The year 2018 is marked by the safety of Internet users. SSL certificate will soon become Google's ranking factor, but its possession will also be enforced by GDPR controls. Check how to make your website secure and not to expose your business to losses.
How to make your website secure with an SSL certificate?
An SSL certificate (Secure Socket Layer) is an Internet protocol that encrypts the connection between the browser (your user) and your website server. After implementing the SSL certificate on your website, the HTTP protocol will turn into a secure HTTPS protocol. When connecting the browser and server, this protocol uses an AES key (for example 256-bit) to encrypt the data. Such an algorithm cannot be deciphered by hackers. This means that the data that the user sends to your website, e.g. credit card details, is fully protected and there is no risk of being stolen.
What threatens pages lacking HTTPS protocol?
Users can easily recognize if your site is secured with an SSL certificate and, as a result, whether the data they send is protected. They can get to know it by the address bar of your site. It starts with the HTTPS protocol, has an additional padlock icon on the left side of the address or is all marked in green.
Even if any of the users overlook the lack of SSL on your site, Google will eagerly remind them about it. Google announced that from July 2018, it will mark websites without HTTPS as Not Secure. This notification will be displayed to users before they enter your site. In this case, you are exposed to a decrease in Internet users' trust in your site and, as a result, a drop in traffic. What’s important, SSL certificate will soon become an important Google’s ranking factor which means that secure websites will reach high positions and vice versa.
Do you think that's everything? Nothing more wrong. In May 2018, the so-called GDPR (General Data Protection Regulation), will impose an obligation on websites that collect/process users' personal data to secure such data with an SSL certificate. If you do not comply with the new law, you are threatened with high financial penalties.
What to remember when buying SSL?
Above all, take care of the confidentiality of your private key. You will get it in the package with the SSL certificate purchased, and it will be stored on the secure server of your site. Remember that if you disclose your private key to anyone, you increase the risk of breaking the encryption. The disclosure may occur, for example, in the situation of sending a private key by e-mail to your employee. When the private key is revealed, you will not be able to generate a new private key for the current SSL certificate. You will need to buy a new certificate.
Remember: After any encryption component has leaked, you must immediately revoke the certificates and keys, and then buy, generate and install them again.
When purchasing an SSL certificate, do research on the certification authorities that you want to buy the certificate from. In the history of the Internet, there were situations when some offices were thrown from browsers, and the SSL certificates issued by them were revoked. The company named Symantec and its products may serve as the most recent example of such situation. The company employees have sent clients' private keys via e-mail. After this incident, Symantec’s clients were informed about the situation and warned that their SSL certificates would cease to be active within 24 hours.
Remember: Before choosing an institution that issues you with an SSL certificate, familiarize yourself with its history and reputation.
Be aware of possible implementation errors
You are already aware of threats more or less dependent on you. So, it's time to make you sensitive to errors that may arise from technical omissions when implementing the certificate. For some of them, you may need an HTML help. The most common omissions when implementing SSL certificate include:
- Forgetting about 301 redirects. After implementing the SSL certificate, you create a second version of the page. If you do not take care of redirects from the HTTP version to the HTTPS one, for Google it will be a signal that you have duplicated the content. And a duplicate content may sometimes impact search engine rankings. Negatively, of course.
- Forgetting about page indexing. After implementing the SSL certificate, check if Google's robots can see your HTTPS subpages. It may turn out that they are invisible to Google's robots, and as a result – your subpages are not visible to users in the search results.
- Forgetting about testing. After implementing SSL on your website, make sure that there are no gaps in the implementation. The tool that will help you verify this is, for example, ssllabs.com. The site will do the SSL implementation audit and will give you the appropriate rating. If it's lower than A, you'll get information on what needs to be corrected and how to do it.
The above errors are just a parcel of this, which is often overlooked when implementing SSL on the site. This is especially true of small websites that do it on their own and do not have access to professional support in this area. It is important, however, not to avoid using the help of IT companies offering HTML help. Especially that incorrect implementation of SSL may put your business at risk.