According to several articles seen lately, Google plans to rank secure sites higher than those without SSL certification. The idea, apparently, is to provide an incentive to make the web a safer place. Great in theory, but in practice, not so much.
What Is SSL?
Secure Sockets Layer is an encryption protocol that is used by banks and other sites to keep financial and other sensitive data safe from prying eyes. You may not be aware that if a site is not protected with an SSL certificate, any data sent to the site goes over as plain text. It may be compressed by a process similar to creating a Zip file, but anyone can unzip the data and read it.
SSL was a hot topic a while ago when the Heartbleed security vulnerability was discovered. Unless you live in a cave somewhere, you likely saw all the news coverage and drama surrounding Heartbleed.
In any case, when you visit a self-proclaimed “secure site” and see that little lock symbol show up on your browser, you know you’re on a site secured with SSL. The URL prefix of “https” is also a good indicator.
Can You Use SSL?
In a perfect world, every site would use SSL. There are a number of reasons why more sites don’t use it. First of all, if your site is on shared hosting, like most are, you can’t have your own SSL certificate. An SSL certificate protects a single domain and IP address. If you’re on shared hosting, you have the same IP address as all the other accounts on the same server. Most shared hosts can provide a shared SSL certificate, however, you can’t use your domain with it. Your SSL certificate covers a domain that looks like the following:
While it can be useful in certain circumstances, for the most part, this won’t do what you need it to do.
Update: If you’re willing to pay a few bucks more per month, you can buy a dedicated IP address for your shared account. This will let you purchase an SSL certificate to use on your shared account, but only on one domain. If you have multiple domains on your account, you’ll need to choose which one you want covered by the SSL cert. You would not be able to purchase multiple SSL certs to cover the other domains for the same reason a stated above for shared accounts: all your domains on that account have the same IP address.
SSL Certificates Aren’t Cheap
Reputable SSL certificates are fairly expensive and must be renewed periodically. You’ll need one for each domain you want to protect. The more reputable the provider, the more expensive the certificate will likely be. They can be had discounted occasionally, but the renewal won’t be at the discounted price so the savings is for the short term.
It Matters From Whom You Get Your SSL Certificate
There are quite a few providers of SSL certificates to choose from. You can even sign (certify) your own private certificates, however, that is only useful for in-house networks as no one else will recognize them. The purpose of the certificate, after all, is to assure visitors that your site is safe. The certificate provides that assurance if it’s been issued by a recognized provider. If the provider isn’t recognized by the browser’s file of providers, your site will display warnings or refuse connections altogether in some circumstances. Suffice to say, it pays to go with a well recognized supplier.
A Good Idea, But…
The idea of having all sites use SSL is a nice ideal to shoot for, but not practical for most website owners. Google is only providing a slight boost in rankings for sites with SSL protection which indicates that they acknowledge the burden it would place on small operators. At this point, it’s not something to be terribly concerned about.
Image © Pavel Ignatov – Fotolia.com