Late last year Google made an important change in their ranking system that has received relatively little coverage. Google has added to their search ranking algorithm a query to determine if a site is being served over HTTP or HTTPS. If a site is being served over HTTPS it ranks higher.
Here's an example of HTTP vs HTTPS:
Now I'm sure you're thinking - great I can see the "S" but what does it mean? HTTP stands for Hyper Text Transfer Protocol, when you add the "S" you're adding Secure to the Protocol. Simply put the "S" means the site has been validated and adds a layer of encryption between your device and that website.
The additional security has 2 main purposes, the first is to verify you are communicating directly to the server you believe you are talking to; take your banking for example, as that is probably the most important secure connection you make on a regular basis. See the examples below of a secure bank connection and a spoofed bank website, that obviously does not have security.
The second website may look like Canada Trust, but is actually going to the URL microscopix.ch and as it is not who it claims to be does not have secure protocol.
The second purpose of the additional security is encrypting the communications (i.e. your username and password, etc) and ensuring that only the server you're sending to can read what you've sent.
In a release last year Google said, "we'd like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web." To that end they've added the HTTPS to their ranking algorithm to encourage all website owners to add an SSL Certificate to their sites.
This begs the next question, what kind of SSL Certificate does your site need?
You'll want to consider a few questions before deciding which SSL Certificate is right for your website:
- Is your site just informational so having an SSL is really about pleasing Google?
- Do you collect user information, through comments to your blog, or embedded forms on your site?
- Do you accept credit card or other online payments through your website?
If your site is adding an SSL Certificate just to add to your Google ranking, adding an Easy Trust SSL for $89 will be plenty. This kind of certificate uses Domain Validation, which is quick, but only verifies the purchaser against the whois information on file for the domain the certificate is being purchased for. If the information lines up then the Certificate is issued.
If you're collecting user information or payments you'll likely want a more robust SSL Certificate that uses more intensive validation, either Organization Validation which verifies the actual existence of the business, or Extended Validation which takes the longest, but takes the time to prove the brick and mortar existence of the business and verifies business details. Extended Validation is the type of validation banks have, see the example above of Bank of the West's website, notice it has a green bar and lock sign showing the highest level Certificate. These cost anywhere from $179 up into the thousands of dollars per Certificate.
Here are a few scenarios to help you decide which SSL Certificate is right for you:
- You're a home based service business that does not accept online payments, but would like to improve Google ranking. Best option - Trustwave Easy Trust for $89 annually
- You're a home based product business, you sell items locally and online. Best option - Trustwave Premium SSL with Organization Validation for $129 annually
- You're a brick and mortar based business who sells, products or services, in store and online. Best option - Trustwave Premium SSL Extended Validation for $179 annually or GeoTrust True BusinessID with Extended Validation for $199 annually
- You're a home based business that sells online using multiple sub-domains*. Best option - Comodo Wildcard SSL for $249 annually
- You're a brick and mortar business that sells online and in store using multiple sub-domains*. Best option - thawte Wildcard SSL with Organization Validation for $369 annually
- You're a brick and mortar business with multiple domains you need covered. Best option GeoTrust True BusinessID SAN SSL with Extended Validation $350 annually
*An example of sub-domain use would be in our case, where we have tsis.net as our main domain, but we also have store.tsis.net for selling computer equipment and acc.tsis.net for selling our web based services; a Wildcard SSL allows us to cover all 3 using a single SSL Certificate.