Why you’re website needs an SSL certificate
SSL stands for “secure socket(s) layer.” It’s a type of technology that establishes a secure connection between a user’s browser and the hosting server of the website he or she is visiting, so long as the website has a valid SSL certificate. The certificate is made up of a digital computer file or small piece of code. Generally, SSL certificates are only valid for one domain (web address) and corresponding server at a time.
When someone is visiting an SSL-certified website, they are essentially handed their own personal key to unscramble the content of the site and view it normally for the entirety of their desired session. All communication between the user and the website (or the hosting server, more specifically) during this time is encrypted, meaning hackers can’t spy on the user’s session, insert malware and steal personal information.
Besides individual websites, SSL is also valuable for sending and receiving secure email, files, instant messages and other forms of sensitive information.
How to Look for an SSL Certificate
To see if a certain website has an SSL certificate, open up the site and look to the left-hand side of the address bar. Look for a padlock icon and possibly some other information that precedes the actual URL of the site.
On some websites, you may only see the padlock icon to denote an SSL certificate. This icon is still clickable and can show you the issuing certificate authority. Take one of our favorite websites for SEO-related news and advice, Moz, for example.
Another attribute to look for in a secure website is an “s” in the protocol of the URL. In other words, look for “https” instead of the previous standard of “http.” You’re probably seeing dozens, if not hundreds, of sites slightly updating their addresses in this manner. All the HTTPS stands for is “secure hypertext transfer protocol.”
You also might see HTTPS called one of the following:
- HTTP over TLS
- HTTP over SSL
- HTTP Secure
The SEO Value of SSL Certificates
Google is continually making moves to make the web a more secure place. And, by golly, what Google wants, Google usually gets.
HTTPS Pages First
In 2014, websites and individual web pages an HTTPS prefix began to get a leg up in the search engine rankings. Near the end of 2015, Google announced through its Webmaster Central Blog that it will start to index the HTTPS version of web pages first. Several websites have HTTPS and HTTP versions of the very same page. Even if a site’s navigation directs a user to only HTTP pages, Google will still soon take the HTTPS version of those pages, if available, and feature those in the search results.
Flagging Unsecured Websites
As reported on Motherboard last month, Google appears set to flag unencrypted sites as insecure in the near future. Presenters at the Enigma security-themed conference in San Francisco postulated how this might look on Chrome browsers. As you may have seen on HTTPS sites that are actually not secure, Chrome will display a padlock icon with a red “x” over it to the left of the URLs of unsecured websites.
Here’s what the icon looks like if you enable higher security settings in Chrome.
As speculated, Google may soon deploy that icon on all HTTP sites across the web for Chrome users.
Motherboard noted that Mozilla and Apple have also jumped on the web encryption train, and that the U.S. government has called for all .gov sites to be upgraded to HTTPS by the end of 2016. Ironically, Motherboard itself is not an HTTPS website, but who’s counting?