Not too long ago SSL certificates were mainly a need for eCommerce and anyone accepting credit card payments on their website. But security breaches aren’t just about credit card information and don’t just happen to big companies or banks.
The target here is data.
Let’s dive in (without getting overly technical) on a short intro to understanding why an SSL certificate builds trust and why google gives kudos for it.
Understanding SSL
SSL stands for (Secure Sockets Layer) – it’s a part of a standard security protocol that secures communications over a server(website) and web browser(E.g. chrome) using encryption. An SSL certificate encrypts data(I.e., credit card info, username, passwords, etc.) that would usually be sent over server and browsers in plain text(HTTP).How encryption works
Encryption is when data in plain text(I.e. credit card number, shipping information) gets converted using an encryption algorithm creating an encryption key(session key). The text then can only be visible when decrypted with the session key that only the receiving server(your website) has.Https
The S in Https stands for “secure” meaning all critical information communicated between your website and browser is encrypted.HTTP(Hyper Text Transport Protocol) + Secure Sockets Layer (SSL)/Transport Layer Security(TLS) + Transmission Control Protocol(TCP)= HyperText Transfer Protocol Secure (HTTPS)
How does an SSL certificate work?
When you purchase an SSL certificate for your website your taking steps to authenticate your online identity. Depending on your host you can either purchase an SSL certificate or get one installed for free. (There are also other services that issue free SSL certificates like Let’s encrypt, though something like this may require a bit more technical knowledge.) Your host will then research your company and validate that all your information matches up with who you say you are. Think of an SSL certificate as your online Id card. Once your SSL certificate is installed, it provides encryption. The encryption then puts a stop to hackers when trying to access the info during communications between computers. If the Hacker is successful at collecting the data, it is in a scrambled form which just appears as mumbo-jumbo aka encrypted data. Example: A new customer is visiting your website. Browser asks your server to identify itself -Your websites shows it’s SSL certificate and session key, information is then transmitted encrypted. Now your new customer can safely input sensitive data that get’s encrypted, and only your website can decrypt and read. Feeling safe yet!? Not to burst anyone’s bubble. But having an SSL certificate installed on your website just means your data is encrypted it does not prevent all other attracts like cross-site scripting( very common in WordPress ) and many other vulnerabilities. But the good news here is that you’re taking the steps to secure your website environment for your customers.Why is Google prioritizing secure websites?
Back in 2014 google announce ( see Google’s blog post here ) that they give a better ranking( SEO benefit ) to secure sites and blacklisting the non-secure sites that are allowing users to input sensitive information (i.e., form fields, credit card fields ).Why the SEO boost?
Google has been trying to figure out ways to get more people on-board with security, and by taking these extra steps to secure and verify your website with an SSL certificate, Google sees that you are more invested in your customers and business and therefore are trustworthy. Security builds trust and googles priorities that.Secure vs. Non-secure
When you take a look at the address bar you will see either a green padlock and the words Secure next to the website you are browsing. If the site is not secure, you’ll see a red x and the words “Not secure” in the address bar.
Yeah, it looks terrible.
Next, learn how to install an SSL certificate and common errors after an install.