Do I Need SSL For My Website?
by Kevin Hofer, on 2/22/19, 9:52 AM
In an increasingly connected online world, information security is critically important to all internet users. Visitors to your website want to be sure that the information they share with you is protected.
The easiest, and most visible way for website operators to do this is to run their site over HTTPS, instead of HTTP. Unfortunately, this conversation can get pretty geeky very quickly, but we’ll do our best to keep the tech speak to minimum.
Cutting Through The Jargon
First, it’s important to understand a couple of key terms:
- HTTP vs HTTPS - the HyperText Transfer Protocol is the underlying technology that web browsers and web servers use to communicate with each other over the internet. The secure version of HTTP is HTTPS, or HyperText Transfer Protocol Secure (novel, eh?). This is the string of characters always present - but not always said - at the beginning of a website address, for example:
This essentially tells the web browser how to communicate with the website you are trying to reach. HTTP + SSL is what gives you HTTPS, allowing you to communicate securely.
- What is SSL? SSL, or “secure sockets layer”, is the security standard for establishing an encrypted link between a server and a web browser. In other words, this is a technology used to secure the communication between the server your website is hosted on, and the client browser from which a users accesses it … keeping private, all of the information passed back and forth.
- What is TLS? TLS, or “transport layer security” is the standard network protocol that succeeded SSL. It’s common for people to use the terms (er, acronyms) interchangeably. Despite the fact that SSL is outdated technology, and TLS is the form of encryption that everyone uses today, most will still refer to this as "SSL".
Why You Need SSL Now
If all of this security speak is new to you, it’s likely that your website is currently running over the HTTP standard. There are a number of compelling reasons to make the jump and “upgrade” to HTTPS.
- Improve security - this is, after all, why SSL exists in the first place. Securing the communication between web server and browser is always a good idea. This is especially true if you’re running an ecommerce site, or have a site that collects information with forms. Even if your site doesn’t have this advanced functionality, there are still good reasons to make the switch.
- Search engine optimization (SEO) - SSL has been a confirmed Google ranking signal since 2014. At a time when competition for customer eyeballs is as fierce as ever, it makes sense to take advantage of every opportunity possible to boost your rank. Keep in mind that it’s not a major ranking signal, but is definitely part of the mix and can have an impact, even if it is a small one.
- Maintain credibility and trust - in mid-2018, Google Chrome began flagging all HTTP sites with a “not secure” message in the browser. Technically, this doesn’t mean that there’s anything wrong with your site. However, your visitors may be confused by the label, and perceive (or assume) that something is amiss. This has the potential to hurt your credibility and erode trust with your customers, or prospects. You can read more about this on Google's Blog:
So What Next?
If this all sounds good, and you want to make the change to run your more securely, help your search ranking and improve your credibility, the next step is to work with your hosting provider to purchase and install an SSL certificate.
These certificates aren’t paper certificates the way we typically think of them. These digital certificates are actually small data files that sit on a server that proves an organization is who they say they are, and that they have control over the server on which a website is hosted.
There are a number of variables to consider when buying an SSL certificate:
- The type of certificate you need - standard certificates will work for most, but some industries may have specific requirements to consider
- The number of domains you want to secure
- The validity period of certification (i.e. when the certificate will expire)
SSL certificates are issued by certificate authorities (CA). These companies are trusted entities that verify the identity of organizations and servers on the internet. When applying for a certificate, you will be asked to complete a Certificate Signing Request (CSR). The CSR prompts you for information about your organization that the CA will use for verification, and also use to create your certificate.
Once your certificate is issued by the CA, it can then be installed on your server. Suffice it to say that instructions for installing an SSL certificate are beyond the scope of this blog. Your website hosting provider should be able to help you with this step, if not manage the entire SSL procurement process for you.
When you get confirmation from your hosting provider that the SSL certificate has been installed, there are few steps to take to ensure all is well:
- Confirm that the certificate is, in fact, installed. Look for the padlock icon in your browser, next to the web address.
- Verify that all content is loading over HTTPS. Code updates might be required to ensure this is happening, and avoiding "mixed content" errors in the browser.
- Automatically redirect all traffic to your site to HTTPS.
In this day and age, the benefits of running your site over HTTPS far outweighs the cost in doing so. If you have any questions about the benefits of SSL, or need help, technically, getting it set-up, let us know.
Digital Momentum Customers: if you are hosting your site with us, we’ve got you covered. Just reach out to your account manager, let us know that you want to move to HTTPS, and we’ll take care of the rest.