As you all know the internet gods have deemed it necessary for all websites to be secure. This means applying a SSL certificate to your domain. They don’t literally “require” it but if you don’t have one all the browsers will label your site as “Not having a Secure connection”. Depending on your device and the security settings this could mean next to nothing or it could block access to your site.
Sure SSL Certificates are Important, But
If you are purchasing things online it should always be done through a secure connection. This means having a HTTPS in the address. The padlock icon should be there. But does than mean you are safe?
In a word, NO. Anyone can get a SSL certificate for a website. Having the HTTPS and the padlock icon only means the site has a certificate. It doesn’t mean the owners of the site are not criminals.
It is not that simple. The SSL certificate only means two things. One, that the owner of the site has secured a SSL certificate and that the connection to the site is encrypted. Lets look at the certificate first.
Where to Get a SSL Certificate
SSL certificates are easy to get. Many hosting companies sell certificates. They are usually not cheap but very easy to install. Many are literally one click installs. Some services sell certificates that you can use on any hosting platform, and other companies give them away for free.
I host this site through GitHub Pages. This is a free hosting service. However they do not offer or support HTTPS or SSL certificates. But if you use the CDN service CloudFlare, you can get a SSL for your GitHub Pages site. They offer a free membership level that includes a SSL. I don’t pay for hosting and I don’t pay for my SSL, but as you can see my site has the padlock icon.
Not all certificates are equal though. There are high-end certificates that require verification of the registrar and even a review of the company. These more detailed and expensive SSL certificates can take days and even weeks to get. Usually only large volume online sellers have these. A typical SSL certificate is issued within minutes, if not instantly.
So a SSL certificate doesn’t mean the site is safe, or that the site is, and does, what they claim to. It just means the owner of the site has applied a SSL certificate to the site. That is all, nothing more.
What About Encryption?
Yes, a site with a SSL, no matter who sold it, or purchased it, is encrypted. This means the communication between you and the site can’t be snooped on. There is a secure connection between you and the site.
There is a certificate exchange between your browser and the website. The communication is then encrypted. If anyone tried to see what you were doing, they would only see encrypted data. This is very good for protecting usernames, passwords, personal data, and of course credit card information.
Why Make This Mandatory?
This is not going to stop cybercrime. It is not going to stop identity theft either. So why bother? Because as the world turns to the web for, well, everything. It needs to keep evolving. Adding SSL certificates to all websites just makes it harder for criminals. Think of it as locks on your windows. Sure, any criminal can just smash the glass. But the majority will try the window and if it is locked, they will move on.
To force the use of SSL certificates Google has made changes to its website ranking algorithm. A site without HTTPS will be penalized. In the never ending pig-pile of page rank and SEO, adding a SSL certificate is an easy decision. Add one, become compliant and move forward. That is until the next protective measure becomes mandatory.