SSL (Secure Sockets Layer) is a special site signing that provides an encrypted connection between a user and a site.
Data they exchange is secured from the third parties – a provider, an operator, a wi-fi network administrator, and others. But don’t think about SSL as a panacea that provides 100% security.
Are HTTPS and SSL the same thing?
HTTPS is a protocol extension of HTTP. Simply put, HTTPS = HTTP+SSL. And HTTP itself is a basic protocol (rules and regulations for websites work) created back in 1992.
There’s also HTTP/2, a new version of HTTP that’s being actively promoted since 2016. This new protocol boosts site performance and the page loading speed.
So, what we have: the most up-to-date protocol combination for a site is HHTP/2 + HTTPS.
Why I need security and encrypting if I don’t transmit or process important data?
Whatever your site, you need to set up HTTPS at least because it’s a standard now.
Why we need SSL besides security?
— special “Secure site” sign in browsers
— higher positions in SEO (search engine optimization) compared to HTTP
— more trust from users, especially if your site accepts online payments
There are 3 kinds of SSL-certificates:
DV (domain validation) SSL – a default certificate. It verifies a domain, encrypts and protects transferred data with https protocol. This certificate can be set up by both private individuals and companies. It is issued very fast (up to 3 hours).
OV (organization validation) SSL – besides data protection, it guarantees that a domain belongs to a certain company. This certificate is issued only to the juristic party with a verified phone number (they make a call to a company to check). On the sites with this certificate, users can find info about the company that owns the site just by clicking on the lock icon. OV SSL is issued within 3 days.
EV (extended validation) – it’s like OV but business and tax operations of the company are thoroughly checked. Users can see the name of the company next to the site URL. This certificate is issued within 5 days.
There are several top suppliers of the certificates:
How much does this cost?
First of all, there’s a popular free certificate Let’s Encrypt.
However, skeptics say that paid certificates are better. The prices start from 990 roubles per year and reach 11-12K roubles per year for ExtendedSSL.
How to correctly move a site to HTTPS?
*here you can check if you set up HTTPS right.
– Right after a certificate setup, let Google Search Console and Yandex.Webmaster know about the migration. You need to re-verify a domain in Google Search Console, while Yandex.Webmaster doesn’t require that (use “Move to https” option)
– Check internal links. If they’re relative from day one, you can skip this step.
– Check 301 redirects from http to https
– Write a new URL in the file robots.txt Host: https://domain.com
– And in the sitemap https://domain.com/sitemap.xml
Do you set up SSL?
Yes, we do that when we register a domain. Besides buying a certificate, we always add HTTP/2.
Yes, it’s free Let’s Encrypt. But nevertheless, a domain still gets a good base for SEO and development from the very beginning.