Google and your web site
How you rank on Google can can made the difference between success and failure. That’s been a given for a number of years now, with Google being responsible for around 85% to 90% of all internet searches, depending on which bit of research you read.
As we move ever more online and print media and traditional forms of advertising take a back seat to online, where you rank on Google really matters and so if you can do anything to improve your search engine ranking you should. It came as a bit of a surprise in August 2014 when Google updated it’s search engine algorithm (http://googlewebmastercentral.blogspot.co.uk/2014/08/https-as-ranking-signal.html) for “HTTPS Everywhere” meaning that they were planning to use HTTPS as part of the search algorithm. Simply put, if your web site runs under SSL then you will get a higher ranking.
It’s unclear how much of a boost you will get, but the message is clear – SSL enable your web site and run it under SSL by default and you’ll obtain a slightly higher ranking.
If you’ve been to the Hosting UK web site you’ll have noticed that we now run our web site under SSL as standard. If you go to the non SSL, so http:// rather than https://, you’ll see we redirect to the https:// version of our site. That change might make the difference between us gaining a few customers a month or not, and that is well worth investing in as we see it.
But don’t you need a unique IP address?
One of the difficulties with having an SSL enabled site used to be the requirement for a unique IP address for your web site which can add to the cost of an SSL certificate.
Hosting companies generally use something called Host Headers to enable them to host multiple web sites on the same IP address. This has become increasingly important as IPv4 addresses (which look like 184.108.40.206) are in global short supply. Of course IPv6 (which look like fe80::7a2b:cbff:fe62:d370) has been around a little while now, although it isn’t widely adopted yet (Hosting UK have supported it for some time) and so in order to conserve their remaining IPv4 space and cover any administration, service providers have been charging if customers needed their own IPv4 address.
Thankfully most modern web servers and web browsers now support Server Name Indication (SNI) which allows multiple web sites to run on a single IP address with SSL certificates. ( It’s been around since 2004 but hasn’t really been widely adopted until recently as it does rely on browsers supporting it. Thankfully it’s widely supported now by all modern operating systems and web browsers, although if your web site visitors still use Windows XP and Internet Explorer 6 (and if so, for the love of God why?!) you’ll still need a static IP address to go with it. If you’re not worried about that, then you can do without the IP address and use the SSL. See https://en.wikipedia.org/wiki/Server_Name_Indication for more details on support for SNI.
Which SSL? We’ll there’s a question I’ve been asked over and over through the years. More accurately, the question has been “what’s the difference?”. It’s an understandable question as surely all SSL certificates are used to encrypt the traffic between the web browser and the server? Technically, that’s true, however there are many types with many different usage scenarios. Importantly they allow the end user to know that the certificate is genuine and has been issued to the entity who’s identity has been validated, and because SSL certificates have to be renewed they have been validated within a given period of time.
Depending on the certificate, there is a level of warranty ($10,000, $250,000, etc.) which protects the end user visiting and purchasing from the secured site. If it turns out the certificate has been issued improperly and the SSL was issued to somebody who isn’t who they said there were and the end user is defrauded, then the certificate authority will compensate them. In practice it never happens because the larger the warrantee the higher the level of validation the certificate authority performs on the purchaser of the certificate.
The most basic SSL that we provide are what’s called domain control validated certificates. These are the QuickSSL and RapidSSL certificates and they are validated against the domain name they are being used for. There is no warrantee with these and the price reflects this with Hosting UK charging £9.94 at the time of writing.
At the other end of the scale there are the Extended Validation (EV) certificates which displays the green bar in the web browser which you’ll see on the Hosting UK web site and which has a $500,000 warrantee. The vetting process for the order takes days and requires a number of things to vet the purchaser is who they say they are.
Ultimately SSLs are about security and trust. When you buy something through Hosting UK you know we are who we say we are. You also know that all data you send between you and our web site is encrypted and any personal or financial details you provide are useless if, however unlikely, they are intercepted along the way.
SSLs are being used more and more, however and we also use SSL certificates to offer encryption on our mail servers to those that use it, ensuring that when available the traffic between the end user or destination mails server the traffic can run as encrypted.
For most web sites, where you aren’t doing any actual selling, a RapidSSL or EssentialSSL certificate will suffice but where you are selling you might want to go for the green bar with an Extended Validation certificate as Hosting UK do as it provides an immediately visible indicator that the session is are encrypted.
Buying SSLs is becoming easier
Buying an SSL certificate need not be a chore. It’s easier than ever to do and help is on hand should customers have any problems at all.
The Hosting UK web site at https://hostinguk.net/ssl details all the certificates we have on general offer, but there are other, more specialist certificates, for example for code signing for developers that we can obtain if required. Feel free to ask any of the Hosting UK staff and we’ll happily advise you on what you might need.
We’re at a point where security is high on everyone’s agenda and SSL is a component that everyone should consider. It might even get you ranked higher on Google!