SSL is no longer optional, as of July 2018 it’s mandatory.
Over the past two years, there had been rumors that Google would crack down on websites that don’t carry an SSL certification. In July 2018, these rumors proved to have been true.
Those who upgraded to the latest Google Chrome — Chrome 68 — found that some websites were marked with ‘Not Secure.’. Essentially, all websites that don’t have an SSL installed, i.e., those that are still identified as ‘http’ in the URL instead of ‘https’ are served the ‘Not Secure’ warning.
In this article, we’ll show give you an overview of what an SSL certificate is, why it’s necessary for you to get one, and how you can get it.
What is an SSL Certificate?
SSL (Secure Sockets Layer) certificates are a secure means of transferring data over the internet. It encrypts all incoming data so that they can be securely transferred from a server to a browser. This prevents third-party individuals from accessing the user’s data.
Once you get an SSL certificate, your website uses the https protocol, and a padlock sign is displayed in the user’s browser when they access your website. HTTPS here stands for Hypertext Transport Protocol Security.
Why you must get an SSL certificate
There are a number of reasons you need to get an SSL certificate:
- Good for SEO: Since Google is cracking down on insecure websites, their search engine has also started favoring https websites. Google has started de-prioritizing insecure websites. As such, not getting an SSL certificate could lead your website to climb down the Google SEO ladder, being rendered essentially invisible to new clients and visitors.
- Security: If users give your website sensitive information — credit card information, address details, etc — you need to ensure that their information is safe. SSL allows private transactions between users and the browser, ensuring no third-party can steal that information.
- Trust: More and more users have become distrustful of sites that don’t carry the padlock sign — especially if they’re actively marked with the ‘Not Secure’ sign. As such, if you’re an eCommerce website, users will be hesitant about using your website to make purchases or provide information. This could end up costing you in terms of lost business.
Google SSL Requirements
In addition to branding all HTTP websites as ‘Not Secure’, Google also no longer trusts Symantec-issued SSL/TLS certificates. As such, users accessing websites that use a Symantec-issued certificate issued before June 2016 or after December 2017 will be given a full-page warning that the website is not safe.
Google SSL Deadline
Starting from the 23rd of October — for users with Chrome 70 — all websites with Symantec certificates were marked untrustworthy. The only way for webmasters to avoid this is to get the right SSL certificate.
How to get an SSL Certificate?
In order to ensure that your website is safe and that you don’t get branded with the dreaded ‘Not Secure’ sign, you need to purchase a reliable SSL certificate. You can get a trustworthy and safe SSL certificate from services like Comodo, RapidSSL, GeoTrust, Thawte, and Symantec.