For several years, Google has been looking to change the policy on SSL certificates, forcing them to be implemented at the level of each website. It all started with the 2014 campaign, called HTTPS Everywhere, whose main purpose was to draw attention to their importance. Currently, 68% of all traffic on Windows and Android is protected, and Google aims to maintain this upward trend.

Next, we will explain what exactly an SSL certificate represents, what its role is and how it can be obtained, answering the most frequently asked questions on this topic.

What is an SSL?

Secure Sockets Layer (SSL) is a security protocol that establishes a secure link between a web server and a browser. It guarantees the secure exchange of data, protecting information on bank cards, passwords and, in general, any information that is intended to remain private.

To be able to create such a connection, a web server requires an SSL certificate. Through it, the information can only be decrypted by the server to which it is addressed, reducing the risk of its modification or theft.

How do you know if a website has such a certificate?

The use of an SSL certificate by a website is easy to recognize, as it has the prefix https://, a green padlock in the address bar and is accompanied (until September this year) by the Secure message.

What are the advantages of SSL technology?

Overall, SSL offers a higher degree of data sharing privacy compared to an unencrypted web connection. Among the benefits of its use are:

– Protecting sensitive credit card information used in transactions, usernames and passwords;

– Securing the data exchange between servers;

-Better positioning in the Google search engine;

-Gaining the trust of users and potential customers;

-Encryption of browser-server and server-server communication;

-Strengthening the security of mobile and cloud applications;

-Protecting against phishing.

Types of SSL certificates

Depending on the level of validation , there are several types of SSL certificates, and the most used of them are:

• Domain Validation Certificate

It confirms the applicant’s right to use a specific domain by enabling the HTTPS protocol. Most of the time, this type of certificate is cheaper and can be issued faster, but it does not guarantee the absolute safety of the website. They can be paid monthly, and some hosting services even offer them for free.

• Organization Validation Certificate

It is one of the safest choices, being frequently used by large companies or organizations, which aim to establish a strong relationship of trust with their customers. Its prices vary depending on the number of secure domains and subdomains and the guarantee chosen, starting from €9 and reaching up to a few hundred euros.

• Extended Validation Certificate

It offers the highest degree of security of all types of SSL certificates, activating the HTTPS protocol and the green bar in which the name of the company that holds the certificate is mentioned. It can only be obtained following a strict authentication process based on thorough documentation, and the validation process is longer. The price of such a certificate is approximately €150/year.

SSL certificates also differ depending on the number of secure domains, with the list of secure domains and subdomains being attached at the time of their issuance:

• SSL certificate for a single name/domain

It protects a single domain name, making it suitable for small and medium-sized businesses that manage a small number of websites. For example, a certificate purchased for www.exemplu.com provides protection for all pages on that domain, but not for a subdomain such as mail.exemplu.com.

• Wildcard SSL Certificate

It ensures the protection of an unlimited number of subdomains for a specific domain. A certificate purchased for x.exemplu.com can be used for any subdomain that replaces x (mail.exemplu.com, office.exemplu.com, etc.). It automatically secures subdomains added after its purchase and simplifies the certificate management process.

• Multi-Domain SSL Certificate

It protects different domains through a single certificate (www.exemplu.com, sub.exemplu.com, exemplu.net, altexemplu.com, etc.) and domains on different servers. Domains can be easily added and removed, thus making the management process easier. Administrators need a single certificate with a single expiration date for all domains, thus also reducing costs.

• Unified Communications Certificate

Dedicated to securing Microsoft Exchange and Office Communications environments, it allows administrators to include 100 domains on a single certificate. This eliminates the need for different IP addresses, specific to each website.

Why is SSL important to Google?

Over the years, Google has removed websites that ignored security standards, and on May 1, in the context of the entry into force of the new European data protection regulations, it launched the Certificate Transparency Policy. It requires authorities capable of issuing security certificates to keep a public archive of all SSL certificates.

However, the rule stands out only as part of the effort to enforce HTTPS. Starting the previous year, Google warned administrators that NON-HTTPS websites will be marked as non-secure by a message when accessing the site. Moreover, Google has made known its intention to formally categorize websites that do not have SSL certificates as insecure starting in July this year.

Moreover, starting with September, Google aims to remove the Secure indicator, due to the fact that most of the traffic is already HTTPS and to focus on highlighting situations in which the user accesses an unsecured HTTP site.

Why do you need an SSL certificate for your website?

Time flies quickly for those who haven’t yet adapted to an HTTPS encryption. Google does not directly admit that HTTP websites have a handicap in the search algorithm, but we can assume that a warning about their security can cause a major drop in them.

For example, it can reduce the time consumers spend on a website, bounce rate, and click-through rate. All of these factors contribute to lower position in search results. Google is not only the largest search engine, but it also owns the most used web browser, specifically Chrome. Moreover, the context of the introduction of the GDPR makes the policy on the security of personal data a basic concern at the online level.

How do you get an SSL certificate?

Before purchasing an SSL certificate, you need to make sure that your website has a dedicated IP, as this is the first requirement for obtaining it. If you don’t have a dedicated IP, contact your hosting service. Also before purchasing the certificate, set an email address in the form of [email protected], as the SSL information will be sent to this address.

The most affordable source of buying an SSL certificate is your hosting company. Some of the companies want to take advantage of the high interest by raising their prices. However, costs have decreased due to high demand.

We advise you not to postpone its purchase, because Google’s intentions are clear: the full transition from HTTP to HTTPS. If you are ready to take the first step in installing the SSL certificate on your website, we invite you to contact us.