Google has sent the techie websites in a dizzy HTTP vs HTTPS.  Over the last year or so Google (as well as Mozilla and other browsers) have encouraged the use of HTTPS. Starting in October they will be far more serious about it. Currently Chrome and Firefox just show an “i” next to the address bar if the website does not have an SSL, they add a green lock if it does. Starting next month sites without the SSL Certificate will say “Not Secure”.  There is a strong indication that sites without an SSL will also suffer in Search.   If I still haven’t convinced you to get an SSL Certificate, now is the time to do so!

What is the Difference between HTTP & HTTPS?

HTTP stands for Hypertext Transfer Protocol. It’s essentially the method and rules by which information is transferred on the web. HTTPS is the same, but with security – aka encryption. For the full nerdy version click here. Without encryption the weasels of the internet can skim any and all data being transferred. That means your login, your passwords, your email, your name, your bank account numbers, your photos, your credit cards, your birthdays, anything and everything you type into a browser.

Why is this Important?

Security Security Security. For the last several+ years websites asking for financial and credit card information have required it – or at least they payment gateways have. That is one of the handy things about PayPal, they handle the payments as well as the required security around it. It’s also been best practice to use HTTPS when entering login info and other personal information.  Broswers (Google, FireFox, etc) have gently encouraged the use of HTTPS by giving subtle markers such as:

As a user, that green “Secure” is comforting, right? Your customers want that same reassurance when visiting your website, even if it isn’t e-commerce.

Also sites with a certificate have received a small boost to SEO. It sounds like starting in October that boost will increase.

What do I do About it?

For most small businesses this is an easy and relativity inexpensive fix. All that is needed is an SSL Certificate. I have recently become a seller for all things hosting/domain/security related and have put SSL Certificates on sale now through the end of October.

For most small businesses and bloggers, the Standard certificate is sufficient. It’s easy to set up no matter who you host with.

How Do I Chose What Type of SSL Certificate to get?

There are 3 basic types of Certificates.

• DV – Domain Validation is the most common type used. They are quick to install, usually just a matter of minutes. All you need to do is prove you own the domain – this is usually done with an email address with the same domain or adding a file to your DNS.
  • DV certificates come in a few forms – single domain, multi-domain and Wildcard. If you just have a website without subdomains the Single Domain is the way to go. If you bought yourdomain.com yourdomain.net and yourdomain.org the you would want the multi-domain to protect all of them.  If you have it customized with multiple subdomains, then get the Wildcard – this will let you have special sites such as promo.yourdomain.com sales.yourdomain.com or anythingyouwant.yourdomain.com and still be protected.
• BV – Business Validation add an extra level of trust. It does take longer to implement as you have to provide paperwork, tax ID numbers, and other information. This is recommended for types of business that regularly get scammed – such as banks and other large businesses. It is more expensive, but provides another layer of protection for your clients and for most issuers also comes with a larger warranty ($1,000,000 in my case, vs $100,000 for the DV)  Plan on about a week to go through the implementation process. Once issued, visitors can click on the green lock in the address bar and see your business name and contact information and know they are on the correct website.
  • BV Certificates also come in the single, multi and Wildcard types.
• EV – Exctended Validation offer the highest level of trust. This also has the longest time to process – up to two weeks. More written documentation is required as well as oral interviews.  With EV, the entire address bar turns green to let your visitors know they are in a safe web environment. This also comes in the three types, Single, Multi and Wildcard.