SSL certificates can be difficult to wrap your head around. For some websites, they’re incredibly important. For others, not so much.
What is an SSL Certificate?
An SSL (secure sockets layer) certificate is essentially a guarantee that the website people are visiting is in fact secure. It’s a small file hosted on your web server that binds a cryptographic “key” to your business. When a person uses their browser to visit your site, it sends a request to connect. Your site will then respond with their SSL certificate, and the visitor’s browser will ensure that the SSL certificate is valid. It’s slightly more complicated than that, but that’s the gist of it.
When you’re browsing online, you might notice that some sites’ addresses are http://, while others are https:// – the “s” means that the site has an SSL certificate. Some businesses obtain an Extended Validation SSL certificate, which, among other things, allows them to display their business name at the start of the address in most browsers. A good example of this is the Commonwealth Bank of Australia, found at commbank.com.au.
Why are SSL Certificates used?
SSL certificates are usually employed on websites that require a secure connection. This can involve credit card transactions, or even situations where people may be required to log in for a particular reason. If your site does not have an SSL certificate, then the information that travels between it and users is very unprotected and able to be easily accessed by outside parties. This can be a major concern if users are entering credit card information or other personal data into your site.
The Benefits of an SSL Certificate
An SSL certificate ensures that you and your clients’ sensitive information is protected while en route, via encryption. It also provides authentication for users, ensuring that their information is being sent to the correct server, rather than an intermediary or imposter who may be attempting to farm data.
There is also a trust element to SSL certificates. Users, whether consciously or subconsciously, have been shown to inherently trust sites that display the padlock symbol or green colour associated with SSL certificates. When your site is receiving thousands of hits and every conversion matters, an SSL certificate can certainly help to improve your conversion rates. You wouldn’t stay in a hotel with no doors any more than you would give your card details to an unsecured site.
Beyond that, there may be some search engine optimisation advantages to using an SSL certificate. Google announced in 2014 that it would start giving a minor ranking boost to sites that hold an SSL certificate. Google is committed to a secure internet, and while an SSL certificate only forms a small part of their overall ranking algorithm, every little bit can help.
The Disadvantages of an SSL Certificate
The disadvantages to having an SSL certificate are minor. The cost can be an obvious deterrent for many small businesses, particularly if they aren’t running an ecommerce store or don’t have a pressing need to protect customer data.
Another concern is performance, as the extra transmittance of data between browser and server can cause additional load. However, this is usually only a factor for websites with large traffic.
Do you REALLY need an SSL Certificate?
There is no law or “internet rule” that requires most websites to have an SSL certificate. However, if you’re engaged in online commerce or otherwise handling personal data, it is highly recommended. For most small brick and mortar businesses simply seeking to have an online presence, an SSL certificate is not a major concern.
If you’re considering getting an SSL certificate, do your research first. Ensure that you implement any required redirects, as well as updating links where required. You may also need to perform a “fetch as Google” via your webmaster tools to ensure that Google can still crawl all pages on your site.
At the end of the day, the decision comes down to the function of your website. If data is travelling between your website and the user, then you need an SSL. If not, then you’ll be just fine.