SSL Certificates, HTTPS & Security
Over the past few years, the discussion on SSL Certificates has become more and more active. Within the past couple of weeks, I’ve participated in more SSL discussions with clients and on public forums, than on pretty much any other specific topic.
So today, I thought I’d put together a short video on just what’s going on with SSL Certificates, why there’s a mad rush for people to use it, and what benefits (and penalties) you can receive from Google.
We’ll be covering (in brief), SSL Certificates, HTTPS Security, and encryption. There’s a handful of places where you can buy certificates and even some SSL Certificates, where you can get them free!
Check out the video!
SSL Certificates – What Do They Do?
SSL Certificates, in short, is security for your website visitors/users.
Anything that’s performed on the website that has installed an SSL Certificate is encrypted and prevents hackers or snoopers from viewing and intercepting data. This only applies to the transaction at hand, the actual transferring of data between computers. What happens to that data after you’ve submitted it is another story for another time!
When you go to a website, take a look at the top of the browser, the URL section, and you should see a GREEN or GOLD padlock. This is a clear indication that an SSL Certificate is installed and active on your browsing experience. Some websites, such as our own, have what’s called an Extended Validation SSL (EV SSL). This requires some extra vetting by the SSL Company, but once completed, our Company Name now shows in the browser also – a further indication of a secure website!
Different browsers react differently, but for the most part, if the website has “https” rather than “HTTP”, then it’s a secure transaction. For people who don’t purchase their certificate from a “Trusted Authority” in SSL, you’ll usually get a warning saying that the Certificate is not Trusted, and a question if you wanted to continue. This still means the transaction is safe, the site owner either didn’t install the certificate correctly, or they didn’t purchase from a Trusted Authority site.
For the most part, SSL Certificates have been seen mainly on eCommerce websites, and if you’re running an online store, and processing your own credit card information, it is required to have an SSL Certificate for PCI Compliance. If you’re using a 3rd party processor (PayPal for example), then you don’t necessarily need an SSL on your site, but it’s a good thing to get none the less.
So while eCommerce has been the main thing over the years, in recent years there’s been a surge of SSL Certificates on regular information sites also. Some of it is used to protect username & passwords, but many of the people who are installing them are doing so as Google made a statement about SSL Certificates getting a slight ranking boost for SEO.
Where To Get An SSL Certificate?
The first place most people check is with their web designers. Many designers are resellers of SSL Certificates, but be sure to check the pricing. We’ve seen too many designers selling SSL Certificates for $200-$300/year when really they’re just upselling a $50 purchase that they made. So check with your designers, but shop around on price.
Your web hosting company is another great source for SSL Certificates. Again, some of them charge enormous upcharge rates, so do a little digging. Some, such as GoDaddy, actually have their own brand of SSL Certificate also. Usually, these are cheaper than other places, and you don’t have to be a GoDaddy Hosting customer to buy one! Some web hosting companies are resellers for the giants in the industry; Comodo, Verisign, GeoTrust, Norton/Symantec – and while you can buy directly from those locations, you’ll nearly always get a better price at your hosting company!
For the most part, an SSL Certificate will run you between $50-$150/year depending on what you’re getting and what you need. There are ultra cheap ones out there from as little as $5/month, but I personally have never used them, so I can’t endorse or discourage their usage. If you do decide to go with the ultra-cheap, just be aware that you’re likely getting a barebones certificate and you may be left in the dark to figure out how to install it yourself!
There’s also CloudFlare SSL. Cloudflare’s main business is providing a Content Delivery Network (CDN). They help speed up websites and even offer a layer of protection against hackers etc. But recently they launched a version of their platform, for free, which will let you use SSL on your website with no fees. While the free version is not designed for e-commerce type sites, they have a paid version too, the free version does pretty well with blogs and informational type sites. We’ve used it on dozens of sites and been very happy with the results!
For a discussion on CloudFlare and their SSL, along with some other companies selling SSSL, here’s a thread that we were involved in at Hosting Discussion – http://www.hostingdiscussion.com/essential-software-control-panels/44035-cloudflare-ssl.html
What Happens If I Don’t Have An SSL Certificate?
Currently, if you don’t install an SSL Certificate, the website will still display. Google made an announcement in 2016 that they are looking to push security pretty heavy for all of 2017.
Depending on the site you visit, you’ll currently get a notice at the top of Chrome in the URL that says HTTPS in RED and the words “not secure”, especially if Google detects a credit card or other login information details being displayed on the page.
As we move forward in 2017, Google will continue to drive home the security end of things. The plan is to make a big red banner (in the Chrome Browser) that alerts users that they are visiting a “non-secure” site.
SEO is always on our mind, and there’s a big chance that your competition is going to beat you on Organic SEO if you don’t have an SSL Certificate! If you do a search a service or product, you’ll see that the first few results are usually HTTPS sites. Google is rewarding them for implementing security. So if you haven’t done it, that’s a big reason to spend the $50 and get in front of your searchers.
Questions on SSL Certificates and Installation?
Unlike other SEO and Web Design companies, we have the unique advantage of having worked in the Web Hosting industry for the past 20+ years with thousands of customers and hundreds of servers. As a result, we know what it takes to get an SSL Certificate installed, and installed correctly! There are a few areas that can trip people up, such as resolving the WWW or NON-WWW, installing the ROOT Certificates and the Certified Authority Certificates, generating the correct Certificate Signing Requests and then installing the CRT file itself with the right KEY file.
If you’re running into problems with your SSL Certificate Installation, you can always check with your web hosting company. They should be able to assist, and most do it for free!
If you need some help choosing a certificate, or determining if you need one, contact Big Red SEO here!