Have you been thinking about getting an SSL certificate for your web property? Or, do you already have one and want to know if you really need to renew it?
In addition to covering the basics of what SSL certificates are and what they do, we’ll take a look at some of the advantages and disadvantages of having one installed for your web site.
What Is SSL?
SSL, or Secure Sockets Layer, is a security protocol that allows for information – such as passwords and credit card numbers – to be encrypted when it is sent from a web browser to a web server. Without SSL, any information that a user gives to a web site is generally sent in plain text, making it easier for malicious third parties to intercept that data.
Basically, SSL is what allows you to enable secure HTTPS web pages. In order to establish a secure connection using SSL between the web browser and the server where your web site lives, an SSL certificate (often, just called a “cert”) needs to be installed on the web server. Once the certificate has been set up properly, you can update your site to use the HTTPS protocol so that whenever users visit an HTTPS-enabled page they’ll see a padlock, indicating that page is secure.
In addition to making it possible to encrypt the information that is sent from a browser to a web server, an SSL certificate acts like an ID card for a site by authenticating the identity of a web site so that users can verify they aren’t being scammed by someone who is trying to steal personal or financial information from them. This can be particularly important for sites that conduct a lot of financial transactions, like PayPal or eBay.
Note that if you are using a proxy server, such as a content delivery network (CDN), you may also have to upload your SSL certificate to that server as well in order for your audience to still view secure web pages.
Who Needs an SSL Certificate?
Although almost anyone can install an SSL certificate to make their web site more secure, sometimes the certificates are more trouble than they’re worth – we’ll talk more about that in a moment. However, if you have an online store, an ecommerce site or any site that conducts financial transactions, you should have an SSL certificate and an HTTPS-enabled site to protect your customers’ sensitive information. This information may include credit card numbers, bank account information and other personal data that could be used to commit identity theft or fraud.
In addition, if you have a membership site or a site that requires users to create a login and password for any reason, it’s a good idea to use SSL to at least secure any page of your web site on which personal information is being transmitted – even if users aren’t giving you any financial data.
Common Types of SSL Certificates
There are several different types of SSL certificates, so if you have decided to invest in one, do a little research first to make sure you’re getting the one that best fits your needs. The following are the most common types.
Standard Certificate – This is the most common type of SSL certificate and can be used for one site with one domain name.
Wildcard Domain Certificate – With this type of certificate, you can secure your main website and all of its subdomains (for example: www.xyz123.com, subdomain1.xyz123.com, subdomain2.xyz123.com, etc.).
Multi-Domain Certificate – This option lets you secure multiple domain names with a single SSL certificate. One example of why you might choose this type is if you have several domain names pointed to a single site, such as www.xyz123.com and www.xyz123.net.
Advantages of SSL and HTTPS-Enabled Sites
You’re adding an extra layer of security for your users. Even in this day and age, it’s common for users to fill out forms on websites without giving a lot of thought as to how safe it is giving away that information. By making sure that this data is encrypted, you’re helping protect it from prying eyes.
Users tend to have a higher level of trust for HTTPS-enabled sites. Some visitors to your site may not fully understand what it means when they see the green padlock in their browser address bar, but they still tend to associate it with security and, as such, will trust your site more. Others who are more security-conscious may be reluctant to provide any personal information at all if they notice an expired certificate or no certificate at all.
You may see higher search engine rankings. In August 2014, Google announced that it was using HTTPS as a ranking signal:
“For these reasons, over the past few months, we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.”
However, Google went on to classify this as a “lightweight” ranking signal that carried less weight than other factors such as having high-quality content. So, switching from an HTTP to an HTTPS site at this time is unlikely to impact the search rankings of the majority of sites very much, if at all.
Disadvantages of SSL and HTTPS-Enabled Sites
The cost may be prohibitive for some web sites. Depending on the type of cert and who issued it, SSL certificates may cost hundreds of dollars a year to maintain. That may not be a huge expense in the grand scheme of things, but it could eat into the budget of small publishers who are trying to grow a new site.
Ad revenue may be impacted. If your entire web site is HTTPS-enabled and you’re showing ads from AdSense, you may not be maximizing your revenue potential. According to Google:
“HTTPS-enabled sites require that all content on the page, including the ads, be SSL-compliant. As such, AdSense will remove all non-SSL compliant ads from competing in the auction on these pages. If you do decide to convert your HTTP site to HTTPS, please be aware that because we remove non-SSL compliant ads from the auction, thereby reducing auction pressure, ads on your HTTPS pages might earn less than those on your HTTP pages.”
Expiration warnings and other messages may worry users. If you own a site that uses a mix of HTTP and HTTPS pages, users could get messages about non-secure content when they visit your site. Likewise, if you forget to renew your certificate, an ugly-looking warning will inform users of this. Even if one of these warnings is only seen once, it could negatively impact your site’s reputation and make visitors leery about returning.
With all this in mind, should you get an SSL certificate? If you aren’t conducting financial transactions on your site, that answer will depend on how much weight you put on the advantages and disadvantages listed above. For those who have a fairly young or small site, it might be worth waiting before you make the investment – you can always choose to add a certificate later down the line.
Image Credit: © bf87 – stock.adobe.com