What is an SSL Certificate and Does My Website Need One?

Previously, the popular opinion on SSL certificates was that the only sites that needed them were ones that collected personally identifiable information (such as a social security number), had a login feature or had a shopping cart/check out function (such as online banking, eBay or PayPal).

SSL stands for “Secure Sockets Layer” and it encrypts the connection between the client and server when browsing a website.  This is important because it makes the information that the user inputs on your website unreadable to anyone except your server.  It also makes your site more difficult to impersonate, and thus, your customers are less susceptible to phishing schemes.

An easy way to tell that an SSL certificate is being used on a website is an “https” in front of the domain name in the address bar.  Additionally, the browser will typically display a lock icon in the address bar or it will turn the address bar green.  According to this blog article by Google Webmaster Trends Analysts, Google is now looking for all websites to have SSL certificates.  They have called for “HTTPS everywhere on the web” to make the internet a safer place.  In fact, whether or not your site has an SSL certificate is now in their search-ranking algorithm.  This algorithm decides the order that webpages show up on Google results.  Therefore, to have a website perform to its highest standard, an SSL certificate is required.

How do I get an SSL certificate and how much will it cost?

To have an SSL certificate installed on your website, talk to your website hosting company.  They should be able to install the certificate and redirect your web traffic to the secure site.  This way, even if the non-secure version of your site is typed in the browser, visitors will be redirected seamlessly to the secure version.  In addition, you should resubmit your sitemap to Google and ensure that the default version of your domain that Google displays in the search results is the one protected by your SSL.

The annual cost of an SSL certificate can range from around fifty dollars to thousands.  The expensive certificates have a greater degree of encryption, have a greater brand recognition (e.g. Symantec), and are generally used when protecting social security numbers or banking information.  For a small to medium-sized business looking to protect their site visitors, one of the less expensive certificates should suffice as long as it uses 2048-bit key certificates.  Again, this is something to discuss with your webhost.