Google Requires SSL Certificate
- Nate Chisley
- GOAL: This article is to help understand what an SSL certificate is and where to get an SSL certificate.
Why Google Requires SSL Certificate
Google, the company that pretty much runs the internet, states:
“Users expect a secure and private online experience when using a website. We encourage you to adopt HTTPS in order to protect your users’ connections to your website, regardless of the content on the site.”
HTTPS? SSL? What are you talking about? I thought you might ask.
What Is HTTPS & SSL?
Cloudflare, a leader in online securities, defines HTTPS & SSL this way:
“Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP, which is the primary protocol used to send data between a web browser and a website. HTTPS is encrypted in order to increase security of data transfer. This is particularly important when users transmit sensitive data, such as by logging into a bank account, email service, or health insurance provider.”
“SSL, or Secure Sockets Layer, is an encryption-based Internet security protocol. It was first developed by Netscape in 1995 for the purpose of ensuring privacy, authentication, and data integrity in Internet communications.”
An SSL certificate’s main purpose is encryption, but it also allows for authentication. SSL instantly encrypts data like passwords and credit card detail so only the user and website can use it. HTTPS is a way of providing visitors with a key indicator to let them know they are currently protected by an SSL encrypted session.
How Can You Tell?
Here are the ways that a few of the major web browsers indicate that a website is protected by SSL:
Google Chrome
Chrome shows a padlock only.
Mozilla Firefox
Firefox shows a padlock and “https”.
Microsoft Edge
Edge shows a padlock and “https”.
As you can see, whatever browser you are using you are able to identify a secure website. And the opposite is true also. If the website you are browsing is not secure, the browser will identify this as well. My apologies to MIT, you are just an example (and feel free to contact me to get this fixed right away):
Google Chrome
Chrome shows “not secure”.
Mozilla Firefox
Firefox shows a crossed out padlock.
Microsoft Edge
Edge shows a clickable info symbol.
Additionally, Google Chrome also shows a red “Not secure” warning if you enter any information into a form field on an unsecured website.
Seeing a “Not secure” notice next to your domain name while your entering personal information can bring a very negative response from your site’s visitors. If you’re doing any business through your site and collecting user information, even through something as simple as a contact form, the red “Not secure” warning is enough to turn some users away. An SSL certificate is a simple and important trust factor on the internet and if you don’t have your users’ trust it can seriously impact your business and ultimately your bottom line.
Not just anyone can create an SSL certificate. Your computer will only allow connections to sites who have an SSL certificate signed by a trusted certificate authority. Certificate authorities verify that the SSL certificate actually belongs to the company or website requesting it.
What Kind Of Certificate Do I Need?
- Domain Validation – Any WordPress site, any basic site or site that has a form.
- Extended Validation – eCommerce, business or organization sites. Any site that wants to present themselves as extremely trustworthy.
- Unified Communications – For email servers (also a requirement for Microsoft Exchange).
- Subject Alternative Name – For multiple domains that are all related but aren’t necessarily sub-domains. Can include email or IP addresses, DNS name or URL.
- Wildcard – For WordPress Multisite networks set up with sub-domains.
- Organization Validation – Business or organization sites which need to appear as trustworthy.
Trusted Certificate Authorities
Below are some of the most trusted SSL certificate authorities. I’ve used all of them during my years as a web pro and believe that they are all viable solutions to website security.
Conclusion
If you do not already have one, GET AN SSL CERTIFICATE RIGHT AWAY. It’s that simple.
The internet is becoming a more secure and privacy-respecting web, and HTTPS is now a standard for all websites. It’s very important that you, your site admin or whoever maintains your awesome website acquire an SSL certificate from a registered certificate authority.
If you need help with setting up your SSL certificate, or any advice on which is the best SSL certificate to suite your particular website, please let me know in the comments below and I’ll be sure to help in any way I can.