While browsing online I never bothered if the website was on HTTP or HTTPS. Well, not at least till I was giving away my credit card information to make a payment. But something changed in the Feb of 2018. Google made changes to its search algorithm and in Google Chrome where all the websites that are not on HTTPS started showing as INSECURE.
What is HTTPS?
HTTP (Hypertext Transfer Protocol) is the way servers and client browsers talk to each other. The problem is that this conversation is not encrypted. So if a Hacker attacks in he can read everything being passed through the browser to the server.
HTTPS (Hypertext Transfer Protocol Secure) is an enhancement of HTTP only but all the communication is secured and encrypted by an SSL Socket layer. The benefit is that even if an attacker manages to capture the conversation they can not use it for anything.
Why should I Bother ?
Like I said till Feb 2018 it was not affecting you but today it is directly impacting your website visitors in 2 ways.
- Firstly a Loss of Reputation and Credibility – Since the new visitors coming to your website can see it is insecure in their browsers there are chances they might decide not to pursue further leading to a loss of business.
- Secondly, a Loss of Rankings – Google ranks your website on search engines on the basis of 200 complex parameters in which SSL is one of the major ones. You may see the loss of rankings in case your website is not on HTTPS.
What SSL security level should I choose?
There are different types of SSL validations available and to prevent you from getting confused I am covering them below.
- Domain Validation Certificate – This is the certificate with lowest validation. It costs the least and usually gets activated in a few hours. It is authenticated using your DNS. You just need to show that you own the domain. It is good for blogs, static content websites or personal websites.
- Organization Validated Certificate – This has medium level of validation. The certificate authority will validate both the domain ownership as well as name, city, country of the organization. It takes a few days to activate and has a human validation process.
- Extended Validated Certificate – This has the highest level of validation. The certificate authority checks for ownership, organization information, physical location, and the legal existence of the company. So documents are required to verify ownership. Takes a few weeks as it has Human Validation. It is also the most expensive one due to human involvement.
I have multiple subdomains do I buy SSL for each subdomain?
Many times you have the same domain but multiple sub-domains connecting to multiple sub-sites, in a scenario like this you do not need to buy SSL certificates for each subdomain. Considering your requirement you can choose from the following SSL certificates.
- Single-Name SSL Certificate – Single name SSL indicates that you have bought the same for just 1 variation of your domain name. It may be any but only 1 domain variation is supported be it www.yourdomain.com or abc.yourdomain.com
- Wildcard SSL Certificate – This covers all the subdomains part of the main domain. So if you have bought this then all the subdomains (limited to the SSL usage) can be secured using this certificate. So be it www.yourdomain.com or abc.yourdomain.com or xyz.yourdomain.com they are all covered.