Did you know that the latest version of Google’s Chrome browser will mark any website that doesn’t use HTTPS as “Not secure”? And with over 58% of internet users worldwide using Google Chrome, this is a change that you need to be aware of. Version 68 of Chrome started to go live to customers in July this year so if you haven’t already made the change to HTTPS then you could already be losing potential customers.
Isn’t HTTPS just for online retailers?
This may have been true once, but Google and the other search engines have been keen to promote the benefits of a more secure internet and have been providing ranking benefits to early adopters of HTTPS for a couple of years now. This latest update by Google means that HTTPS is now a necessity for all websites, not just industry leaders.
Reasons to adopt HTTPS
Still not convinced that your website needs HTTPS? Well, one of the biggest reasons that you should adopt HTTPS is to protect your users’ privacy. In the world of GDPR, user privacy is a hot topic and HTTPS provides a secure connection between your website and the customer’s web browser and provides peace of mind that their data is safe.
The data sent using HTTPS is secured via SSL (Secure Sockets Layer) which offers the following protection:
Encryption – All data sent between your server and the user is encrypted. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages, or steal their information.
Data integrity – Data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
Authentication – Authentication gives users reassurance that they are communicating with your website and not a fake. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.
SEO – Google has highlighted that they provide a rankings boost for making the switch to HTTPS as this is used as a ranking signal.
Credibility – Trust is a big reason to make the move from HTTP to HTTPS as users are more likely to provide information if they think your website is secure. It has been proven in many studies and surveys that websites that are secure and show the green padlock symbol are trusted by customers.
Levels of SSL certificate validation
There are three different levels of validation when it comes to SSL certificates with the most common of these being the Domain Validated certificates. These are suitable for small to medium-sized businesses and have a lower price point than the other options.
Domain Validated (DV) Certificates
A Domain Validated certificate offers the same level of data encryption as the more expensive options but it does not offer the same assurance about the details of the business. A DV certificate is the best option for small to medium businesses.
Organisation Validated (OV) Certificates
The next step up from a DV certificate is the Organisation Validated certificate which provides full business and company validation from a registered certificate authority. All OV certificates contain full company name and address details meaning they provide higher levels of assurance in comparison to DV certificates.
Extended Validated (EV) Certificates
For the highest level of assurance and customer trust, the Extended Validated certificate is the one to pick. This is issued following rigorous background checks on the company following guidelines set out by the Certificate Authority/Browser Forum. This type of certificate is commonly found on major online retailers as well as banks and big brands and turns the address bar green in all major browsers.
Types of SSL certificates
As well as the three different levels of validation there are also four different types of SSL certificate available depending on your needs. Your SSL certificate is made up of your choice of level and choice of type of certificate. The different types of SSL certificates are:
Single Domain Certificates
As the name suggests a single domain certificate is only valid for one fully qualified domain name. For most small businesses that only have a single domain name, this is a suitable option while those with more than one domain may wish to consider a wildcard or multi-domain certificate.
Wildcard SSL Certificates
A wildcard certificate lets businesses secure subdomains for their main domain under the same certificate. These are common for ecommerce websites that use subdomains such as payments.domain.co.uk, login.domain.co.uk and other subdomains of their main URL.
Multi-Domain SSL Certificates
For businesses with more than a couple of domains then it may be worth choosing a multi-domain certificate which can allow you to secure up to 100 domains under a single certificate. This is often a cost-effective option compared to single domain certificates and also makes managing your SSL certificates much easier.
Unified Communications Certificate
The unified communications certificate has very specific applications in that it has been specially designed to work within Microsoft Exchange and Office Communications server environments. Like a multi-domain certificate, it can support up to 100 domains on the same certificate.
Free SSL certificate services
Did you know that there are a number of free SSL services now available? These have been created to help get more websites to switch to the HTTPS protocol. Some of the most popular ones include the below:
One of the best-known SSL certificate providers this non-profit offering is a free, automated and open certificate authority which is sponsored by some big names such as Mozilla, Cisco, Facebook and Google Chrome to name a few. This is a great option for small businesses with brochure type websites.
Anyone who has used a content delivery network before will probably have heard of Cloudflare but what most people don’t know is that they offer a free SSL service. As you’d expect from a company that has made its name by providing cloud-based solutions their SSL service is easy to install and setup but the free option is only really suited to personal websites and blogs.
Another option for website owners is Comodo which offers a free SSL certificate for a 90 day period, which is the same as the above two providers. Like the providers above this is a quick and easy option which is recognised by the major browsers and devices.
While the above services all offer a free SSL certificate for your website there are some reasons why you may want to opt for a paid solution instead which include:
- Shared SSL certificate
- Unable to use on ecommerce websites
- Certificate expires after 90 days and can be complicated to set up to auto-renew
Making the switch to HTTPS
In order to make the switch from HTTP to HTTPS, you need to purchase an SSL certificate for your website. An SSL certificate is issued by a Certificate authority and the majority of websites will be able to use the standard domain validation certificate. Once you’ve purchased a certificate you’ll then need to install it on your website’s server and you’ll also need to instruct your website to serve pages using the HTTPS protocol. In most cases, this can be managed simply in your CMS system e.g. WordPress by using a plugin or add-on. In some minor instances, development work may be necessary to implement these changes.