your software, you need both, a Code signing certificate and an SSL certificate.  

SSL Certificate Vs Code Signing Certificate

Working Style:  

SSL certificates enable a secure connection between a browser and server to facilitate encrypted data transfer. In simple words, the data website visitors send on your website (names, emails addresses, passwords, bank details, credit card numbers, CVV, etc.), gets encrypted using strong 256-bit symmetric encryption and a 2048-bit RSA signature key when you install an SSL certificate on your website. So, any man-in-the-middle (read hacker) can’t read, interpret, or misuse your clients’ data.  

Code signing certificates don’t encrypt the software itself: instead, they hash the entire software. Hashing is like putting a digital signature on the whole code. If someone in the middle changes the code, the hashing value changes, indicating to the user that the software is different from the original one; so it might be unsafe to download. This is how a user who is trying to download the software can save themselves from getting malicious software and becoming the victim of a cybercrime.

Additionally, the software developer can be alerted about tampering in the software before it’s too late. So they can discontinue the infected software and publish a new file to control the damage at the earliest stage. In any case, software can’t be tampered with and not be detected. 

Identity Verification: 

In both cases (an SSL certificate or Code signing certificate) the certificate authority (CA) verifies the identity of the applicant before issuing the certificate.  

With an SSL certificate, the CA makes sure that you own the domain for which you have applied for an SSL certificate. To verify this, the CA sends an email to a particular email id like admin@yourdomain.com, or webmaster@yourdomain.com with a verification link. Or asks you to place a verification file on a specific location of your server. If you have chosen an organization validated (OV) or Extended validated (EV) SSL certificate, you also need to provide your business registration number or ID, registration date and full legal business name, physical address, phone number, etc. to the CA. They will verify your legal business registration in an online government database and third-party online listing. In some cases, you may need to provide a legal opinion letter that is filled out and signed by an active lawyer or accountant.  

For Code signing certificates, the CA will verify your business’s registration details, address, and telephone number. For individual developers, the CA requires you to present a notarized form that validates your government-issued photo identification and complete a phone call verification.  

Identity Attachment: 

SSL certificate: Once the CA verifies the applicant’s identity, it ties the certificate’s public/private keys to the website URL, enables HTTPS (in place of HTTP) and displays a padlock sign in the address bar. When you click on the padlock sign and go to ‘certificate,’ you can see the website’s name for which the SSL has been issued, name of the issuing authority, issuance and expiry dates. With an EV SSL certificate, the company’s legal name is also shown in the address bar along with the padlock sign. This identity attachment assures your website visitors that you are the same company as you claim to be.

Not Secure Warning

Code signing certificate:  After the entire vetting process, Code signing certificates allow you to put a unique, verified digital signature on the piece of software or code you have developed. It gives a chance for buyers to check the original publisher.  

When your buyers can see the verified publishers’ name on the software they are downloading, instead of ‘unknown’ publisher, it gives them confidence that the product they are downloading is safe and comes from the intended publisher. 

Cost Of SSL & Code Signing Certificates

A basic domain validated (DV) SSL certificate starts from $10/year, while single domain organization validated (OV) SSL starts from $48/year and extended validated (EV) SSL $88/year.
A wildcard SSL to secure unlimited subdomains starts from $85/year. While multidomain SSL for securing multiple domain names under a single certificate starts from $29/year. 

The basic OV Code signing certificate starts from $80/year, and the Extended Validated (EV) Code signing certificate starts from $300/year.  

Discounted rates and only available on www.SectigoStore.com


Any paid SSL certificate comes up with a warranty. In an unlikely event of encryption failure, the CA will reimburse the damages up to the warranty amount to the victim. So, it works like liability insurance. The warranty ranges from $10,000 to $1,750,000, depending on the type of SSL certificate you are getting. Do consider the warranty amount while choosing the right SSL certificate for your business. 

Code signing certificates don’t offer a warranty. 


When an SSL certificate expires, if it is not renewed the users start getting the same security warning as they see for the website without an SSL certificate. As soon as the SSL certificate gets expires, the padlock sign, HTTPS and the organization’s name (for EV SSL) gets disappeared, and users see a “not secure” sign on the address bar. Plus, they will see a security warning page as below every time users try to open your website. 

Not Secure Browser Warning

Connection not private Warning

When a Code signing certificate expires the users will may see a security warning. However, the verified publisher’s name will be still there if the publisher has utilized timestamping. The timestamp is a digital signature which you can add to your software by using your unique private key. This digital signature will stay good forever, even after the Code signing certificates expires. A timestamp shows that the software was signed by the original publisher while the certificate was valid, so the publisher of the software is the same as it was at the time when the software was published. 

The Extra Benefit of EV Validation 

SSL certificate: When you get an Extended Validated (EV) SSL certificate, your organization’s legal registered name is displayed in the address bar before your domain name. It provides the highest level of trust to your users. Plus, you will also get a dynamic site seal. It’s a small clickable image posted on each encrypted webpage. When users click on the seal, they can see real-time details of the SSL certificate, issuer, physical address, expiry date, etc.  A timestamp is a visual indicator of trust.  

Differences Between SSL Certificates and Code Signing Certificates

EV Code signing certificate

You will receive an external hardware USB device that contains the private key. Now, the private key is secured in both ways-physically and digitally. This provides two-factor authentication. Only those who have the physical device can sign code with your EV Code signing certificate. It provides robust authentication and enhanced security. Plus, Microsoft SmartScreen trusts EV Code signing certificates. Microsoft SmartScreen considers reputation scores, and for new developers, it can be difficult to gain enough reputation to avoid their software getting flagged as potentially suspicious. So, for new developers, an EV Code signing certificate is the only way to prove their trustworthiness to users. 

Code Signing Certificate Vs SSL Certificate: Differences Explained 

 SSL certificate Code signing certificate 
Used for 
  • Websites
  • Downloadable software
  • device drivers
  • applications
  • executables
  • scripts.
  • Domain validated
  • Organization validated
  • Extended validated
  • Organization validated
  • Extended validated
Price (starting range) 
  • Single domain DV SSL $10/yr
  • Single domain OV SSL $48/yr
  • Single domain EV SSL $88/yr
  • Wildcard SSL $85/yr
  • Multidomain SSL $29/yr
  • OV Code signing certificate $80/yr
  • EV Code signing certificate $300/yr
Extra benefit of Extended validation
  • Organization’s name in the address bar before the domain name.
  • Get complimentary Dynamic Real-time site seal
  • Enable two-factor authentication by providing private key in external USB.
  • Compatible with Microsoft SmartScreen
After Expiration of certificate
  • Website visitors will start seeing an error message as soon as an SSL certificate is expired.
  • If the software is signed using timestamping, the digital signature will be shown on the software even after the certificate is expired.
  • $10000 to $1.75 Million
  • No warranty
 Buy Now Buy Now 

Website Visitors’ Guide on How to Fix the ‘Warning: Potential Security Risk Ahead’ Error in Firefox

Warning: Potential Security Risk Ahead’ Error in Firefox




If you’re seeing any of the above security warnings while visiting a website on the Mozilla Firefox browser, this article will guide you through seven ways you can still use the site despite receiving any of these error messages.

However, there are some things you should know before applying these tricks:

  • This article is intended for website visitors. If you’re a website owner, please click on the particular error message above you are seeing for your website and follow the different set of steps mentioned in those articles.
  • As a website visitor, you can’t solve the error, but you can force your browser/operating system to ignore it.
  • Follow these solutions only when you are absolutely certain that the website, you’re visiting is safe.

Before we begin, make sure the date and time on your device are accurate. For computer users, you can see this information displayed on the right side of your task bar at the bottom of your screen. Incorrect date/time settings can cause a variety of errors. If it’s not set properly, right-click on the date/time and select Adjust time/date. Set the right time and date there.

Fix the ‘Warning: Potential Security Risk Ahead’ Error in Firefox

Fix the “Secure Connection Failed” Error in Mozilla Firefox

These tricks will help you to get rid of the “SEC_ERROR_EXPIRED_CERTIFICATE,” “MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT,” and “SEC_ERROR_REVOKED_CERTIFICATE” errors in Firefox.

You don’t necessarily need to perform all of these tricks. Just keep applying them one by one until the error message no longer displays. 

1. Permit Firefox to Trust Root Authorities

Firefox has an optional feature that allows the browser to trust root authorities in the Windows certificate store. To activate this feature, you must enable the setting in your browser.

Fix the ‘Warning: Potential Security Risk Ahead’ Error in Firefox
  • Type “about: config” into the Firefox address bar.
  • Press the I accept the risk! button.
  • Search for security.enterprise_roots.enabled.
Fix the ‘Warning: Potential Security Risk Ahead’ Error in Firefox
  • In the security.enterprise_roots.enabled window, look to the right side of the screen. If the value is False, double-click on it. The value will get changed to True.
  • Restart Firefox.
  • If you still see the error message, move to the next solution.

2. Change Your Security Settings

  • Type Command Prompt or CMD into the Windows search bar.
  • Right-click on Command Prompt and select Run as Administrator.
Fix the ‘Warning: Potential Security Risk Ahead’ Error in Firefox

Type in these three commands, hitting Enter after each one:

Regsvr32 softpub.dll

Regsvr32 Wintrust.dll

Regsvr32 Wintrust.dll

Fix the ‘Warning: Potential Security Risk Ahead’ Error in Firefox
  • Reboot your computer. The changes will be saved.

3. Clear Your Browsing History

  • Open Firefox and navigate to Options in the top-right drop-down menu.
  • Go to Privacy and Security from the menu bar on the left side.
  • Click on Clear Data in the Cookies and Site Data section.
  • Select Clear History.
  • Select all the options and click on Clear Now.
Fix the ‘Warning: Potential Security Risk Ahead’ Error in Firefox

Fix the ‘Warning: Potential Security Risk Ahead’ Error in Firefox

4. Temporarily Disable Your Antivirus and Firewall

Some antivirus and firewall solutions are sensitive to SSL errors. To address this issue, all you need to do is turn off HTTPS scanning. All antiviruses have different SSL scanning under different names. Find the appropriate setting such as “HTTPS Scanning,” “Scan SSL”, “show safe result,” “Do not scan encrypted connections,” etc.,and disable it.

If you don’t see any such options, visit the manufacturer’s help section and try to find SSL- and HTTPS-related settings information there.

5. Clear the SSL State

  • Search for Internet Options in the Windows search bar.
Fix the ‘Warning: Potential Security Risk Ahead’ Error in Firefox
  • In the pop-up window, select the Content tab.
  • Click on Clear SSL State to clear your SSL cache.
Fix the ‘Warning: Potential Security Risk Ahead’ Error in Firefox

6. Add the Site to Your List of Trusted Sites

  • Search for Internet Options in the Windows search bar.
  • In the pop-up window, click on the Security tab.
  • Select Trusted sites.
  • Click on the Sites button to open a new window.
  • Manually add the URL of the website that is displaying the error message.
  • Click Apply and OK.
Fix the ‘Warning: Potential Security Risk Ahead’ Error in Firefox

7. Continue With an Insecure Connection

If none of the above works, you can continue with the insecure connection at your own risk:

  • Click on Advanced.
  • Click on Accept the Risk and Continue.

Note: This trick will not work for the “SEC_ERROR_REVOKED_CERTIFICATE” error.

Fix the ‘Warning: Potential Security Risk Ahead’ Error in Firefox

How to Fix the “SEC_ERROR_EXPIRED_CERTIFICATE” Error in Mozilla Firefox and Google Chrome


If you’re seeing a “SEC_ERROR_EXPIRED_CERTIFICATE” error while browsing any website, you’re not alone! This is a common error that’s associated with a website’s Secure Socket Layer (SSL) certificate. Website owners install an SSL certificate to secure the data that transfers between a website visitor’s browser and website’s server. SSL certificates are issued for a maximum of two years, and they must be renewed before or at the time of its expiry date. If the SSL certificate is not renewed, all web browsers will display the SEC_ERROR_EXPIRED_CERTIFICATE error for that site.

A pending SSL renewal is quite a common problem for all types of organizations. More than 80 .gov websites’ SSL/TLS Certificates expired during the most recent US government shutdown. In May 2019, LinkedIn missed renewing its SSL certificate! When such negligence takes place, the website visitors see the “SEC_ERROR_EXPIRED_CERTIFICATE” error message.

Even when an SSL certificate is renewed by the website owner, browsers may keep showing this error to site visitors if there are issues with the users’ browsers or operating systems. So, it is necessary to check whether the SSL certificate is actually expired or not before finding the solution.


If your browser is displaying a page with the title “Warning: Potential Security Risk Ahead,” try the following:.

  1. In that window, click on the Advanced button.
  2. Press View Certificate.
  3. A new window will pop up. Here, check the rows Begins on and Expires on under Period of Validity and confirm whether the certificate has expired.
Fix the “SEC_ERROR_EXPIRED_CERTIFICATE” Error in Firefox and Google Chrome

If the SSL Certificate is Expired,

If you’re a website owner, you need to renew the SSL certificate as soon as possible. However, there are some things you should know before you renew the SSL certificate:

  • Some certificate authorities (CAs) charge more to renew an SSL certificate than they do to buy a new one. If that is the case, you can shift to any other certificate authority anytime. It’s not necessary to buy the same SSL from the same certificate authority at the time of renewal.
  • Right now, Sectigo (formerly Comodo CA) offers SSL certificates at the lowest rates — and they never exploit their loyal customers by charging higher renewal rates. On the contrary, Sectigo provides coupon codes for generous discounts when SSL certificates require renewal.

As a website visitor, you can’t do anything to renew the SSL certificate. However, you can take some steps to disable/ignore the SSL-related error on your browser so you can browse the site. Check out our website visitor’s guide to fixing the “SEC_ERROR_EXPIRED_CERTIFICATE” error in Mozilla Firefox. Note: You should do that only when you’re 100% sure that the website you are trying to visit is secure.

 If the Certificate Has Not Yet Expired

If the site’s SSL certificate hasn’t expired but the site is still displaying the error message, it’s a sure indication that the issue is with the user’s browser or operating system. Please follow our step-by-step guide to Fix the security warning error in Mozilla Firefox.

How to Fix the “SEC_ERROR_EXPIRED_CERTIFICATE” error in Google Chrome

In Chrome, you can check the cause of the “SEC_ERROR_EXPIRED_CERTIFICATE” error in a slightly different way. Currently, you must be seeing the following error page:

Fix the “SEC_ERROR_EXPIRED_CERTIFICATE” Error in Firefox and Google Chrome
  • Click on the Not Secure symbol in the address bar.
  • Click on Certificate.
  • Under the General tab, you can check issuance and expiry date of the SSL certificate.
Fix the “SEC_ERROR_EXPIRED_CERTIFICATE” Error in Firefox and Google Chrome

If the SSL Certificate is Expired

As a website owner, you need to renew the SSL certificate as soon as possible. Do thorough market research before renewing because sometimes the price difference is mind-blowing — in some cases, it may cost you more to renew than to buy a new SSL certificate outright! Check out Sectigo’s (formerly Comodo CA’s) latest discounted prices.

As a website visitor, you can follow some tricks to get rid of this error message. Check out our guide on how to fix the “Your Connection is not private” error in Google Chrome.

If the SSL Certificate is Not Yet Expired

If the certificate is still valid and is not yet expired, it proves that the problem is NOT with the website’s SSL certificate – hence, the website owner doesn’t need to do anything about it. As a website visitor, there are some issues to be tackled on your browser/operating system to fix this error. Check out our step-by-step guide: How to fix ‘Your Connection is not private’ error in Google Chrome.

Fix the “SEC_ERROR_REVOKED_CERTIFICATE” Error in Mozilla Firefox

If you’re seeing a “Secure Connection Failed’ page with the error message “SEC_ERROR_REVOKED_CERTIFICATE” while visiting a website, use the following steps to get rid of the error page and access the website.



Simply put, this is an SSL certificate related error. The website owner installs a digital certificate called security socket layer (SSL) certificate to protect their website visitors’ data. Every SSL certificate facilitates a secure connection through the use of a public and private key share. When this SSL certificate gets revoked for any reason, which invalidates the certificate, the browser doesn’t consider it secure and shows the “SEC_ERROR_REVOKED_CERTIFICATE” error page.

In most cases, when the private key becomes compromised, the certificate authority (CA) who issues the certificate revokes the SSL certificate. The private key, which is used to decrypt the encrypted data that users transfer over a website, must remain secure on the server for it to be effective. Anyone that holds a private key can decrypt the data. That’s why, if the private key is leaked, the data encrypted by an SSL certificate is no longer considered secure.

Another reason why you may receive this warning message is due to an SSL certificate mis-issuance by the CA. For example, in March 2019, millions of SSL certificates were revoked by Apple, Google, and GoDaddy because of non-compliant SSL serial numbers that were generated as the result of an operational error. The certificates had 63-bit serial numbers instead of 64-bit serial numbers.

There are several reasons why a website owner can request for a CA to revoke their SSL certificate:

  • They’ve lost the private key,
  • They changed the certificate’s common name,
  • The secured site is no longer operational, or
  • They have requested the certificate for the wrong domain name by mistake.

How to Fix “Secure Connection Failed” Error in Mozilla Firefox?

If you’re a website owner, all you can do is ask your certificate authority to reissue a new SSL certificate. Some CAs charge additional re-issuance fees. If the reissuance fee is higher than the cost of purchasing a new certificate, you can change CAs anytime and get a new SSL from a different certificate authority.

Reissuance is free if you buy Sectigo (formerly Comodo CA) SSL certificate. Comodo CA has been a well-trusted cybersecurity brand for more than two decades and sells the most budget-friendly digital certificates. The basic Comodo DV SSL starts from $10/year and comes with a $50,000 warranty.

If you’re a website visitor, you can compel your browsers to ignore the error and visit the website on your own risk by following these steps.

You won’t necessarily need to implement all of these steps. Keep applying them one by one until the error message is eliminated. 

1. Permit Firefox to Trust Root Authorities

Firefox has an optional feature that allows the browser to trust root authorities in the Windows certificate store. To activate this feature, you must enable the setting in your browser.

  • Type “about: config” into the Firefox address bar.
  • Press the I accept the risk! button.
  • Search for security.enterprise_roots.enabled.
  • If the value is false, double-click on it to change it to True.
  • Restart Firefox.
  • If you still receive the error message, move to the next solution.

2. Clear Browsing History and Cache Memory

If the certificate authority has already re-issued a new certificate in place of the revoked SSL, you may still see the error message. This is because the browser’s cache memory is displaying old information. Clearing your browsing history, cookies, and cache memory might solve the issue.

  • Open Firefox and navigate to Options in the top-right drop-down menu.
  • Go to Privacy and Security from the menu bar on the left side.
  • Click on Clear Data in the Cookies and Site Data section.
  • Select Clear History.
  • Select all the options and click on Clear Now.


3.Temporarily Disable Your Antivirus and Firewall

Some antivirus and firewall solutions are sensitive to SSL errors. To fix this issue, all you need to do is turn off HTTPS scanning. All the antiviruses have different SSL scanning under different names. Find the appropriate setting such as “HTTPS Scanning,” “Scan SSL,”show the safe result”, “Do not scan encrypted connections,” etc.,and disable it.

If you don’t see any such options, visit their manufacturer’s help section and try to find information about SSL- and HTTPS-related settings there.

4. Clear the SSL State

If this error is occurring on a website you visit regularly, it’s possible that your browser may have stored a saved version of the site’s SSL certificate. This process can be problematic when you return to the site if the SSL certificate is no longer trusted. This next step will enable you to clear your SSL cache, which may help remedy this issue:

  • In your system’s control panel, under Network and Internet, selects Internet Options.
  • In the pop-up window, select the Content tab.
  • Click on Clear SSL State to clear your SSL cache.

5. Trusted Site

  • Search for Internet Options in the window’s search bar
  • In the pop-up window, click on the Security tab.
  • Select Trusted sites.
  • Click the Sites button to open a new window.
  • Manually add the URL of the website that is displaying the error message.
  • Click Apply and OK.


How to Get Rid of ‘Warning: Potential Security Risk Ahead with MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” Error in Firefox?

‘Warning: Potential Security Risk Ahead with MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” Error in Firefox

If you see the error message “MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” while using FireFox, it means that the browser is encountering an SSL certificate-related error. A website owner installs an SSL/TSL certificate to protect the data transfer between their users’ browsers and website’s server using encryption technology. For an SSL certificate to be trusted by FireFox, it must be issued and signed by the certificate authorities (CAs) that the browser trusts.

Before you can install an traditional SSL certificate on your site to enable encryption, certificate authorities must verify the identity of the site owner or organization before issuing the SSL certificate. SSL certificates are a sure sign that the website you’re interacting with is the one it claims to be. This is especially important considering that cybercriminals will often create fake websites that impersonate other genuine websites to gain customers’ trust and steal their personal and financial data.

‘Warning: Potential Security Risk Ahead with MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” Error in Firefox

Why is There a “MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” Error in Firefox?

There is another type of SSL certificate, which does facilitate the encryption process but is not signed by the trusted certificate authority. It’s called a self-signed certificate. Because a self-signed certificate is not issued and signed by the well-known CA, the browser doesn’t trust it.

It’s like a driver’s license. It must be issued by the DMV. If you just write on a piece of paper “I know how to drive,” is the cop going to accept it? Absolutely not (though you may land yourself a ride in the back of their police car!).

Why would someone use a self-signed certificate over a traditional SSL certificate?

  • Companies generally use self-signed certificates for intranet websites. Intranet websites are covered under a private network and accessible only to an organization’s staff. These websites are made for facilitating internal communications, data transfers, and developing/testing software.
  • Some start-ups, independent developers, freelancers, bloggers and small businesses also use self-signed SSL certificates because they’re free and easy to install on their servers.
  • Self-signed certificates are sometimes used by hackers when they’re unable to get an SSL certificate from a trusted CA.

In any case, Firefox doesn’t trust self-signed certificates because there’s uncertainty about who is receiving your data on the other side. This is why you receive the “MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” error message.

How to Fix the “MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” Error in Firefox?

If you’re a website owner, you can get an SSL certificate from a trusted CA at little cost these days. For example, SSL certificates from Sectigo (formerly Comodo CA) start from $10/year and include a $50,000 warranty. If the installation part seems troublesome, you can always outsource the entire installation process for just a $49 onetime fee. The benefits of purchasing an SSL from trusted CA always outweigh the money you save by installing a free, self-signed SSL certificate.

Disclaimer: Forcing your browser/operating system to ignore SSL related errors can weaken your device’s security. If you have decided to take the risk anyway, don’t share any financial details or personal identifiable information (PII) such as your name, phone number, passwords, Social Security number (SSN), physical address, etc. on such websites.

1. Disable Security.Enterprise_Roots.Enabled

If you’re a website visitor, you can apply the following methods to get rid of the “MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” error in Firefox.

‘Warning: Potential Security Risk Ahead with MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” Error in Firefox
  • Type about: config in the Firefox address bar.
  • Click on the I accept the risk! button.
  • Search for security.enterprise_roots.enabled in the URL bar.
‘Warning: Potential Security Risk Ahead with MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” Error in Firefox
  • On the extreme right, there should be a value field. If the value is listed as false, double-click on it to change it to True
  • Restart Firefox.
  • Check whether you still see the error page. If yes, move to the next solution.

2. Clear the SSL State

  • Search for Internet Options in the window’s search bar
  • Click on Content
‘Warning: Potential Security Risk Ahead with MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” Error in Firefox
  • Now, click on Clear SSL State.
‘Warning: Potential Security Risk Ahead with MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” Error in Firefox

3. Trusted Site

  • Search for Internet Options in the window’s search bar.
  • Select the Security tab and click on Trusted Sites./
  • Go to the Sites tab.
  • Now, manually add the URL of the website that is showing the error message.
  • Click Apply and OK.
‘Warning: Potential Security Risk Ahead with MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” Error in Firefox

4. Continue with an Insecure Connection

If none of the above suggestions work, you can continue with the insecure connection at your own risk.

  • Click on Advanced.
  • Click on Accept the Risk and Continue.
‘Warning: Potential Security Risk Ahead with MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT” Error in Firefox

How To Generate CSR In cPanel

As soon as you buy an SSL certificate, it doesn’t get automatically get installed and enable HTTPS on your website. There are several steps you need to take from your end to complete this process.  

There are 3 steps you need to follow after purchasing an SSL.: 

  1. Certificate Signing Request (CSR) generation 
  2. Validation process 
  3. Installation Process  

In this article we’ll cover the CSR generation process for cPanel in 3 easy steps. If you’re using different server, refer our articles for CSR generation on various types of servers.  

CSR Generation In cPanel

Step 1

Log into cPanel

Click on SSL/TLS in the Security section.

How To Generate CSR In cPanel


Go to ‘Generate, view, or delete SSL certificate signing requests’ under the Certificate Signing Requests (CSR).

How To Generate CSR In cPanel


Fill the following fields with only alphanumeric characters.

How To Generate CSR In cPanel

Domains: Enter the fully qualified domain name. The primary domain name for which you have applied the SSL certificate.

For wildcard SSL, add an asterisk in front of the domain (*.mydomain.com). Caution: Don’t write * before the www version of the domain like *.www.mydomain.com. unless you want to secure second level of subdomains such as blog.www.mydomain.com, mail.www.mydomain.com etc.

How To Generate CSR In cPanel

City: Provide the full name of your city. Do not use abbreviations.

State: Provide the full name of your State. Do not use abbreviations.

Country: Select country from the drop-down menu.

Company: Officially registered name for your business. It is mandatory for Organization and Extended Validation certificates. For Domain Validation SSLs, you can use “NA” if your organization is not legally registered.

Company Division: Department name inside the organization. Write “NA” if a certificate a Domain Validation certificate or there are no departments in the company.

E-mail: Enter your e-mail address. This field is optional.

Passphrase: Keep this field black.

Description: Add some keywords in order to locate a particular CSR in the list if you have more than one CSR. This too is optional.

Click on ‘Generate’.

How To Generate CSR In cPanel

At this point, your private and public keys have been successfully generated. The generated CSR code includes the public key.

You need to send this CSR code to the certificate authority along with other required details. 

Include the header and footer when sending your CSR to the certificate authority: 



The private key is stored locally on the server and will be needed at the time of installation process once the CA issues you the certificate.   

After this step, the CA will follow some validation steps based on the type of certificate you have chosen. For DV SSL, you will get a validation email on your business email (admin@yourdomain.com, webmaster@yourdomain.com) just in minutes after you send the CSR code and other details to the CA. For OV and EV, the validation process may take somewhere between 1 day to 5 days.  

Learn more about the next steps after you generate your CSR on cPanel: 

Step 2: Validation process 

Step 3: Installation Process  

How to Install SSL Certificates on WordPress : An Ultimate Migration Guide

WordPress Site From HTTP to HTTPS

Add SSL and Migrate
WordPress Site From HTTP to HTTPS  

SSL (Security Socket Layer) uses public key infrastructure (KPI) to encrypt the data transferred between a browser (user), and a server (website). It enables HTTPS and the padlock sign in the address bar before the domain name.  Google, Firefox, and other authorities recommend that all websites install SSL.  In this article, we’ve included everything you need to know about SSL certificate for your WordPress site.  

How to get an SSL certificate for WordPress? 

Before you get an SSL certificate from your web hosting company, compare the prices with other SSL providers. Sometimes the price difference is mind-blowing. (Make sure your hosting provider allows an SSL certificate from a third party.) 

For example, the retail price for a Positive SSL (DV) is $47/year. But you can get the same Positive SSL DV for less than $10/year, with $50,000 warranty, from SectigoStore!  

How to choose the right type of SSL certificate for a WordPress site?  

Once you have decided from where to buy your cert, you need to determine what type of SSL is best for your WordPress site. 

  • For informative websites, blogs, personal websites, a Domain Validated SSL certificate is sufficient.  
  • If your WordPress site offers eCommerce, paid memberships, paid subscriptions or accepts donations or charity,  


if your users need to fill any forms or log in details such as email ids, passwords, etc., then Organization Validated (OV) or even better, Extended Validated SSL is recommended.  

  • If your WordPress site has multiple domain names, for example, myblog.com, myblog.net, mysite1.ca, Multidomain SSL is needed. 
  • For websites with subdomains, for example, “blog.mysite.com,” “mail.mysite.com” etc., a wildcard SSL certificate is required to secure all the subdomains.  
  • For websites with both subdomains and multi-domains, Multidomain Wildcard SSL is sought after.  

Once you have finalized the SSL provider and figured out which type of SSL is right for your WordPress site (and fits in your budget), purchase it and move forward to the installation process. If you have bought SSL installation services from your SSL provider, you don’t need to worry about any further steps and can leave the article from here!  

Get installation service from SectigoStore for as low as $49 one-time cost! 

How to install an SSL certificate on a WordPress website + HTTP to HTTPS migration guide.  

Step 1: Generate the CSR 

Different types of servers have different CSR generation process. We’ve covered the CSR generation process for the most popular platform, cPanel, here. 

  1. Click on SSL/TLS Manager in the Security section. 
  2. Go to ‘Generate, view, or delete SSL certificate signing requests’ under the Certificate Signing Requests (CSR). 
  3. Fill the fields Domains, CityState, Country, Company, Company Division, E-mail, Passphrase and Description with only alphanumeric characters. 
  4. Click on Generate 

     To understand this process in more detail, please review this article: How to generate a CSR in cPanel. Other resources: Generate CSR on other servers.  

At this point, your private keys and public keys are successfully generated. The CSR code includes the public key and it will be sent to the certificate authority along with other required details, as per the CA’s instructions.  

After you send the required details along with your public key to the CA, the CA will vet your credentials against the type of validation you seek. The CA will ask you to perform some steps to prove your domain ownership (and additional steps for OV and EV SSL certificates). Learn more about the Validation Process here. 

The CA will issue you the SSL certificate once the validation process is completed. They’ll email you files that you need to complete the certificate installation.  

Step 2: Install the SSL in the hosting server 

Different web hosts and servers have different installation process. We’ve covered the installation process for cPanel, one of the most used servers. All the other types of servers have more or less similar installation process. If you are using a different server, click here for more information

To start out: 

Go to cPanel  

Part 1

 Go to SSL/TSL under SECURITY 

[Symbol] Click on Generate, view, upload, or delete SSL certificates. Under Certificates (CRT) 

  • Locate Paste the certificate into the following text box under ‘Upload a New Certificate.’ Copy-paste the code from the *yourdomain*.crt file which you have received from the Certificate Authority in the email. You can also download it from your account directly. Do include the header and footer (—–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–) in the code.  
  • Click on Save Certificate or Upload.  


  • Under ‘Choose a certificate file (*.crt)’, click on ‘Choose File’ and upload .crt file that CA sent you in email. Click on ‘Upload Certificate’. 

   Part 2 

Now go back to the previous menu 

  1. Click on Manage SSL sites under ‘Install and Manage SSL for your site (HTTPS).’ 
  2. Select the domain for which the SSL has been issued from the drop-down menu.  
  3. At this time the system will automatically fetch and fill the Certificate: (CRT) and Private Key (KEY) fields.  
  4. Copy- paste the CA Bundle (chain of intermediate certificates) provided by CA into the box under Certificate Authority Bundle (CABUNDLE) 
  5. Click on the “Install Certificate”  
  6. And it’s done! The SSL certificate is now installed on the server.  
  7. Now, next step is to enable SSL in WordPress by switching your site URLs from HTTP to HTTPS. 
SSL certificate for wordpress, SSL wordpress, wordpress security

Step 3: How To Enable SSL in WordPress with the help of a Plugin 

One of the best plugins to install SSL in WordPress is Really Simple SSL Plugin. 

  1. Go to WordPress dashboard  
  2. Go to Plugins > Add New. 
  3. Search and install the Really Simple SSL Plugin 
  4. Go to Plugins, locate ‘Really Simple SSL Plugin,’ click on Settings below it.  
  5. Click on “Go ahead activate SSL!” 
  6. If there are no mixed content errors, your website will be shifted from HTTP to HTTPS. 
  7. If there are mixed content errors, scroll down to step 4.  


Install SSL WordPress SSL Manually (Not recommended)  


  1. Got to Settings 
  2. Click on General 
  3. Enter your domain name with HTTPS:// in WordPress Address (URL) and Site Address (URL) address fields by replacing HTTP with HTTPS. 
  4. Save changes 
  5. Log out and re-login in WordPress  
SSL certificate for wordpress, SSL wordpress, wordpress security


Redirect in Apache 

  1. Locate the .htaccess file in the root directory of the WordPress site. (You may need to enable the show hidden files option in your FTP client to view these hidden files.) 
  2. Add this code in .htaccess file 

<IfModule mod_rewrite.c> 

RewriteEngine On 

RewriteCond %{HTTPS} off 

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 


3. Add the following code to wp-config.php file to add HTTPS to WP Admin 

define(‘FORCE_SSL_ADMIN’, true); 

Redirect in Nginx 

If your WordPress is running on Nginx, write following code in the Nginx config file. 

server { listen 80; server_name yourdomain.com www.yourdomain.com; return 301 https://yourdomain.com$request_uri; } 

Don’t forget to replace yourdomain with your actual website name.  

If there are mixed content errors, scroll down to step 4.  

Step 4: Fix Mix Content Warning in WordPress (if any) 

When you migrate to HTTPS from HTTP, if everything (all the pages, images, scripts, stylesheet) don’t load over HTTPS, the browser shows a Mixed Content Warning.   

For example, when you are using absolute referencing for images, scripts, stylesheet, etc: 

these pages are still pointing to your domain name with HTTP, however, your site is now on HTTPS. Your website address is HTTPS but it’s trying to load content via insecure HTTP urls. That’s why the system shows the error.  

Now, either you can manually change the coding and update all the links to HTTPS, which is time consuming.  


Use plugins like Better Search ReplaceUnder Search/Replace tabwrite your HTTP domain in Search for and HTTPS domain in Replace with.  

Click on Run Search/Replace and it will replace all the absolute reference HTTP urls with HTTPS.  

Step 5: Update Google Analytics & Submit A New Sitemap to Google  

Let the search engine know that your website will be on HTTPS instead of HTTP. Part 1 


  1. Go to Google analytics  
  2. Go to Admin   
  3. Property  
  4. Property Settings.  
  5. In Default, URL field update your domain name with HTTPS 
  6. Save  


  1. Go to Google Search Console 
  2. Click on ‘Add a property’ on top right side 
  3. Add your website’s new HTTPS address in the popup 
  4. Google will ask you to select a method to prove your authenticity 
  5. Choose among the options.  
    • HTML file upload 
    • HTML tag 
    • Google Analytics 
    • Google tag manager 
  6. Google will walk you through the step-by-step verification process.  
  7. For older version 

For newer version

Congratulation! You have successfully installed the SSL certificate on your WordPress and also did all the needed additional steps that are crucial for SEO ranking!  

Best Comodo SSL vs GoDaddy SSL Certificates Comparison Guide| Compare Price, Technical Features, Warranty, and Extra Perks

With plenty of different certificate authorities, SSL certificate types and features; and ambiguous price difference, anybody can get confused. We’ve been a leader in this business for more than a decade and understand this dilemma. Because you’ve reached this article, we assume that you are doing some healthy market research to choose the right SSL certificate for your website. And we are proud of you for that! 

To help you with your goal, we at Sectigo have compared two prominent certificate authorities’ SSL certificates to provide some context and insight to help you make an informed decision.  

Comodo is a well-respected cybersecurity company, providing computer and internet security products for almost two decades. It is one of the prominent certificate authorities. GoDaddy is also nearly two-decade-old domain registrar and web hosting company. It is also a certificate authority. Both of them provide various types of SSL certificates.  

In November 2018, Comodo CA rebranded itself as Sectigo. In short, Comodo CA = Sectigo. It is just a rebranding strategy, and nothing else has changed. We offer the same Comodo products, at the same price, and the same level of trust — just under a different name. 

Compare Comodo vs GoDaddy SSL Certificates  

Both Comodo and GoDaddy offer all three types of single domain SSL certificates: Domain Validation (DV), Organization Validation (OV) and Extended Validation (EV). If you have only one website that uses a single domain (no subdomains, alternative domain names, or domain names with different extensions), you should buy a single domain SSL certificate. A DV SSL certificate is preferable for informative websites, blogs, social websites, and personal websites. OV and EV SSL certificates are recommended for sites that deal with customers’ sensitive information such as bank details, credit card numbers, passwords, and personally-identifiable information (PII) such as names, dates of birth, etc. 

Comodo vs GoDaddy: Single Domain SSL

Available Validation Type DV, OV, EV DV, OV, EV 
Domain Coverage WWW and non-WWW versions (FQDN) of the URL.  For example, www.yoursite.com and yoursite.com WWW and non-WWW versions (FQDN) of the URL.  For example, www.yoursite.com and yoursite.com 
Encryption Key Length 256-bit 256-bit 
Digital Signature Strength  2048-bit 2048-bit 
SHA-2 Yes  Yes 
24/7/365 Technical Support Yes Yes 
Re-Issuance  Unlimited No 
Organization’s Name on the Address Bar (for EV SSL) Yes Yes 
Site Seal  
GoDaddy siteseal
Browser Compatibility 99.9% Web and Mobile Browsers 99.9% Web and Mobile Browsers 
Price: DV Starting at $10/ year  Starting at $64/year 
Price: OV  Starting at $48/year  Starting at $136/year 
Price: EV  Starting at $88/year Starting at $125/year 

Note: These rates are accurate as of May 8, 2019 and are subject to change at any time. Please click on the price link for latest rates. 

As you can see, both certificate authorities (CAs) offer SSL certificates with 2048-bit strong digital signatures and 256-bit longer encryption key lengths. So, encryption is precisely the same — one is more or less secure than the other. Sectigo offers different site seals for each type of SSL certificate. GoDaddy, on the other hand, offers the same site seals for all of its SSL certificates. Both provide 24/7/365 live customer support and have 99.9% web and mobile compatibility.  

The First Biggest Difference Between Comodo vs GoDaddy Certificates is the Cost 

The most significant difference between these two SSL/TLS certificate providers is the price of their products. Comodo DV SSL is almost six times cheaper than GoDaddy’s. Comodo OV and EV SSL are available at nearly half the cost of those offered by GoDaddy.   

Difference Between Comodo and GoDaddy For Multiple domain SSL and Wildcard SSL 

Multiple Websites: When you own multiple domain names or domain names with different extensions (such as mysite.com, mysite.ca, mynewsite.com, mydomain.org, etc.), you can protect all of them with a multi-domain SSL certificate. Both Sectigo and GoDaddy offer multi-domain SSL certificates with DV, OV and EV options. All other technical features for Comodo CA/Sectigo and GoDaddy multi-domain SSL certs are the same except for the number of server licenses that the certificate can issue.   

Multiple Subdomains: When you have multiple subdomains (for example, blog.mysite.com, support.mysite.com, billing.mysite.com, products.mysite.com, etc.), you can secure all of the subdomains with one wildcard SSL certificate. Both Sectigo and GoDaddy offer DV and OV wildcard SSL certificates. Both certificates allow users to cover one main domain (SAN) and unlimited subdomains. 

Multiple Websites and Subdomains: When you have multiple domain names and subdomainsyou can secure all of them under one comprehensive SSL certificate, which is known as a multidomain wildcard SSL. Of these two companies, only Comodo CA provides multidomain wildcard SSL certificates — GoDaddy doesn’t have this option. With GoDaddy, this means that you’ll need to buy two different SSLs certificates — wildcard and multidomain — to secure all of your domain names and subdomains. 

Comodo VS GoDaddy: SSL Certificates for Multiple Domains and Subdomains  

Wildcard SSL Availability Yes Yes 
Number of subdomains covered Unlimited Unlimited 
Server license for Wildcard Unlimited 1 Server 
Multidomain SSL Availability Yes  Yes 
Server license for Multidomain SSL Unlimited 1 Server 
Multidomain Wildcard Availability Yes No 
Encryption key length 256-bit 256-bit 
Digital Signature Strength  2048-bit 2048-bit 
SHA-2 Yes  Yes 
24/7/365 technical support Yes Yes 
Re-issuance  Unlimited No 
Site seal             
Browser Compatibility 99.9% Web and Mobile Browsers 99.9% Web and Mobile Browsers 
 Read More

The Second Critical Difference Between Comodo vs GoDaddy Certificates: Server Licensing  

If your domains and subdomains are hosted on more than one server, you need to install your SSL certificate on each additional server. For example, if you host maindomain.com, support.maindomain.com, and subsidiary.maindomain.com on different servers to gain operational efficiency, it means that you must install your SSL certificate on each server individually.  

Comodo CA/Sectigo provides unlimited server licenses. This means that you don’t need to pay anything extra to install the wildcard SSL/multidomain SSL certificate on multiple servers. You can do it easily just by transferring your private keys to the other servers and following all other same installation steps — no restrictions, no additional charges, no additional hassle.  

Our approach differs from that of GoDaddy, who offers only one server license per certificate. Despite paying more per certificate, you won’t be allowed to install the same wildcard certificate on multiple servers as it is a big licensing issue for them. This means you need to buy separate wildcard or multidomain SSL certificates for every server that hosts your domains and subdomains (in addition to your primary server).  

The Third Biggest Difference Between Comodo vs GoDaddy: Renewal Costs 

GoDaddy charges 10% to 40% higher rates at the time of SSL certificate renewal. Comodo CA/Sectigo doesn’t differentiate between existing and new customers — we renew the SSL for both types of customers at the same rate. In fact, we reward our current customers by sending coupons codes for some SSL certificate that can be used exclusively at the time of renewal.   

Comodo vs GoDaddy: Price Comparison for Popular Wildcard and Multidomain SSL Certificates 

Price/Year  Warranty  Product link Price/Year Warranty 
Wildcard SSL DV $86 $50,000 More Info $296 $100,000 
Wildcard SSL OV $133 $250,000 More Info $344 $250,000 
Multi-Domain DV $28 $50,000 More Info $160 $100,000 
Multi-Domain OV $149 $1,000,000 More Info $240 $250,000 
Multi-Domain EV $159 $1,000,000 More Info $320 $1,000,000 
Multi-Domain Wildcard SSL DV $175 $50,000 More Info NA NA 
Multi-Domain Wildcard SSL OV $774 $1,000,000 More Info NA NA 

Note: This list includes the approximate annual cost of each certificateThese rates are accurate as of May 8, 2019 and are subject to change at any time. Please click on each link for the latest price.

Wrapping Up 

  • All the technical features of SSL/TLS certificates offered by Comodo CA/Sectigo and GoDaddy are similar. They both provide the latest and strongest encryption, which is almost impossible for attackers to decrypt and hack.  
  • Comodo offers unlimited server licenses while GoDaddy offers only one server license per certificate.  
  • You can secure multiple domains and subdomains with Comodo’s multidomain wildcard SSL; GoDaddy doesn’t offer such an option.   
  • GoDaddy charges higher rates at the time of renewal for their SSL/TLS certificates. There is no such difference with Comodo CA/Sectigo. Our SSL certificates renew at the same price (or even less with coupons) that we charge new customers. 

Now that you have all the facts, it’s up to you to choose the best SSL certificate for your website at the best price. You are the best judge. All we can say is when you can get the same (or more) features at a lower price, why pay more?  

What is Always on SSL (AOSSL) and Why Do All Websites Require It?

Everything You Need to Know About Always on SSL (AOSSL)/HTTPS Everywhere/ SSL Everywhere

It is safe to assume that you have landed on this article because you have already decided to install an SSL certificate on your website but not sure whether you need Always-on SSL (AOSSL). Well, you have arrived on the right page at the right time!

Always on SSL (AOSSL)

When your entire website is on HTTPS, it is called ‘Always-on SSL’ (AOSSL) or ‘SSL everywhere or HTTPS Everywhere.’

Entire website means all the webpages of your website, including sub-domains and Multi-domains. (Always-On SSL, AOSSL, SSL everywhere and HTTPS everywhere are the same things).

Some people are following an unpopular (and illogical) trend. For some reason, they keep some pages on HTTP and some pages on HTTPS for the same website. In simple words, they intentionally choose to encrypt only some webpages with SSL, while keeping others unsecured.

“so why do people not follow Always-on SSL and more importantly, do I need to practice AOSSL?”

If you have same question in your mind, you are not alone! Let’s dig into the topic and find out a sensible answer for the above question.

Popular Misconceptions about Always-on SSL

Some misconceptions and rumors have haunted the entire SSL certificate industry for a long time!

For example, some people think that HTTPS adversely affects page loading speed. However, sufficient research has now been done that proves that a website on HTTPS loads faster than the one on HTTP when they are enabling HTTP2. HTTP2 is a newer, faster protocol and it works only for HTTPS enabled pages.

Another misconception about SSL certificate is that it interferes with browser caching. This would be a problem, because allowing your users’ web browsers to cache (save locally) certain website files such as images and CSS stylesheets helps your website load faster. The good news is that browser caching works just as well on HTTPS as it does on HTTP. So, you can go ahead and switch your site to HTTPS without worrying about browser caching.

There is one more misconception popular among organizations: that they have to buy additional hardware in their IT infrastructure to force AOSSL. However, when Google implemented Always-On SSL, after extensive tests, their researchers concluded that even their high-volume site did not need additional hardware.

What extra technical steps do I need to follow to use Always-on SSL?

AOSSL technical setup is very simple. In most cases, when you install an SSL certificate, your website will load over HTTP and/or HTTPS. You usually need to make one small change to force redirects to HTTPS. For example, manually set up 301 redirects in htaccess or change settings in WordPress. Otherwise visitors can choose whether to visit your site on HTTP or HTTPS. However, these steps are easy and quick to follow.

Key Benefits of following HTTPS everywhere.

  • When some pages of your website are not secured by an SSL certificate, these pages become vulnerable. There are many ways hackers can attack those insecure pages to insert malicious scripts and weaken the overall security of your website.
  • Moreover, it is easy for hackers to track all the user movements from encrypted page to unencrypted page. Tracking user movements is not possible by a third party if all the webpages are encrypted. It’s like putting a strong lock on one door of your home and keeping the other door open. How hard would it be for a thief to track your movements and break into your home? Exactly! So, following HTTPS everywhere means making your entire website security stronger. It is like putting strong locks on all the doors of your home.
  • All the browsers favor HTTPS pages. If your website is showing ‘not secure’ sign for some pages, your hard-earned website traffic might abandon the session thinking that your entire website is insecure. For example, if you have secured your checkout page but not product page, a customer might not even reach the checkout page and abandon your website on the products’ page when s/he sees that ‘not secure’ sign in the address bar. So, to retain customers’ faith, all pages must be on HTTPS and show a padlock sign.
  • When your users bounce between HTTPS and HTTP pages, it gives extra burden to your server. Because every time a new handshake is made between browser and server when someone visits an HTTPS page. For smooth operations, all pages must be on HTTPS.
  • Google gives a higher rank to encrypted websites. When some pages of your website are not on HTTPS, your overall rank gets affected. To boost your SEO efforts, you must follow AOSSL.

How much does it cost to follow AOSSL?

Some people think that they have to pay extra to follow SSL everywhere best practice. In reality, the cost of any SSL certificate by default covers the costs for AOSSL. You do NOT need to pay extra to follow Always-on SSL best practice. All the web pages for a single domain will automatically be enabled on HTTPS:// even if you buy the simplest and cheapest SSL certificate like PositiveSSL for $8.61/year. It’s like paying for an entire pizza and eating only half of it to save money! Excuse me, but you have already paid for the entire thing. So throwing the half pizza in the garbage might save some calories but it is not going to save your money! Now you know why we have used the word ‘illogical’ in the first paragraph!

The cost for securing sub-domains and multi-domains is not that much higher than securing a single domain. A multi-domain SSL certificate starts from $23/year, and a wildcard SSL certificate starts from $85.66/year. Hopefully now you can understand how not following AOSSL even for your subdomains and multi-domains can be a dangerous mistake. Following AOSSL will ultimately reward your website with smooth server operations, higher customer trust, better search engine ranking, and overall robust security assurance.



These are the reasons for following Always-on SSL (AOSSL).

  • AOSSL technical setup is very simple.
  • No additional costs are involved.
  • Gain customer trust and reduce bounce rate.
  • Save your server from getting an extra load.
  • The entire website will be covered under SSL warranty.
  • Overall website security becomes stronger — a holistic security approach.
  • Improve overall website rankings and SEO efforts.

2018 Top 100 Ecommerce Retailers Benchmark Study

Analyzing the marketing and security practices of Top 100 ecommerce websites.

If you’re an ecommerce retailer, you need to know what your competitors are doing. If you don’t know what they’re up to, you won’t be able to create a strategy to beat them and win customers. That’s why we’re excited to release the results of our first annual Top 100 Ecommerce Retailers Benchmark Study.

There’s no better friend to any merchant than a fair competitor.

James Cash Penney

Ecommerce Marketing Tactics

In today’s crowded marketplace, companies are battling for customers’ attention. Without effective marketing, ecommerce companies won’t capture market share. We analyzed a few key marketing tactics being used by the top 100 ecommerce websites – here are our notable findings.

Organic Search Traffic Is King

Social media sites like Facebook may get most of the press coverage and buzz today, but it’s still search engines that drive most traffic and revenue in ecommerce. Analyzing traffic data for the top 100 ecommerce sites revealed that search was the leader by far, with social and referrals coming in as distant competitors:

  • Direct: 40%
  • Referrals: 5%
  • Search: 44%
  • Social: 3.5%
  • Display: 2.5%
Top Traffic Sources

Most Sites Don’t Use Cart Abandonment Emails

Sending cart abandonment emails can be a simple way to increase revenue by reminding customers about a purchase they were going to make. But less than a quarter (22%) of the top 100 ecommerce sites have implemented cart abandonment emails.

Ecommerce Security Practices

With data breaches making the news every week, data protection has become increasingly important to users. We analyzed the retailer websites in our study to identify security practices and technologies the top 100 ecommerce retailers have put in place. Here’s what we found:

93% Have Fully Switched To HTTPS

For many years, a typical ecommerce website was only partially on HTTPS protocol. Sites used HTTPS on checkout pages where users were entering their credit card details while the rest of the website would use HTTP.

More recently, Google and other industry players have been pushing websites to adopt HTTPS across all pages. We found that the top 100 ecommerce retailers are on board with this trend, with 93% forcing HTTPS on all pages on their site. The remaining 7% default to HTTP and only force HTTPS during checkout.


Just Under ½ Display A Security Seal

In addition to the standard padlock that displays in the address bar on HTTPS pages, there are a variety of security seals available for ecommerce websites to display to users. Many allow the user to verify that the site’s security is up to date. We found that 40% of the top 100 ecommerce sites have added a third-party security seal to their website.

These third-party security seals are even more valuable for smaller websites that the user may not trust as much as a well-known brand.

Nearly All Use A High-Assurance SSL Certificate

There are several types of SSL certificates (the technology that enables HTTPS security) available on the market:

  • Basic validation (aka DV). These certificates encrypt web traffic, but don’t validate the organization that runs the website.
  • Business validation (aka OV or EV). These certificates both encrypt web traffic and validate the organization running the website. EV certificates also enable an expanded green address bar.

Our analysis found that 97% of the top ecommerce websites use a high assurance (OV/EV) SSL Certificate. Ecommerce websites choose high assurance SSL certificates to increase customer trust and to provide customers additional assurance when shopping online. Increased customer trust leads to increased revenue, customer satisfaction, and average order value.

SSL Certificate Types

HSTS Is Just Catching On

HTTP Strict Transport Security, or HSTS, is a relatively new mechanism to ensure a website always loads over HTTPS. This means that even if a hacker gains access to the users wireless router, the hacker will find it difficult to intercept and steal payment details. This option is still catching on, with only one-quarter of the websites implementing HSTS so far.

Every Site Has A Security and/or Privacy Page

With security breaches in the news every week, security and privacy are big concerns for the average consumer. Top ecommerce websites recognize this – 100% of the top 100 sites have a security and/or privacy page on their website.

Most Have Implemented Minimum Password Requirements

Low security and shared passwords are a big security issue for brands and consumers. Of the top 100 ecommerce websites, 90% require passwords with a minimum length, and 60% require passwords that meet minimum complexity requirements (for example, with numbers or special characters.)

Ecommerce Password Requirements

Ecommerce Customer Experience Practices

Giving customers a smooth, enjoyable shopping experience is critical—not only for capturing the first sale, but for encouraging customers to come back and purchase again.

Make your product easier to buy than your competition, or you will find your customers buying from them, not you.

Mark Cuban

Most Sites Offer Phone & Chat Support

Fast shipping and good customer support are among the most important things customers expect from an ecommerce retailer. While part of the attraction of ecommerce is the ability to purchase from your computer or tablet at home, customers also expect to be able to interact with support staff when needed.

Of the top 100 ecommerce sites, 99 offer phone support and 53 offer live chat support.

Most Stores Offer Free Shipping

Amazon’s industry-revolutionizing approach still shapes the ecommerce market today, with just over two-thirds (68%) of the top 100 ecommerce sites offering free shipping. The average minimum to qualify for free shipping is $52.

Several websites, such as Dell, Nordstrom, and Zappos, offer free shipping on all orders with no minimum. A few websites go the other direction, requiring a $150 minimum order to qualify for free shipping. The average site sets a $50 minimum order size for free shipping.

Most Sites Allow 1-2 Months For Returns

Company policies on returns vary widely – from no returns at all, to money back guarantees with no questions asks. Most companies offer some ability to return unwanted products. The average return window is 67 days, while the median return window is 45 days. (The average is higher due to a handful of companies that accept returns up to one year from the purchase date.)