SSL Certificates

January 16th, 2017

SSL certificates used to be the preserve of e-commerce websites, banks and anywhere else online that needed confidential information. Nowadays they’re quickly becoming the standard for almost all websites, so what are they and why should you get one for your site?

What are SSL certificates (and what are they not)?

SSL certificates encrypt information that is sent between a client (such as a browser) and a server. Data on websites without an SSL certificate is sent unencrypted, which is fine as long as no sensitive information is being transferred. However, if the website is handling credit card data, bank details or any other user-sensitive information, an SSL certificate is crucial in preventing any intercepted data being readable by an eavesdropping third-party.

You will likely have visited plenty of websites where the browser bar turns green and displays a padlock sign, as it does on this site. This indicates the site has an active SSL certificate and the content is being transferred over a secure connection. The other thing you will notice is that the standard http:// becomes https:// (the ‘s’ standing for ‘secure’).

It is important to note that SSL certificates only encrypt data that is in transit, so they do not make your website files, databases or servers any more secure. In fact, on websites where an SSL certificate is optional, they should be considered the final layer of security as they do not protect your site or its database against any form of attack.

Should I install an SSL certificate on my site?

In certain situations, you may not have a choice about this. If you are taking payments on your site, some merchant gateways and services (such as Stripe or Gumtree) require an SSL connection to prevent sensitive user data being intercepted. Even if your site doesn’t require one, there are plenty of other good reasons to install an SSL certificate on it.

One of the most obvious benefits is that the green browser bar and padlock combination help to boost user confidence when making purchases. This is particularly useful if you’re running a site where users are buying products, even if the purchases are handled off-site.

There is another reason that many sites that traditionally would not require an SSL certificate are starting to implement them - Google. Since 2014, Google has used SSL certificates as a ranking signal, giving preferential treatment on search engine results pages (SERPs) to SSL-enabled sites. However, the biggest factor is Google’s decision to start marking all non-SSL sites as ‘not secure’ in its Chrome Browser. Initially, this marker will be rolled out to sites that collect passwords or credit card data, but Google has indicated that this will eventually be displayed on all non-SSL sites, irrespective of content.

How much do they cost?

SSLs used to add an additional expense to the annual domain renewal fees. This would add a minimum for £40pa to your site running costs, but thanks to a new initiative entitled Let’s Encrypt, SSL certificates are now freely and easily available. The drive is popular enough that many hosts are now offering a direct integration with their service in order to satisfy demand.

The result is that it is now much cheaper to run an SSL-enabled site that it used to be. Site owners will now only need to cover the cost of the initial move to SSL. Usually, this includes changing the site’s URL to https:// and removing any errors from legacy non-SSL content on your site so that the padlock displays without any errors. Once this is completed there should be few, if any, ongoing expenses.

If you think your site would benefit from the additional trust or rankings an SSL certificate can offer, or if you have any questions, please get in touch.