SSL CERTIFICATES: What they are, why you need them, and how to get started

google

With the ever- evolving development of the internet and an increase in the number of and sophistication of users, website owners should take proactive measures to insure the integrity of their site.  The easiest and most cost-effective way to do this is with an SSL certification.

BASIC TERMINOLOGY AND BACKGROUND

HyperText Transfer Protocol (HTTP) was the standard connection in the past.  HTTP is unsecure.  With a HTTP connection an unauthorized person could hack into, intercept, or observe everything that occurs between your site and your visitor’s device or browser when they connect.

HyperText Transfer Protocol Secure (HTTPS) is becoming the NEW standard connection.  HTTPS is secure.  With a HTTPS connection an unauthorized person could still hack into the connection between your site and your visitor’s browser however the data passing between is encrypted making it harder for them to access or compromise.

Secure Sockets Layer (SSL) or Transport Layer Security (TSL) provides the encryption or layer between your website and your visitor’s device.  SSL is what makes the URL (Uniform Resource Locator) in the browser address bar have HTTPS instead of HTTP.

BACKGROUND

googleIn the past, HTTP was the standard connection or protocal language.  HTTPS was generally used to secure data transfers on government or e-commerce sites where there was an exchange of either financial information (credit card details or banking information) or sensitive personal information (membership logins/passwords, Social Insurance Numbers) .   Users were encouraged to look for the “lock-bar” in their URL before providing any personal or financial information over the net.   A number of studies indicated that visitors did not consider the absence of a “secure” icon a warning.

Google, which is used by more than 66% of internet users, has progressively been taking steps since 2014 to further warn users that the site they are visiting is not secure.  In the past, the warning on a standard HTTP address was more of an informational aside or FYI if you were to click through and investigate the properties of the page.  Starting this year, Google started warning visitors to any HTTP site that had “forms” requiring passwords or financial information that the site was unsecure.  The intention, by the end of the calendar year, is to “warn” visitors to any HTTP site that it is unsecure.  Even if the site is an “informational” site, it will be flagged as being unsecure.   The Google Security Blog states:

“To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure…Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS..”

Given this, it is in the best interest of website owners to have an HTTPS address or SSL certification.  In this day of heightened sensitivity to security, website owners do not want users to be deterred or scared away from their site. Regardless of how mundane the use, SSL certification provides an extra level of protection for both website owners and for their visitors and tons of benefits:

4 Benefits SSL certification offers website owners:

  1. It insures that your website isn’t intercepted by a hacker and forged. Your data is secure and authentic, insuring that it is not corrupted when being transferred to your visitor’s browser or device.
  2. It insures that traffic to your website is not deterred by security status warnings or alerts.
  3. It improves your Search Engine Ranking (SER) and Search Engine Optimization (SEO). Since 2014, Google’s search engine algorithms rank HTTPS sites higher than HTTP sites when a user conducts a search.
  4. It improves loading time. Studies have shown that HTTPS sites load much faster than standard HTTP sites.

3 Benefits an HTTPS address (SSL certified sited) provide visitors to your website:

  1. Peace of mind or assurance that their connection is private and no one else is “looking” at their information, including their browsing activity. With the fear of hacking and internet security getting a lot of attention in the media, internet users are more conscious of their security and protecting their personal information.
  2. Assurance that your site has not been modified by someone else on the internet that the information or data they are viewing is authentic and true.
  3. Confidence and trust that any information they provide, even the most mundane, is not being intercepted and is being used for the purposes they intended.

The key words for both website owners and users are authentication, encryption, and integrity.

HOW TO BECOME SSL CERTIFIED?

To enable HTTPS on your website, you must take these steps:

  1. Obtain an SSL Certificate from a Certificate Authority (CA).
    The CA takes steps to verify that your web address belongs to you acting as a “stamp of approval” indicting that your site is legitimate and secure.  The SSL Certificate will enable your site to communicate with users using encrypted, non-corruptible data.A reliable and trusted CA, will be able to assist in determining the type of certificate you require:
  • Single certificate for a single secure origin (e.g. www.example.com). This certificate is only valid on one domain URL. Best for Small Businesses, Blogs, and Personal Websites.  Try to find a certificate that will secure your website with “www” and without, so that whatever the user types into their browser bar, you are sure they see that your website is secure.  Prices range from nil to $150 per year.   If your website is strictly informational, you will be able to obtain an SSL Certificate for free.  This is a basic bare-bones certification.  Many hosting providers are partnering with such CAs making installation a breeze.  Let’s Encrypt is the most popular of the CA’s providing free SSL Certification.  Other CA’s include:  Cloudflare or  Free SSL.
  • Multi-domain certificate or Universal Communication Certificate (UCC) for multiple well-known secure origins (e.g. www.example.com, cdn.example.com, example.co.uk). This certificate is valid for a primary domain and up to 99 additional subject alternative names. It allows flexibility in mixing and match domain names.  Best for Service Providers, SEO companies, and Securing Multiple Domains  .  Prices average around $200-$250 per year.
  • Wildcard certificate for a secure origin with many dynamic subdomains (e.g. a.example.com, b.example.com). This certificate secures all subdomains under a single domain name. Best for  larger websites, with one to 100 servers, securing subdomains, forums, logins, portals, etc.  Prices can run upwards of $700+ per year.
  1. Install the certificate on your website. Initial installation takes approximately one hour.  Once installed, the certification license can be auto-renewed each year.  The Go-Daddy website scanner  allows you to check your site to check that it is secure.  This free tool scans websites for HTTPS and forms that collect login or payment information that may be likely to be flagged with the Not Secure warning.
  2. Configure your website to point to HTTPS instead of HTTP. You will need to:
    1. Do a back-up of your current site
    2. redirect all incoming requests for your HTTP website to the location of the HTTPS site;
    3. re-verify ownership of your website in Google Search Console and update the sitemap location;
    4. update your web property’s configuration in Google Analytics;
    5. verify that your HTTPS pages can be crawled and indexed by Google
    6. update all your social profiles, citations, AdWords and anywhere you are running paid ads
    7. test and confirm that the conversion was successful.

Really Simple SSL is a plug-in that will take care of the configuration process. Just install it and run the plugin and it will make all the necessary changes.
Note:  Until Google works to re-index your site, traffic to your website may drop briefly.

For a seamless HTTPS migration, check out these step by step instructions by Tony Messer.

The future is upon us and website owners need to demonstrate a minimum level of security.  SSL Certification or HTTPS establishes these basic guidelines and insures the integrity of your business and online presence while also providing safety to your clients or visitors on the internet.

The diverse experience Sue Sutcliffe has gained as one of Canada’s digital marketing pioneers, will help your business or brand dominate the digital.
WORK WITH SUE
Twitter LinkedIn Instagram Contact Us