SSL and HTTPS – everything you need to know

A few weeks ago Google made it absolutely mandatory for every website on the internet to be encrypted with a SSL (secure socket layer) certificate.  SSL has been required for commerce websites since the dawn of time but Google now requires all websites to be secure to protect website visitors from having their information get into the wrong hands.

Ok.  We accept that.  Encryption for our own good.

So let’s say you manage your own website, or you have a family member manage the website.  They’re working on getting your website secure and are having problems getting the website fully secure with Google.  If this happens to you and your website we suggest you visit a website called “Why No Padlock?”  All you have to do is visit their website, enter in your website address (URL) and your website will be scanned and you’ll find out the culprit for your encryption issues.

You can scan any website, including ones that don’t belong to you.  Here is what The Good Geeks Website Scan looks like:

good geeks website encrpytion scan

There you have it.  An easy way to determine why your website is having issues being secured and therefore is getting this google error message:

This is what a website looks like when you view it and it is not secure

What is SSL?

SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser (e.g., Chrome, Safari, Internet Explorer); or a mail server and a mail client (e.g., Outlook).

Originally HTTPS was designed to allow for sensitive information to be safely exchanged over the internet, today it is a best practice for all websites.

Here are the top four reasons why every new website being built today should be served over HTTPS:

  • SEO – Search engines have started to rank sites that are served over HTTPS higher than comparable HTTP sites
  • Trust & Security – HTTPS makes man-in-the-middle attacks much more difficult and establishes a level of trust with the server you are connecting to
  • Surveillance – The rise of government surveillance, both foreign and domestic
  • It’s easy! Setting up HTTPS is now generally easy to do and SSL certificates can now be purchased and installed for free

How SSL Works

The lack of encryption with http:// URLs makes it very unsafe to browse and interact with websites that contain sensitive information, like bank websites, shopping websites, or any website that you login to, and especially any website where you enter a credit card number.When you visit a website at an http:// URL, information is sent through the network (“over the wire”) unencrypted, and you have no guarantee that the server you are connecting to at the other end is actually the server you think it is.

The https:// protocol solves these problems by forcing the network packets to be encrypted and guaranteeing via a third-party that the server on the other end is the one and only valid server for that URL. HTTPS makes man-in-the-middle attacks far more difficult and establishes a level of trust with the server you are connecting to.

The Certificate Authority

The third-party that establishes this trust is the “Certificate Authority”. The Certificate Authority sells SSL certificates and creates the network “handshake” that happens when connecting to a website. This way you can be sure when browsing over HTTPS that the server you are connecting to is the server you are asking for, and that any network packets you pass back and forth will be encrypted.

How to Implement SSL

The process of purchasing and installing an SSL certificate is generally very simple, and many web hosts will both sell and install SSL certificates in one step. You can also purchase an SSL certificate yourself from a certificate authority like RapidSSL and then ask your host to install it for you.

Although SSL certificates can still be expensive when purchased through certain certificate authorities, a new initiative led by a group of the biggest internet companies in the world called Let’s Encrypt is promising to provide top notch SSL certificates for free. As of January 2016 this service is in public beta, but very soon it will be the go to place for acquiring free SSL certificates.

Standard vs. Wildcard SSL Certificates

The only decision a potential SSL certificate purchaser needs to make is whether to get a standard SSL certificate or a special SSL certificate called a wildcard certificate. Standard SSL certificates protect a single domain like thegoodgeeks.com but don’t protect subdomains like todd.thegoodgeeks.com, whereas wildcard certificates can protect one level deep into subdomains. If your domain name has any subdomains that you want to serve over HTTPS, you’ll want to purchase a wildcard certificate.

What Now?

If you want your website to be more secure, better trusted and better “liked” by Google – consider purchasing and configuring an SSL certificate. The Good Geeks offers free SSL certificates to our Website Hosting customers.

No Comments

Leave a Reply