A SSL certificate is a way to encrypt traffic communication between the end user who is visiting a web site and the web server where the web site is being hosted. While this information is being transmitted across the internet, if the web site uses a SSL certificate then communication has been scrambled first before sending it over the fibre optic lines in order than they cannot be easily read by a hacker, government agency or other outside party.
SSL certificates have typically been used specifically for web sites that require log ins by customers using a username or email address and their password. If private information like a customer’s address, credit or debit card details and other sensitive items are to be entered on to a web form, then this page is almost always loaded via the SSL certificate using the HTTPS prefix to ensure the page is loaded securely. This way, the sensitive information is encrypted before it is sent over the internet and the page itself shouldn’t be able to be read when it is sent back to you either.
HTTPS For Large Web Sites
In the last few months following the series of revelations from whistle-blower Edward Snowden about the activities of certain US and UK government agencies, some web sites have been working to make all of their pages run properly under SSL certificates to encrypt all communications.
By taking this action when fiber optic communication lines are intercepted mid-stream the data cannot be read. This forces the same agencies to go back to infiltrating individual PCs owned by people of interest to them rather than continuing the global, warrant-less interception and recording of internet traffic on a mass scale.
Sites like Google and later Yahoo and Microsoft, have decided to make their sites run completely on security certificates to encrypt all communication. This is a large endeavour which in some cases has taken up to 2 years in order to pull off. For smaller web sites, it is not such a difficult thing to do but it is up to the site owner to decide whether they wish to do it.
Shared SSL Certificates
It is possible to use a shared SSL certificate from a web site. The certificate will often be identifiable, for those who wish to look, as owned by the web host rather than the actual web site. On some occasions this can raise a flag in some web browsers which will pop-up a warning to indicate that there is a mismatch between the owner of the SSL certificate and the site it is being used on. Shared certificates used to make sense as a cost savings but they make less sense today because of these warnings which can scare customers away.
Own Signed SSL Certificate
Buying your own SSL certificate that is signed and owned by your web site can provide assurance to visitors that certain data is being encrypted end-to-end. This can be purely for e-commerce transactions and when entering sensitive information in a web form or it can be implemented site-wide.
The SSL certificate can confirm that a respected authority has signed the SSL certificate as being assigned and owned by the business running the web site. It makes the web site look legitimate.
Private IP Address Needed
For your own SSL certificate it is necessary to assign a single fixed IP address to the certificate. This may need to be assigned to a hosting account as a paid extra.
Faster Servers Needed Too
Using site-wide HTTPS encrypted pages puts more demand on the server and slows down the web hosting. For this reason, it is necessary to have more powerful hosting in order that it can manage the extra demand and has enough horsepower to still run the site at a decent “clip”.
For this reason hosting accounts often need to be upgraded in order that the web site doesn’t slow down for visitors when the change to site-wide HTTPS is made. Otherwise regular visitors will likely complain that the site is too slow suddenly. This should be anticipated and budgeted for ahead of time so that customers don’t notice any speed difference once the switch over has been completed.
HTTPs as a Ranking Signal for Google
Google has confirmed that they consider a site that uses a HTTPS connection to indicate an encrypted connected as a positive sign that has a minor but still useful positive bump in their impression of the web site. This in turn can affect the ranking position for the web site when set against another site that chooses not to encrypt communications.
For e-commerce sites, a lack of SSL implementation at least in sensitive areas of the site could eventually cause Google to rank the site poorly due to the lack of implemented security measures. Something to be aware of.
As security becomes more of a factor it’s entirely plausible that Google could choose to further strengthen their rating for secure sites as a factor for higher ranking positions in Google search.