An SSL Certificate is simply a certificate that consists of two keys which provide a secure connection between a website and the web browser that’s in use. These certificates work in the background to add the ‘https://’ text in front of the URL to reduce the user’s risk while browsing the internet. Without an SSL Certificate, popular browsers like Google Chrome or Microsoft Bing will flag a site, send warning messages to users, and potentially decrease a site’s Search Engine Ranking (S.E.R).
What exactly is an SSL Certificate?
A Secure Socket Layer (SSL) Certificate is a fancy name, but what is it, really? At this point, it’s a name (much like Kleenex) used generically to refer to the digital certificate that is installed on a server, to instruct the server what encryption protocol to use. Interestingly enough, the actual SSL encryption protocol has actually been depreciated and replaced in use by the Transport Layer Security (TLS) protocol. The certificate is essentially a data file that digitally binds cryptographic keys to the information of an organization’s website. When a browser connects with the server that is hosting a website, the private and public key are exchanged to authenticate the communication and de-encrypt the data for use, thus ensuring a safe exchange of information, like login credentials and money transfers.
When a website is properly set up with an SSL Certificate, browsers will indicate this to users by placing “https://’ before the URL instead of ‘http://”. This acronym stands for “hyper-text-transfer-protocol-secure”, to signal that the information captured by the website will be encrypted. If remembering acronyms isn’t your thing, fear not! The designers behind Chrome and other major web browsers have added a symbolic padlock to the search bar to signify if a site has an SSL Certificate or not.
Why does your website need an SSL?
As previously mentioned the primary reason that a website needs an SSL Certificate is the security of consumers’ sensitive information. This includes login credentials, banking accounts, credit card information, social security numbers, and more. When a website is not using an SSL, every piece of information is sent as plain HTML text and can be potentially intercepted when passing through a network. When encrypted, however, this data is unreadable without the proper keys.
- Google’s Algorithm Ranking
A close second to security is the effect that having an SSL can have on a website’s placement in the results of search engines like Google or Bing. Google has been implementing SSL Certificates as factors in their search algorithm for years and plans to increase their importance in regular updates. In order to understand more about how SSL Certificates can affect search engine ranking (SER), we must first look at how it affects ranking factors and security updates for the most popular browser and search engine combo in the world.
A history of ranking factors & security updates for SSL Certificates
August 6th, 2014 – Google announces that the use of SSL Certificates to make a website use the HTTPS protocol would be added as a ranking factor for its search engine queries. Of course, the process had already been tested for a few months in the background and was then later released. The addition was minimal and was estimated to affect less than 1% of global queries, and initially was a less significant factor than factors like high-quality content. Over time, Google has made the use of SSL Certificates a heavier-weighted factor in search results to match the widespread adoption across the internet.
September 8th, 2016 – Websites collecting sensitive data and not using an SSL would be labeled as “not-secure” by Google’s Chrome web browser. The ultimate goal was to make users more aware that a site is unsecured if the site is collecting passwords, credit cards, or other sensitive data from the user. With a long-term plan to flag every non-HTTPS site, the update wouldn’t be released until January of 2017. As part of a plan to identify unsecured sites for a growing number of reasons, the internet adopted the security protocol rather quickly.
July 24, 2018 – Google announced they would be marking all HTTP sites as “not secure” no matter what content the site contains. The update would even affect simple landing pages without the ability for users to submit data. The change showed Google was serious about bringing the internet to the status quo of using HTTPS and SSL Certificates. At the same time, they also announced as part of the Chrome 70 update in October of 2018, the removal of the word “Secure” from the address bar for HTTPS websites and the addition of a bold red “Not Secure” warning for sites that do not support HTTPS. This would be part of a continuing effort to make HTTPS sites the default state that users would expect without having to be told the website is secure.
Obtaining SSL Certificates
The process of obtaining an SSL Certificate isn’t difficult at all, however, there are multiple ways to go about it. First off is to find a Certificate Authority (CA) that will issue an SSL Certificate and the needed keys. Some major players in the business of issuing these certificates are GoDaddy.com, SSL.com, or even free providers like Let’s Encrypt.
Once a certificate authority is chosen, and an SSL certificate that matches the needs of a given website is purchased, it’s time to install the certificate. If a certificate is purchased from the same provider that hosts your website, such as GoDaddy, the process will most likely be streamlined. If not, don’t fear! All you will need to have is the domain name (URL) of the website, the public key, and the SSL Certificate itself. After ensuring that these are in hand, go to the Website Host Manager that is currently hosting the website and navigate to an “install SSL Certificate” option and input the information mentioned above.
What are the various types of SSL Certificates?
There are three primary types of SSL Certificates that are in use today by major providers. These are Extended Validation (EV SSL), Domain Validation (DV SSL), and Organization Validation (OV SSL). Each type offers the same level of encryption, yet varying levels of what’s considered organizational validation. This is explained further in the list below.
- Domain Validation
Considered to utilize the lowest level of validation, with a DV SSL the Certificate Authority will verify that the organization at hand has control over the domain name that is attempting to use the SSL. This is done by making changes to the DNS record through uploading files provided by the CA to the domain. This shows ownership of the domain and will validate the certificate.
- Organization Validation
Considered to utilize a medium level of validation, an OV SSL verifies the domain in a similar process for domain validations but also validates the organization by investigating information like name, city, and country. This requires more human interaction yet offers a higher level of verification.
- Extended Validation
Considered to utilize a strict level of validation, an EV SSL verifies the domain name, basic organization details, and further validates organization information such as location and legal status. This validation process takes the most time and human interaction yet adds the most verification between user and organization.
Along with these types of SSL certificates that affect validation, the number of domain and subdomain names remain important. These factors can file SSL Certificates into three more categories:
- Single Name SSL Certificates, which protects up to one domain name.
- Wildcard SSL Certificates, which protect an unlimited number of subdomain names.
- Multi-Domain/Unified SSL Certificates, which can protect hundreds of domain names.
Get started with SSL Certificates
An important thing to note is that no matter what type of certificate is chosen, they all offer the same amount of encryption. This encryption is what is really vital to users, especially those who share sensitive information. It’s also what drives Google to increasingly make both search engine and browser rely on the usage of SSL Certificates. Because of these things, it is imperative to get one in place on your website. If you want to learn more about SSL certificates and adding the coveted padlock to your website, get in touch with us at DVS.com/contact.