An SSL Certificate is a digital certificate authenticating a website’s identity and enabling encrypted communication between a web browser and a web server. These certificates reduce a user’s risk while browsing the internet. Without an SSL Certificate, popular browsers like Google Chrome or Microsoft Bing will flag a site, send warning messages to users, and potentially decrease a site’s rank in the search engine results page (SERP).
What is an SSL Certificate?
A Secure Socket Layer (SSL) Certificate is a fancy name, but what is it, really? SSL is now used generically (much like Kleenex or Bandaid) to refer to the digital certificate installed on a server to instruct it on what encryption protocol to use. Interestingly enough, the actual SSL encryption protocol has actually been depreciated and replaced in use by the Transport Layer Security (TLS) protocol. The certificate is essentially a data file digitally binding cryptographic keys to the information of an organization’s website. When a browser connects with the server hosting a website, the private and public keys are exchanged to authenticate the communication and de-encrypt the data for use, thus ensuring a safe exchange of information.
When a website is properly set up with an SSL Certificate, browsers will indicate this to users by placing “https://’ before the URL instead of ‘https://”. This acronym stands for “hyper-text-transfer-protocol-secure”, to signal the information captured by the website will be encrypted. If remembering acronyms isn’t your thing, fear not! The designers behind Chrome and other major web browsers have added a symbolic padlock to the search bar to signify if a site has an SSL Certificate or not.
Why does your website need an SSL?
The primary reason a website needs an SSL Certificate is the security of consumers’ sensitive information. This includes login credentials, banking accounts, credit card information, social security numbers, and more. When a website is not using an SSL, every piece of information is sent as plain HTML text and can be potentially intercepted when passing through a network. When encrypted, however, this data is unreadable without the proper keys.
Google’s Algorithm Ranking
A close second to security is the effect an SSL can have on a website’s placement in the results of search engines like Google or Bing. Google looks at SSL Certificates as a ranking factor. In order to understand more about how SSL Certificates affect search engine ranking, we must first look at how it affects ranking factors and security updates for the most popular browser and search engine combo in the world.
A History of Ranking Factors & Security Updates for SSL Certificates
August 6, 2014 – Google announces SSL Certificates and the HTTPS protocol will be added as a ranking factor for its search engine queries. The addition was minimal and was estimated to affect less than 1% of global queries, and initially was less significant than other factors like high-quality content. Over time, Google has made the use of SSL Certificates a heavier-weighted factor in search results to match the widespread adoption across the internet.
March 21, 2015 – only 45% of pages on Chrome are loaded with HTTPS.
September 8, 2016 – Websites collecting sensitive data and not using an SSL are now labeled as “not secure” by Google’s Chrome web browser. The ultimate goal was to make users more aware of an unsecured site, especially if the site is collecting passwords, credit cards, or other sensitive data. With a long-term plan to flag every non-HTTPS site, the update wasn’t released until January 2017. As part of a plan to identify unsecured sites, the internet adopted the security protocol rather quickly.
July 24, 2018 – Google announces they will mark all HTTP sites as “not secure” no matter what content the site contains. The update even affected simple landing pages without the ability for users to submit data. The change showed Google was serious about bringing the internet to the status quo of using HTTPS and SSL Certificates. At the same time, they announced the Chrome 70 update in October of 2018 would remove the word “Secure” from the address bar for HTTPS websites and add a bold red “Not Secure” warning for sites not supporting HTTPS. This would be part of a continuing effort to make HTTPS sites the default state users would expect without having to be told the website is secure.
May 30, 2020 – 96% of pages on Chrome are loaded with HTTPS. However, 65.3% of unencrypted traffic comes through mobile devices. Some older mobile devices cannot support software updates and may never support encryption.
Obtaining SSL Certificates
Obtaining an SSL Certificate isn’t difficult, however, there are multiple ways to go about it. First, you must find a Certificate Authority (CA) that will issue an SSL Certificate and the needed keys. Some major players in the business of issuing these certificates are GoDaddy.com, SSL.com, or even free providers like Let’s Encrypt.
Once a certificate authority is chosen, and an SSL certificate matching the needs of a given website is purchased, it’s time to install the certificate. If a certificate is purchased from the same provider hosting your website, such as GoDaddy, the process will most likely be streamlined. If not, don’t worry! All you will need to have is the domain name (URL) of the website, the public key, and the SSL Certificate itself. After ensuring these are in hand, go to the Website Host Manager currently hosting the website and navigate to an “install SSL Certificate” option and input the information mentioned above.
What are the various types of SSL Certificates?
There are three primary types of SSL Certificates in use today. These are Extended Validation (EV SSL), Domain Validation (DV SSL), and Organization Validation (OV SSL). Each type offers the same level of encryption, yet varying levels of organizational validation.
- Domain Validation
Considered to utilize the lowest level of validation, with a DV SSL the Certificate Authority will verify the organization at hand has control over the domain name attempting to use the SSL. This is done by making changes to the DNS record through uploading files provided by the CA to the domain. This shows ownership of the domain and will validate the certificate.
- Organization Validation
Considered to utilize a medium level of validation, an OV SSL verifies the domain in a similar process for domain validations but also validates the organization by investigating information like name, city, and country. This requires more human interaction yet offers a higher level of verification.
- Extended Validation
Considered to utilize a strict level of validation, an EV SSL verifies the domain name, basic organization details, and further validates organization information such as location and legal status. This validation process takes the most time and human interaction yet adds the most verification between user and organization.
Along with these types of SSL certificates affecting validation, the number of domain and subdomain names remain important. These factors can file SSL Certificates into three more categories:
- Single Name SSL Certificates protect up to one domain name.
- Wildcard SSL Certificates protect an unlimited number of subdomain names.
- Multi-Domain/Unified SSL Certificates can protect hundreds of domain names.
Get Started with SSL Certificates
No matter what type of certificate is chosen, they all offer the same amount of encryption. This encryption is what is really vital to users, especially those who share sensitive information. Google is committed to making the web a safer place for all users. It is imperative to have an SSL Certificate in place on your website. If you want to learn more about them and adding the coveted padlock to your website, get in touch with us today.