In recent years there has been a growing debate on just how important SSL certificates are, and whether or not they are needed for every website. Google itself have recently stated that they are beginning to prioritise secure websites (https) over non-secure websites (http) in their search algorithms. This is all part of Google’s […]
In recent years there has been a growing debate on just how important SSL certificates are, and whether or not they are needed for every website. Google itself have recently stated that they are beginning to prioritise secure websites (https) over non-secure websites (http) in their search algorithms. This is all part of Google’s wider campaign to encourage safe transmission of all information across the web. Whilst they claim such preference is only minimal, a number of companies are now paying more attention to the importance of SSL security, with several other big name corporations such as WC3 and Facebook encouraging every website to use SSL encryption.
An SSL (secure sockets layer) certificate is a digital certificate that both authenticates the identity of a website, and encrypts sensitive information so that any passwords, addresses or credit card numbers can not be intercepted or read by anyone other than the intended recipient.
In the same way that we use keys to lock and unlock doors, SSL certificates use keys to validate and protect sensitive information. A certificate signing request or CSR must also be created on the server. This creates a pair of public and private keys. The public key is used to encrypt (lock) the sensitive information, whilst the private key is used to decrypt (unlock) the information provided and restore it to its original format so that it can be read.
When you use a website http messages are flying around over the network. When you fill in a contact form or simply click a link a small packet of information in text format gets sent over the network by your computer. If you put your email address into a contact form and hit submit the packet of information (very similar to a plain text file) will contain your email address within it. This packet will then get sent to every machine on the network. If you happen to be using wireless then this information will be sent over the air. This means that anyone can sniff the air or plug into the network and read these unencrypted packets of information. If this information is simply a request to go to another webpage it’s probably not a problem, but if it happens to contain your credit card information then we could have a serious problem.
Unfortunately the internet and more specifically the http protocol is not secure by default, https however is secure because each of these packets gets encrypted before it is sent, meaning only the intended recipient can decrypt and read the message.
There are a number of reasons why SSL security is important:
If you run a small brochure site, or do not require any personal information to access certain areas of your website then you are in no major rush to upgrade to an ssl certificate. Whilst Google have announced that they are beginning to favour secure websites over non-secure websites in search rankings, the implications are still small, and Firefox is yet to stop displaying non-secure websites.
However, if your website does require any level of personal information then online security is particularly important especially when shopping online. Even if you are simply entering an email address over wireless connection, this information can be vulnerable to third party access if your site simply operates on http access. Securing this information with SSL encryption (https) immediately combats any risk of unwanted sharing of your information. “Privacy by Default” is the new internet mantra and this is a message that companies such as Google and Facebook have began to endorse.
In the past, making your website secure was a pain. You had to purchase and renew multiple SSL certificates and add these to your secure web server. And this could often be a cumbersome task. It doesn’t have to be this complicated however.
Services such as Let’s Encrypt have revolutionised this process by making secure certificates completely free and the installation process as easy as possible. The result gives website owners the ability to offer https encryption and all of its benefits minus the cost and hassle of past years.
Of course, it’s important to ensure secure certificates from Let’s Encrypt are still installed by professionals, but this is where we can help.
If you are still unsure whether or not SSL security is for you, or if you have any other web development issues then please get in touch.
Subscribe to get our best content. No spam, ever. Unsubscribe at any time.
Send us a message for more information about how we can help you