Almost two years ago Google said that security became its top priority. One of the most powerful search engines does everything to protect its users. Since that time SSL (Secure Socket Layer) certificate became a hot topic of thousands of discussions. Many people don’t know if they should use it for their website, however, they are guided by “Google says it’s good” and make a purchase without knowing pros and cons of getting an SSL certificate.
There is no need to understand how it works behind-the-scenes but you should know at least the difference to see why a secure certificate is indispensable to the website’s life.
With or without a padlock
For the start let’s see the difference between two well-known protocols.
Hypertext Transfer Protocol, aka HTTP, presents a system that is used to transmit and receive information across the Internet. It focuses on the way information is presented to the user, but it actually doesn’t care in what way information is delivered from its provider to the point where it is received. It prefers to have a short memory which means it won’t even try to remember previous web session. So there is some kind of benefit which indicates sending fewer data and increasing speed. It perfectly fits for websites that don’t store any confidential information.
And HTTPS is a secure type of HTTP. Actually, it is a combination of HTTP and an SSL or any other secure certificate, it provides the protected authorization and transactions, helps to exchange data that can be confidential and prevent accesses that aren’t authorized. Of course, it is pretty identical to HTTP as the protocol has the same basic. Though, HTTPS uses extra protection when establishing any connection. It is SSL that gives another layer of security while transferring the data.
How it works
When there is an attempt to access a website secured by an SSL from any browser, the SSL connection between a browser and a web server will be established. It is also known as “SSL Handshake”. Of course, the user can’t see how it is happening as it is instantaneous action.
There are three types of keys used for setting secured connection. They are public, private, and session keys. All data encrypted with the public key is only decrypted with the private key. As for the session key, it is used for encrypting all transmitted data.
In other words, SSL protects sent information from a computer to a destination server because without certificate protection any computer that is in between you and the server will be able to see credit card numbers, usernames or passwords, for example. With an SSL certificate the information is unreadable to everyone but the server the information is sent to.
Don’t misunderstand the role of SSL though. Its security functions are for a connection only. It doesn’t protect a server from direct attacks because it’s an IT security policy job. It won’t work either when a user is attacked directly and his PC is being infected with malware. A good anti-virus program can solve the problem, not SSL.
In other words, SSL prevents 3rd parties from listening to communications between the user and the website.
Google adores SSL
Google is in love with security so the fact of top priority for websites with SSL is obvious. It doesn’t mean that other things with any influence on the way of getting to the top of SERP should be ignored. A site with HTTPS encryption will rank a little bit higher. For example, if there are few sites which are approximately equal in authority and other important characteristics, the site with an SSL certificate will have a higher position than those which don’t have a secure certificate on their site.
If you have secured connection Google will show it in SERPs and it can influence users behavior. A URL of a site with a secured protocol layer is shown up with https:// before a domain name.
Of course, there is no such a big deal, but those users who want to be protected will choose secured connection. So help Google to lead visitors to your site by switching to SSL, increase CTR and improve rankings.
Content or https
There are already some myths around the priority of https over content. According to Google, secure signals won’t save the situation if the last one has low quality. Nothing can beat the priority of a qualitative content.
“Changing to HTTPs isn’t going to give you a meteoric rise in the SERPs. You would merely be complying with one of Google’s stated preferences. And that’s okay.
The one thing that will move the needle on your rankings is content. If you have to decide between improving security and improving content, go for the content.”
Should the switching be done immediately?
Last year Google had said that webmasters would have time to switch to HTTPS. Although the secure protocol is a weak signal for a website to be ranked higher by one of the biggest search engines, it was mentioned that there is a possibility of a decision to strengthen it for encouraging website owners to switch from HTTP to HTTPS. Experts say that it may take about a year for Google to roll out such a specific feature of the algorithm. I suggest you to think twice and provide necessary changes so no Google’s updates can take you by surprise.
Furthermore, one of the biggest search engines hinted that HTTPS is fundamental to internet security when brought https to all the Blogspot domains. Such a change allows visitors access all Blogspot domain blogs using an encrypted channel. Thus, Google proposed to support its “HTTPS Everywhere” mission by this update.
Slow Site Speed
Extra encryption level may (in most cases) slow down the sites speed. Although it is milliseconds, it differs, anyway. But no panic at all, while using https protocol, a website load speed, as a ranking parameter, is excluded by Google.
Let’s see why load speed can be slower with https. First of all, there is constant sending data between web browsers that are visited and a web server. All the information must be encrypted and then decrypted. So #1 reason can be hidden in an improper configuration which will result in slower load speed of a secured page than when you had an unencrypted connection.
Reason #2 is so called Handshake. As it has been said before, it is a process when a secure connection is being established. Pretty simple thing from first sight includes a lot of difficult processes. Browser establishes a secured connection to a website after all identities are confirmed and necessary algorithms are selected. Only after that keys will be exchanged.
Don’t worry there are many ways to speed up your secure connection. Besides that, Google would definitely prefer a secure connection over a small difference in time of loading a page.
Ready to switch now? Let’s go!
First of all, pick an SSL certificate that suits your needs and website.
Domain validated certificates offer industry-standard encryption. There is a benefit of DV (Domain validated) Certificate as it can be issued in few minutes. This option is considered to be the most affordable one. It is recommended to use DV certificates for small business.
Organization validated certificate will activate many browser trust indicators. However, it won’t turn the browser address bar to green (it is used as a confirmation that an organization or a company is legitimate and recognized by a government entity). This kind of secure certificates will take few days to be completed. It will perfectly work with businesses that can’t afford the next type of certificate and help to assure customers the safe usage of the website for transactions. Such certificate is an important “must” for websites of the eCommerce field as it earns visitors trust.
Extended validation certificate is the premium SSL certificate. It made a step further than encrypting transferred data from a browser to a web server. With top-of-the-line, industry-standard 2048-bit encryption, it will give a green address bar to a website. And that is a perfectly recognizable symbol of trust. The certificate is recommended for financial institutions – banks, large companies, etc. With gaining your visitors trust you will see the rise of online conversions and profitability. As for the validation process, it may take up to 5 days.
Multi-domain certificates are made to secure multiple domains. They exclude process of the generating and setting up a separate certificate for each domain. There is an ability to secure from 2 to 100 domains. All depends on the certificate, of course. The main benefit of multi-domain SSL certificate is simple managing of several domains under one certificate. Due to certificated lifespan, its owner can add new domains instead of going through the process of getting a new one.
Wildcard certificates are very popular due to their incredible convenience. They will secure not only website’s main domain but also a number of subdomains with only one SSL certificate. Such secure solution is highly recommended if a domain has subdomains which are associated with it. Their amount isn’t a big deal. Plus you can choose DV or OV type. FYI, the EV wildcard option doesn’t exist.
Back to Google, it recommends to use 2048-bit encryption certificates. Next steps of installing depend on where you purchase a certificate as it may differ according to a hosting provider.
When there is a switch to secured protocol, all that users see is additional “s” between http and an actual domain name. But for a webmaster the change is painful. After getting a certificate,
http://www.somewebsite.com and
https://www.somewebsite.com
become two absolutely different URLs. To make them one, create copies of site’s pages and redirect all of “old” pages to the new “https”.
As usual, there are at least few internal links on a website. There is a must to change them as well because they can refer to old pages with HTTP when it should be new https if you want to point directly to them, of course 🙂 Used images, stylesheets, and scripts may get same problems especially if their resources addresses start from well-known HTTP. To see if everything is ok, view the source of elements and check the tags. Please, make sure all the files that exist on a domain point to a right https location.
In the case when your CDN (if you use it) supports HTTPS there’s no reason to worry about. But if it doesn’t support the protocol and there are no detailed instructions on implementation of https, the only way out is to contact the support. After this go back to new https site and ensure that the source for all images has the https location on your CDN.
To make Google crawl your new https site as soon as possible, re-add a site to Search console. The thing is that any site with a secure protocol is totally different site.
Google advises:
- Add a new https site to Google Search console. Note that change-of-address setting will not apply for moves from http to https.
- As the next step after testing, use 301 redirects from old to a new site. To confirm the new version, add a rel=canonical on the secure page, pointing to itself. After this, submit sitemaps including URLs of HTTP and HTTPS protocol with new change-dates.
- Https site must use appropriate https robots.txt file. All you need is to check if it is reachable and serves a 404 result code. HTTP URLs shouldn’t be blocked by the old not secure robots.txt file.
- If your website is big, you may see some fluctuations in a search. But, as a rule, Google’s system usually reacts normally on changes of HTTP to HTTPS.
- Redirects, 301 and 302, that are set from not secure to secure version won’t have any influence on “link juice”. In other words, it won’t be lost.
- To see how many pages have been indexed, simply verify separately http and https in Search Console. To check detail use Index Status in Google Search Console or do it with the help of operators:
inurl:http://yourwebsite.com
inurl:https://yourwebsite.com
Also, you can see the indexed counts of sitemaps for sitemap URLs.
As for the duration of the move, Google says that there are no fixed terms as sites have different sizes.
Conclusion
Even though secure of a website may seem not that important, it is a piece of a ranking puzzle. Hope, you don’t have any doubts about the necessity of buying a secure certificate for a website to gain not only trust of your visitors and top positions but also receive most valuable love from Google.
Embed This Image On Your Site (copy code below):