Recently Google announced that they
have begun giving preference to sites that use the HTTPS protocol –
this is the secure version of the more common, HTTP. Google is doing
this because the process of obtaining the security certificate to use
HTTPS (an SSL Certificate, more on that later) involves some research
and vetting of the company / person applying for it. (Although maybe
it's because, secretly they invest in companies that supply the certs
– where are all the conspiracy theorists*??)
This HTTP / HTTPS / SSL stuff might be
causing some confusion. So, here is something that will help … at
least I hope it helps.
HTTP and HTTPS, What are They?
HTTP stands for Hypertext Transfer
Protocol. It handles the formatting and transmission of data between
the Web server and your browser. HTTPS is a secure version of HTTP –
that's what the “S” means. This version of HTTP encrypts the
data moving between your browser and the server.
What is SSL
SSL stands for Secure Socket Layer.
This is a protocol that creates a unique key and uses it to encrypt
and 'de-encrypt' information being sent between two computers. The
encryption code is shared between only the sending and receiving
machines, making it very hard for a third party (machine) to figure
out what is being sent back and forth. This is why websites that
gather and send payment information often implement SSL. (In some
states, the use of SSL is required for sites that collect
credit/debit card info, Social Security Numbers, or child
information).
An SSL Certificate is a digital
signature that says, “this owner and/or domain have been checked
out.” Installing an SSL Certificate on your website is what gives
you the “S” in HTTPS. Note that the HTTPS protocol can be forced
on a website without a valid SSL Certificate. But, the major
browsers will popup a nice big warning letting you know they can not
verify the security. If you really trust the site, you can bypass
this warning. But make sure you really trust it before entering any
personal info!!
Getting a Certificate
You can purchase a Certificate directly
from a company like Network Solutions, DigiCert or RapidSSL. But, I
highly recommend that you ask your developer or hosting company for
help. They may charge a little to get everything set up. But, this
charge will be less painful than trying to get this all together
yourself! Also, many hosting companies offer a service with includes
the purchase of the certificate, installation of the certificate on
your domain, and the changes that are required to go from the HTTP to
the HTTPS protocol.
There are three different types of SSL
Certificates. They involve different levels of
research/investigation into your business and domain (none are
intrusive and this research takes place behind the scenes, except for
a few emails you might receive).
First is the Extended Validation
Certificate. It checks the right of the applicant to use the
domain that will be protected and the certifying company conducts a
thorough and detailed vetting of the organization
represented by the site.
Next is the Organization Validation
Certificate. The authorizing company will check the right of the
applicant to use the specific domain name and will also check into
the organization represented by the domain or the company that owns
the domain. This check is not as thorough as the check for the
Extended Validation Certificate.
Finally, there is the Domain
Validation Certificate. With this type of certificate, the
applicant is checked to make sure they have the right to use the
domain covered by the certificate.
All this information is available to
your visitor / buyer when they click on the Secure Site Seal. **I
highly recommend that you have your developer put this seal and link
(provided by the authorization company) on your site in prominent
locations, such as the home page, cart and checkout pages, or form
pages that collect personal information or information about
children.** If you are on a site where you are asked for any of this
kind of information, you may want to click on the seal to see what
kind of certificate the domain has.
Why So Many Different Prices?
Prices can very greatly for SSL
Certificates. Factors effecting price:
the issuing company for the
certificate.
what level of compensation you
want if the data is stolen during transmission.
what the certification covers –
a single domain, the domain and its sub-domains, or multiple
domains.
the number of years you purchase
the certificate for (most certification companies now allow you to
purchase for multiple years).
Another things that may increase the
price is the cost charged by your developer / host provider to
install the certificate for you. If working with your developer /
host provider, I recommend you ask for an itemized list including the
cost of the certificate type, plus the cost of the 'add on' features,
and the cost of their services and assistance.
Some Final Notes
Watch your site - when your certificate
is installed and takes effect, there may be links to other pages,
sites and images that are broken. Also, make sure your developer /
host company sets up your site to automatically go to HTTPS even if
someone types or uses a link that still has the HTTP protocol
specified.
It is worth remembering that with the
cost of an SSL Certificate, you are not only providing assurance to
your visitors, you are protecting yourself / your business, and you
are helping your Google search rankings!
It is my hope that this post helps you
understand HTTPS and SSL. If you have questions, please feel free to
comment here or ask questions on
Facebook,
Google+,
LinkedIn,
Twitter, or any
other social media site you came here from. You may also ask questions using the
contact form on our website.
*This line is a joke, please no
comments about it.
