In the last couple of years, SSL and HTTPS have been actively used and pushed for, even by browser vendors. Its lack even reflects negatively on rankings in major search engines like Google. But what is all this for?
And SSL certificate (security certificate) technically has a security role in two ways:
- It certifies that the website you are accessing is the one it claims to be. So it has a role of inspiring trustworthiness.
- It encrypts traffic between the website and the user that browses it so that it is not easy to eavesdrop on.
You have probably already seen the green padlock icon next to a website URL in the browser URL bar – that’s a sign that the site employs an SSL certificate.
Privacy and Trust
Encrypting traffic is especially important when transferring sensitive information – like the username and password used to log in on a website, or your credit card number. But since lately Internet privacy is becoming more and more of an issue, the definition of a secure site seems to be extended. Laws are being enforced (like the GDPR in Europe) that basically states that any information that can identify a person is defined as “personal information” and is sensitive, and should be protected.
Browsers have caught up with this trend and in the latest year started showing a “Not secure” icon next to the URL bar of any website that does not have an SSL certificate and has any kind of form on it. Even a search form. This can easily incite distrust in any user, and might fend him off to a competitor’s website for no good reason.
Search engines are also “punishing” websites without SSL and pushing them lower in search result pages. That makes a business even harder to find organically.
As a response to this trend, there were initiatives, like “Let’s Encrypt“, which allows for a free SSL certificate for every domain name owner. You can check your hosting provider for the “Let’s Encrypt” certificates – they should support them and enable one for you. After enabling the SSL certificate for a website, this means one can use both secure and insecure connections to the website. So a site also needs some work done on it, so it is forced the direct all its traffic through the secure connection. If you have any questions or need help with this task, feel free to contact us.