Google has been working diligently to make the web safer and has now begun to mark websites as “Non-Secure” which do not have an SSL certificate installed but still exchange user data. Therefore, it has now become a must to serve your website over HTTPS/SSL to secure your visitors’ data and also to show that your brand cares about security. Coming to Chrome Push Notifications, although not a requirement, SSL is recommended for your main domain. There are a lot more benefits to adding an SSL certificate to your website including improving your search rankings. In this post lets dive deep into SSL certificates, their types and how you can setup a free SSL (Cloudflare) on your website.
On most websites today, you will see that they begin with “https://” in the URL with a green padlock saying secure, that’s due to the use of an SSL certificate. But that’s not just for indication, there is a lot going on behind the scene.
SSL or Secure Sockets Layer helps establish an encrypted link between your web server and the website visitor. This makes sure that all data passed between the two is private and no-one in the middle has access to it. Even if someone manages to tap the connection, the data will be of no use to them, as it is encrypted end-to-end.
Coming back to the SSL certificate, it is a small file that combines a cryptographic key with your organization and domain’s details. It is placed on the server to enable HTTPS protocol and based on the type of SSL certificate used, the Certificate Authority makes several checks on the organization’s information. Browser and Operating system vendors work with these Certificate Authorities to embed the Root Certificates (from which the SSL certificate is derived) within their software so that the certificate can be authenticated and a secure connection is established between the web server and the end-user.
With an insecure HTTP connection, third parties can snoop at the traffic passing between a web server and the browser to collect private data including email addresses, passwords as well as usernames. That is the reason why Google, security experts are pushing for the use of SSL on websites so that you get peace of mind that even the most basic data is secure from being intercepted.
While eCommerce websites, banking institutions have been using SSL for a very long time – small and medium enterprises, personal websites, blogs are starting to get behind the idea now. Apart from the main benefit of securing user information and prevention of data leak, one of the major driving factors has been Google’s webmaster guideline. It states that SSL will be considered as a ranking factor in their search algorithm. This was announced back in 2014 and since then many websites have begun transitioning to HTTPS.
So websites with an SSL certificate are bound to get a boost in SERPs. Although it may not be a huge ranking factor, it is surely a positive signal. Moreover, recently Google Chrome, the most widely used browser on both desktop and mobile also started showing HTTP pages that collect passwords or credit cards as “Non-Secure”.
This would certainly have an impact on your visitors who would think twice before entering any data on a website which the browser calls non-secure.
You would definitely not want this in your URL bar.
Broadly, there are three types of SSL certificates:
All three differ in the security and validation they offer along with cost. Since this post is about a free SSL certificate, I don’t want to deviate to the premium offerings but here’s a gist of what the three offer.
These are issued to organizations are the Certificate Authority verifies the exclusive right of the organization to use the specified domain name along with the following:
For an OV SSL Certificate, the CA (Certificate Authority) will assess the right of your organization to use the domain name. Some of the other checks mentioned for EV SSL certificates may also be carried out. Your website visitors will be able to see information about the organization.
This is the most basic form of an SSL certificate. Your right to use the domain name will be assessed. Users/visitors will be able to see information about the encryption. Details about your organization are not shared.