Some interesting developments have been emerging in the SSL space, so we wanted to spend a moment to introduce these. They pose some new options for business sites, but also some new potential requirements. This is particularly relevant to you if you’re a business-focused website owner as they can affect your Google ranking as well as the way customers perceive your site.
By the way, if you’re wondering about the fancy words, SSL* is that little green encryption padlock that appears on the left of your URL bar when you visit a site. You’d also notice that the URL starts with “https:” instead of “http:” . It means that the traffic between you and the web server for that site is encrypted and can’t be looked at in transit between you and the webhost. While this has been used in the past for eCommerce to help keep customer and credit card details safe, these days it can also be used to prevent most metadata from a site you visit being logged.
SSL works via a mechanism called “private key cryptography”. The idea is that you can communicate with a website using a “public” key, which everyone can see, but it can only be decrypted (viewed) by the server using what’s called a “private key”. SSL is available for such diverse things as FTP (though it’s usually then known as “TLS”), email sending, and many other things as well as plain old webpage viewing.
Google and SSL
Google is now ranking websites that have working SSL a little higher than sites without SSL. While Google say this only affects 1% of websites, they do plan to expand the use of SSL ability to have a more significant weight in future. If you think about it, this makes sense; if you’ve got SSL working on your site it usually means the content is higher quality than someone who hasn’t bothered to add it.
More details for technical folks here: http://googlewebmastercentral.blogspot.com.au/2014/08/https-as-ranking-signal.html
Dawn of an era of universally free SSL certificates — www.letsencrypt.org
Up till now, it’s been necessary to purchase your own SSL certificate from a certificate authority. Mozilla, Cisco, WordPress and a bunch of others are collaborating to make it easy, simple and free to have SSL encryption on websites, hopefully for free, with the Let’s Encrypt project.
While the Lets Encrypt project is scheduled to make it’s first major release mid-2015, it remains to be seen how well it will work and whether it will be available from inside cPanel.
When Lets Encrypt makes free certificates available, it should cost relatively little or nothing to add SSL to a site. At the moment, you need to purchase a certificate, get it installed and checked, and often also to lease a dedicated IP address for the year. The general plan is to do away with all of these three although I think a sensible expectation is that it may take a year or two.
EV SSL or “Extended Validation” SSL certificates
Ever seen that green bar at the top of your browser when you visit a bank website? That’s called “Extended Validation” (or EV) SSL and a higher degree of verification is done on your company before providing them. This is meant to ensure that you can be trusted, and are who you say you are.
It’s very likely that the new default for business websites will now start to move towards EV SSL certificates. While they’re still relatively expensive (AU$300ish+), their price is already dropping and my prediction is that you’ll see further reductions as time goes on, driven by the fact that sales of the lesser certificates will drop once free certificates are readily available. Only time will tell, of course.
* SSL = Secure Sockets Layer; the more recent version(s) are called TLS (Transport Layer Security).
** This is intended for beginners so we’ve intentionally cut corners in explaining some things to keep them easy to understand