FAQ: Secure Socket Layers
|FAQ: Secure Socket Layers (SSL) Gator|
What is an SSL
An easy way to understand an SSL’s function is to imagine you’re cruising a car down the road using a public highway. Now imagine taking a private underground tunnel to your destination with secure check-points at both ends. The hazards of sending your information down the internet superhighway are similar to this scenario but imagine if you took the secured route. No one can see [the data] within the tunnel as it is buried beneath layers of secure coded language that couldn’t be read by anyone outside of the tunnel’s end-points because it’s encrypted.
In short, an SSL is a Secure Socket Layer; which by definition is the standard security technology for establishing an encrypted link between a web server and a browser. An SSL is used to encrypt data that’s being sent between two or more servers (computers). If you are familiar with the Green padlock at the top left of your address bar, or, if you have seen web addresses with the “HTTPS” at the beginning like this site does now, then you may already be aware of the signs that you are using secure encryption.
Although the green padlock and the “HTTPS” are not the only signs of using a secured website, they are the most upfront and visible. What's most important to remember once Google implements this change, customers are greeted with the ‘Not Secure’ warning, similar to what you see below. Seeing this means they are less, your visitors will be less likely to enter any information on your site; like making a purchase or even signing up for your email list.
What is HTTP vs. HTTPS
The difference between HTTP & HTTPS is both minimal and drastic. Both acronyms translate out to “HyperText Transfer Protocol,” but the one containing the “S” adds “Secure” to its translation. The “S” gets added to your URL typically when you attach an SSL certificate (a type of file) to your domain name. Doing this will change the look of your domains' uniform resource locator (URL) so that it goes from a “Not Secured” HTTP portal to the now “Secured” HTTPS portal (or private tunnel.)
Why is encryption important?
Without an SSL Certificate encrypting the data passing between your website and other computers, both parties could be at risk.
You probably wouldn't send a postcard through the mail with your credit card information on it for the same reason people won't put their information on your unsecured website. Since smaller companies are unlikely to have a full team working on-site security, they are more vulnerable to attacks from bad actors trying to steal any information they can gather. This is why encrypting, or the process of converting data into an unreadable coded language is so important. There are different forms of encryption and different levels of security that vary depending on the type of SSL you have.
SSL Certificates through HostGator give you:
- Encrypted website traffic and data, helping to keep it safe.
- Boosted site credibility via visual indicators like "green padlock."
- Receive a positive impact on your Search Engine rankings.
- CDN which helps site speed and security.
Why is the padlock important?
Beginning in July 2018, the internet power-house Google will unveil a new Chrome Browser version which will, in essence, call-out these SSL signifiers when people visit your website. If you do not have an SSL, your website will display in Chrome as “Not Secure” and have many unseen implications throughout Google’s network of products.
If you do have an SSL, Your website will show up with the green padlock, the “https” protocol, and the “Secure” status when searching through Chrome.
Does an SSL Encrypt the content of my site?
Understandably, it's easy to think that an SSL will also encrypt all of the content (text, images, videos, etc.) of your website; however, this isn't the case. Although the SSL is encrypting the real traffic moving between the content and other computers, you may still have content that's not able to be encrypted.
As a result, customers may still receive messages that the page they're viewing contains unsecured content if there are images or other elements that haven't been encrypted.
When you install an SSL certificate to your site, it attempts to encrypt all of the elements on your site's secured pages. If all items on the page cannot be encrypted, (such as the content is hosted on an unsecured third-party server) then customers will still be met with an "unsecured content" message and, in some browsers, customers may see a broken padlock icon:
What can you do?
Though these identifiers do not mean a failure of your SSL certificate, they can still be worrisome to viewers and impact your site's conversions negatively. If an image, video or URL-link refers to an unsecured file hosted on a third party server, outside your website, you’ll need to use a different URL or modify the image link to use the secure "https" protocol. The content must also be secured where it is at for this to work.
Pro Tip: It's important to remember "one bad apple spoils the whole basket." If the location of the content you are using is unsecured, the simple logic here is that it probably shouldn't be on your website at all. In some cases, it's not possible to make the content you want to use secure, so it's best to consider alternate options.
What about the other browsers?
Requiring new security measures is a practice Google has utilized for many years already. Since at least 2014, Google has given ranking boosts to people using SSL’s and has actively downshifted sites labeled with HTTP pages that collect personal information; such as passwords or credit card details. Likewise, Firefox also began implementing a policy that started to mark form elements on HTTP sites as insecure, and they warn users through pop-ups that any log in information could become compromised through the HTTP protocol.
That being said, we cannot speak for what another browser may or may not require, but what’s important to take away is that this change is being implemented in the name of security. There should be no question how important protecting your identity and customer's private information online is, in today's climate.
SEO on Not Secure Sites:
What Google’s update means for your SEO:
It’s both a blessing and a curse that one company plays such an impactful role in what gets done on the internet. After all, when Google says “Jump,” relevant websites respond promptly with “How high, Mr.Google?”
Even though there are many other search engines out there that you can use to find anything on the internet, the fact that we have Google to set the bar means there is at least some form of consistency in a world of ambiguity.
Likewise, for those users who choose not to follow Google's lead, there are some hindrances to be aware of which we will touch on briefly in this article.
As you learn more about how SSL certificates transmit data securely, you should begin to understand why Google requires sites to have an SSL certificate.
Google is working to make websites safer and is prepared to lower the rankings in their search based solely on if a site has an SSL certificate or not.
So what do I do? (How to get started?):
To find out what might need to be done in regards to adding an SSL to your website check out: Free Secure Socket Layers