SSL stands for Secure Sockets Layer. The SSL protocol was an internet security protocol designed to establish an encrypted connection between web servers and clients. Today, SSL has been replaced with TLS, but many people still refer to this technology with the SSL acronym.
An SSL certificate included a private and public key that made it possible to secure online transactions and protect customer information.
Sometimes called an “SSL handshake,” the security check starts when a user tries to connect to a website secured with SSL. The browser requests that the site server identify itself, and it receives a copy of the SSL certificate. After validating that the SSL certificate is trustworthy, a secure connection is established to allow encrypted data between the browser and the server.
In modern internet browsers, you know that a website is secure if the URL in the address bar contains HTTPS. Visually, this is communicated with a little padlock icon. You can click this symbol on any HTTPS website to read the certificate for yourself.
If you’re new to the world of internet security, you may also be confused about some other common terms.
Briefly, here’s how SSL differs from common web security terms like TLS and HTTPS.
So, how does SSL impact your website’s SEO?
Well, technically, SSL isn’t involved. Now that SSL has been deprecated and replaced by TLS, the technology powers HTTPS, the secure variant of HTTP that most websites use.
In a nutshell, here’s why HTTPS is important for SEO:
On the flip side, it’s important to think about how the lack of HTTPS can affect your website in search.
Google’s algorithm includes the HTTPS protocol as a ranking signal, which could boost your site in theory. But considering how common HTTPS is now, the more likely scenario is that your site will suffer in the search results if you don’t have it.
Remember that user engagement is a key ranking signal, so when people click on your site in the search results, it’s imperative that they stay on the page and interact with it, rather than bouncing right away.
An insecure website will often display a “Not Secure” warning that can spook incoming users and obliterate your site’s user engagement metrics. Just for that reason, your SEO will benefit from a TLS certificate.
The whole purpose of certificates is to provide trustworthy security for people browsing the web. To make that possible, you’ll need to purchase your certificate from an authorized certificate authority.
Well-known certificate authority companies may include Symantec, GoDaddy, DigiCert, and GeoTrust. Most reputable CAs also offer technical support to ensure that you install your certificate properly.
There are various types of certificates, including DV, OV, EV. The main difference is in the warranty that you get from CA.
Domain Validated - The DV requires minimal effort for validation – typically nothing more than proving ownership of your domain through an email or phone call. This is best for blogs or informational websites that don’t need to collect a lot of personal information from their visitors.
Organization Validated - The OV is designed for commercial websites and businesses that collect and store customer information through their websites.
Extended Validation - The EV is the highest-ranking and most extensive type of certificate and requires verification of the requesting entity’s legal identity. This is best for websites that require a great deal of sensitive personal information from visitors, especially medical or banking sites.
If you have a typical blog, a DV certificate should be sufficient.
However, depending on the number of websites and/or subdomains you want to cover with a single certificate, you may need to choose between a wildcard certificate (best for multiple subdomains) and a subject alternative name (SAN) certificate (best for multiple websites).
Wildcard certificate - The wildcard is designed for securing multiple subdomains on the same website, which is cheaper than buying a dedicated certificate for each subdomain separately.
SAN certificate - The SAN is designed for securing multiple domain names or websites at once, which can save a lot of time and money.
The SSL/TLS certificates will expire after 398 days and must be renewed on time. The option to renew is possible within 30 days of the expiration date.
Note that TLS certificates don’t renew themselves, and the consequence of an expired TLS certificate is that your website will no longer be viewed as secure – this can put both your site data and your visitors’ information at risk.
Watch for an email from your CA and follow the steps to renew.
No. Even wildcard certificates cover only one level for subdomains, so you’ll need another certificate, or you can use an SAN certificate.
Since September 1, 2020, the maximum lifespan for an SSL or TLS certificate is 398 days. After expiration occurs, you’ll need to replace the expired certificate.
Yes, you can. For example, Letsencrypt and Cloudflare provide certificates, but only domain-validated (DV) are free. This is the most common type of certificate, and are verified through the domain name alone.
Most web hosting providers offer free certificates when you purchase hosting from them.