Why your website needs a SSL Certificate and HTTPS.

Websites that do not collect customer data such as user names, emails and credit card details, have in the past had no need for a SSL certificate and have used http protocol eg. http://mydomain.com.

Sites that did collect data such a e-commerce websites did and still do need to install a SSL (security) certificate and require the use of https to securely transmit their customers data eg. https://ww.mydomain.com.

But back in 2014 Google announced that it would start using https as a ranking factor. Originally this was considered a low ranking factor and therefore many sites have not yet made the move to https because of the added costs involved, but with many browsers now highlighting security issues in the search bar its time to seriously consider the move to https.

Reasons to move your site to HTTPS:

  • Increase your search rankings.
  • Foster trust with your customer – Get the green padlock in the search bar.
  • No risk of a “not secure” notice on your users browser.
  • Provide security for your users.

What is a SSL?

An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology. Encryption is the process of scrambling data into an undecipherable format that can only be returned to a readable format with the proper decryption key.

When an Internet user attempts to send confidential information to a Web server, such as through a contact form,  the user’s browser accesses the server’s digital certificate and establishes a secure connection. A SSL certificate is like an electronic “passport” that establishes a website’s identity.

What is HTTPS?

HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user’s computer and the site

  1. Encryption—encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages, or steal their information.
  2. Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
  3. Authentication—proves that your users communicate with the intended website.

What is involved in changing to HTTPS?

1. First decide the kind of certificate you need:

  • Single certificate for single secure origin (e.g. www.example.com).
  • Multi-domain certificate for multiple well-known secure origins (e.g. www.example.com, cdn.example.com, example.co.uk).
  • Wildcard certificate for a secure origin with many dynamic subdomains (e.g. a.example.com, b.example.com).

Certificates verified by domain validation (DV): These certificates have the lowest authentication level. For this measure, CA only checks whether the applicant owns the domain for which the certificate is to be issued. In most cases this type of certificate is all you need.

Certificates verified by organization validation (OV): This kind of validation provides more comprehensive authentication. In addition to domain ownership, the CA examines relevant information, such as company filings. Information that has been vetted by the CA is accessible to website visitors. The process of obtaining this takes longer and costs more.

Certificate verified by extended validation (EV): This certificate has the highest and most extensive authentication level. In contrast to certificates verified by organization validation, this process requires company information to be even more thoroughly scrutinized. What’s more, this certificate is only issued by CAs authorized to do so.

Only use SSL certificates issued by trusted Certificate Authorities in order to protect visitors from potential man-in-the middle attacks. The certificate authorities are associated with legal regulations and aim to verify the website as a trusted resource. SSL certificates do come at a cost and are charged as a annual fee along with your hosting and domain name. Certificates can cost between $20 and $1000 depending on the security level needed but for most sites I would recommend an option which costs around $50 a year.

2. Install the certificate on your server.

3. Change server setting to https.

3. Redirect to HTTPS

Use server-side 301 HTTP redirects. Contact and change as many of your external links as possible including social media and directory listings.

6. Test your pages & check all your links

Check your pages and links still work and verify that your HTTPS pages can be crawled and indexed by Google using webmaster tools.