Slaying Sales With Expired SSL Certificates

Question: What’s the most effective way to make site visitors flee in terror?

Answer: Forget to renew your Secure Sockets Layer (SSL) certificate.

If for any reason your certificate expires, your customer’s browsers may serve up warnings like this:

Imagine what goes through the mind of a novice or security-concious Web user when presented with warnings like:

  • “Safari can’t verify the identity of the website”
  • “This connection is untrusted”
  • “This is probably not the site you are looking for!”
  • “There is a problem with this website’s security certificate”

Not to mention calls to action like “Get me out of here!” and “Back to safety.” The suggestion that a site is not safe to visit could even mean the customer never returns to your website.

Think this couldn’t happen to you?

Think again, even Google and Yahoo have slipped up. Sometimes the renewal is missed because the person who set up the certificate moves on from the company, and there is no process in place for the successor to be notified when it’s time to update, and no one bothers to check up on it. Other times it’s just negligence.

How to check your SSL certificate

1. Visit a secure page on your e-store (beginning with https:// vs. http://), double click the padlock icon in the bottom, right hand corner.

A window should open up with the issue and expiry dates, or a button “View Certificate” (which should present issue and expiry after the click). Take note of the expiry date and set up an alert for your IT team.

2. Even easier, run your domain through this SSL checker. If there is an error, you can click a link for more information, like this example below:

You can even set up a renewal reminder right from the tool. (Here’s a tip: sign up a few addresses in case you are no longer with your company.)

Related Articles

3 Responses to “Slaying Sales With Expired SSL Certificates”

  1. phaab says:

    I’ve seen this happen on one of my customer’s live production site (very well-known brand, European retail e-commerce site). Just because the customer considered the reminder emails as spam and trashed them…

    Site was out of SSL for a few hours, then SSL was disabled for a couple of days before the renewal process was complete and set up.

    Here’s the best part : can you believe we actually had orders placed in the meantime ?? makes you think about the end-user concerns for security…

  2. Ivan Jensen says:

    I’ve recently seen worse. I was looking to buy some electronic components from a website. I was part way through checkout when I spotted that they weren’t even using SSL/HTTPS. Needless to say I abruptly stopped checking out.

    Just like phaab pointed out – I bet that site did actually receive orders with credit card numbers or they wouldn’t have the online shopping option.

  3. Well what would happen if the user buy something in the meantime as we know that the admin can see the order and the transaction is complete so during that time i think admin have to check all the order made and check its payment account.

Leave a Reply

© 2014 Get Elastic Ecommerce Blog. All rights reserved. Site Admin · Entries RSS · Comments RSS