Skip to Main Content

Jun 21, 2010 | 1 minute read

Slaying Sales With Expired SSL Certificates

written by Linda Bustos

Question: What's the most effective way to make site visitors flee in terror?

Answer: Forget to renew your Secure Sockets Layer (SSL) certificate.

If for any reason your certificate expires, your customer's browsers may serve up warnings like this:

Imagine what goes through the mind of a novice or security-concious Web user when presented with warnings like:

  • “Safari can’t verify the identity of the website”
  • “This connection is untrusted”
  • “This is probably not the site you are looking for!”
  • “There is a problem with this website’s security certificate”

Not to mention calls to action like “Get me out of here!” and “Back to safety.” The suggestion that a site is not safe to visit could even mean the customer never returns to your website.

Think this couldn't happen to you?

Think again, even Google and Yahoo have slipped up. Sometimes the renewal is missed because the person who set up the certificate moves on from the company, and there is no process in place for the successor to be notified when it's time to update, and no one bothers to check up on it. Other times it's just negligence.

How to check your SSL certificate

1. Visit a secure page on your e-store (beginning with https:// vs. http://), double click the padlock icon in the bottom, right hand corner.

A window should open up with the issue and expiry dates, or a button "View Certificate" (which should present issue and expiry after the click). Take note of the expiry date and set up an alert for your IT team.

2. Even easier, run your domain through this SSL checker. If there is an error, you can click a link for more information, like this example below:

You can even set up a renewal reminder right from the tool. (Here's a tip: sign up a few addresses in case you are no longer with your company.)