It used to be that you only saw SSL certificates used with online banking and ecommerce. Today, more and more web site owners are choosing to use SSL certificates on their websites for added security, increased trust with their web visitors, and hopes of getting a boost in their search rankings. SSL stands for Secure Sockets Layer and are cryptographic protocols that provide communications security over a computer network (Wikipedia). Let’s look at what an SSL certificate actually is, the different kinds of SSL certificates that you can get, and a few things to look out for when installing an SSL certificate on your website.
What SSL Certificates Actually Do
There is a lot of confusion over what an SSL certificate is and what it does. An SSL certificate is not a firewall. It is not antivirus software. It doesn’t block spam. An SSL certificate really only does one thing. It encrypts the communication between your web browser and the web server that your browser is talking to. In other words, they make it so the communication between your web browser and the web server is private. Sort of like being on a secure telephone landline where you know that nobody else can listen versus a walkie-talkie where anyone who tunes in can hear what you are saying.
Three Reasons To Use SSL
There are some very good reasons why you might want to install an SSL certificate on your website. The primary reason you would want to install an SSL certificate on your website is to secure the information you collect from your visitors. In addition, SSL certificates provide a layer of trust between you and your web visitors letting them know that your identity has been verified by a third party. Lastly, search engines, including Google, have stated that having an SSL certificate on your website is a good thing for your search engine rankings.
First, if you have any forms on your website, especially forms that collect sensitive information like passwords or credit card information, you will definitely want to have an SSL certificate so the bad guys can’t snoop on that information. If you have a form on your website and you do not have an SSL certificate, many web browsers will show a warning that the form is, “Not Secure.”
When you start shopping for an SSL certificate for your website you will notice that the price of the certificate can range dramatically. You can get an SSL certificate for free through a company called Let’s Encrypt or you can pay hundreds of dollars for an SSL certificate. The difference is trust. The more you do to verify your identity with the company issuing the SSL certificate the more the SSL certificate will cost.
For example, the free SSL certificates from Let’s Encrypt require almost no verification at all. Let’s Encrypt SSL certificates work off the digital fingerprint of your web server. You don’t have to provide any documentation verifying your own identity or the identity of your organization.
If you buy an SSL certificate from a company like GeoTrust or Comodo, they will ask you for documentation verifying your identity. This will include things like sending them a copy of your business license, a utility bill with your address and name on it, and other paperwork that verifies that you are who you claim to be. Once the issuing company is satisfied, they will issue the SSL certificate to you with their stamp of approval on it saying that they have taken the steps to verify your identity.
The only difference between free SSL certificates and expensive ones is trust. They all provide the same level of encryption. On a technical level, they all work in exactly the same way. The communication between the web browser and the web server is no more secure with an expensive SSL certificate than it is with a free one.
Very few people even know how to check what kind of SSL certificate you are using and who issued it to you. So, unless you are a bank, you may want to just go with a free SSL certificate from Let’s Encrypt especially if you are just starting out.
3-Search Engine Boost
One more reason to use an SSL certificate on your website is to get a little boost from search engines. Google recently announced that having an SSL certificate is, in fact, a factor in determining the rankings of their search results. All things being equal, a site with an SSL certificate will have a slight edge over a site that does not have one. Having said that, do not expect to install an SSL certificate and suddenly land on the first page of all the search engines. The boost you’ll get from having an SSL certificate is small but real.
3 Possible Problems
There are a few really important things to watch out for when installing an SSL certificate. There are some things you need to do to your website and a couple things to keep in mind.
1-The Broken SSL Lock / Mixed Content
When you install an SSL certificate, all of the resources that get pulled in to your site need to be pulled in from a secure (https) resource. Insecure (http) resources will be blocked. So, if your website has referenced all your images over http (not https) then the images will be blocked by the web browser and will not show up. This will also result in the SSL lock on the browser being broken and the visitor will probably get a warning message saying that the page is not entirely secure. Before updating your site with an SSL certificate, make sure all the resources are getting pulled in securely.
It’s not just images that can get blocked. Anything that originates from a site that is not using an SSL certificate will be blocked as well. This can be a really big problem with church websites that have live streaming because some live stream services only offer the stream over http, not https with an SSL certificate. That means when people push play to listen to the live stream nothing will happen. The live stream will be blocked because it is seen as insecure content.
3-Possible Loss of PageRank
One last problem is that changing all the URLs on your site from http to https could result in a loss of PageRank which is the value of your page to Google for search engine rankings. This is a really technical issue, but there are two basic ways to redirect traffic from your old, insecure links to your new, secure links. One is a permanent (301) redirect and the other is a temporary (302) redirect.
When you permanently change the location of a page, like when you install an SSL certificate and want everyone to use the new, secure link, you want to redirect the traffic with a permanent redirect. Google and other search engines will understand what you have done and you shouldn’t lose your rankings in search results.
Having said that, Google wants the entire Internet to switch to using SSL certificates and have announced that they will not reduce the PageRank of any page regardless of how the redirect happens.
This, of course, is only true if the new page has the same content as the old page. If your new page is served over https and the old page was http – and that’s the only difference – then you should retain 100% of your page’s PageRank when making the switch.
Overall, it’s a great idea to install an SSL certificate on your website. It’s definitely the direction the internet is moving. Just make sure you consider things like your live stream and make sure all of your content can be pulled in securely over https. Making the move to SSL can be a little tricky and technical, so you may want to contact a web developer for help to make sure everything goes smoothly.