Espionage and data abuse are a serious problem for both international authorities and final private consumers. The issue of network security therefore becomes increasingly central for businesses.
Internet security: secure websites with SSL and HTTPS
Individuals are not the only ones to do more and more business online, but also in the business the growing sectors are digitized. In order for internal company data, customer data and other sensitive information to be safely transmitted and securely managed, SSL and HTTPS are among the current security standards.
But what exactly do these symbols mean and how can the security protocols of a website be configured?
What is SSL?
The term SSL (acronym for “Secure Socket Layers”) indicates a technique that is used to encrypt and authenticate data traffic on the network, guaranteeing secure transmission of data between browsers and web servers on a site.
Especially in e-commerce, where protected and sensitive data are transmitted, the use of an SSL certificate, or rather of its latest version TLS (“Transport Layer Security”), is essential.
Sensitive data, protected with the SSL cryptographic protocol, are for example:
- Registration data: name, address, e-mail address, telephone number;
- Login data: e-mail address and password;
- Payment information: credit card number, bank account details;
- Registration forms
- Documents uploaded by customers
- With the SSL protocol it is ensured that the communication can be neither read nor manipulated and that personal data do not fall into the wrong hands.
What is HTTPS?
HTTPS (Hypertext Transport Protocol Secure) is the protocol for secure data transfer . HTTP indicates the unsafe variant. On websites with HTTP, all data can theoretically be read or modified by malicious parties and the user cannot be sure that his credit card information is actually transmitted directly to the online store he is visiting or to a hacker.
HTTPS, that is SSL, encrypts HTTP data and ensures the authenticity of requests through the SSL certificate or through the most recent development TLS certificate. Nowadays experts only recommend the use of TLS; when it comes to SSL, in fact, most of them actually mean TLS.
Benefits of using SSL / TLS and HTTPS:
- Data protection and security for customers and partners
- Reduction of the risk of theft and misuse of data
- Best Google ranking
- Higher performance through the use of HTTP / 2
- Better recognition of the certificate by the user and greater trust in the site.
- Migrate the site to SSL and HTTPS
- Newly launched websites can have an SSL encrypted protocol from the start, but even for existing pages, migration to HTTPS does not require much effort. The first step is to obtain the SSL certificate for the respective domain.
Acquire SSL certificates
The SSL certificate is a kind of identity card of a website. The Certificate Authority (CA), literally the Certification Authority, that is the official body where the certificate is acquired, has verified the identity previously and is responsible for the correctness of the data.
SSL certificates are stored on the server and recalled each time the user visits a website with HTTPS. There are different types of certificates , which differ in the type of identification :
SSL Certificate Domain Validated (DV):
These are the certificates with the lowest authentication level. Here the CA only verifies that the applicant is in possession of the domain for which he would like to acquire a certificate. Company information is not checked during the verification, so with Domain Validated there is still a residual risk.
Thanks to a lower commitment to authentication, the certificate is generally released quickly by the CA and is also the most convenient of the three types of SSL certificate.
SSL Certificate Organization Validated (OV)
This type of verification is more complete and therefore safer than a Domain Validated. In addition to the domain owner, the CA also verifies relevant information about the company, such as registering with the chamber of commerce.
The information verified by the CA is visible to the visitor, which strengthens the trust in the website and in the company. Due to the more demanding verification process, the SSL Organization Validated certificate is more expensive than the Domain Validated one, but offers a higher degree of security.
This certificate is suitable for websites where transactions with sensitive data are not performed.
Extended Validation (EV) SSL Certificate
This is the certificate with the highest and most complete authentication level. Unlike the OV certificate, company information is verified even more in detail by means of strict allocation criteria. Furthermore, this certificate is issued only by the authorized CA.
The detailed verification of the company guarantees the highest level of security and with this reinforces the trust and credibility on the website, which is why the Extended Validation certificate involves greater costs.
This certificate is suitable for websites that, for example, provide transactions with credit card numbers or other sensitive data.
Installation and configuration
The next step is to install the SSL certificate on the server. Many hosting service providers do this. Through the customer area, in most cases you can directly request the relative certificate, which the provider will then register.
As customers of 1 & 1 IONOS can expand without problems through the ‘ Customer Area existing hosting package including an SSL certificate. In many packages this certificate is already included. Installation varies depending on the supplier.
As a rule, the providers or services that provide the certificates provide instructions and installation instructions. For technically flawless implementation it is important to consider:
- Correctness of certificates
- Correctness of encryption
- Correctness of the server configuration
- Errors and problems during migration
- During the migration some errors may occur that should be avoided in order not to run into penalties in the ranking or in the accessibility of the pages.
Managers who want to migrate their site to SSL and HTTPS should:
Avoid expired certificates : an invalid or expired SSL certificate leads to an annoying warning message in the browser window, negatively affecting what was the initial goal (passing on to the user trust and security).
Set up a correct redirect : to avoid the so-called duplicate content, the webmaster must configure a redirect through the Redirect 301 . This prevents search engines from evaluating the HTTP and HTTPS pages as two different websites with duplicate content.
Adapt advertising accounts (Google AdWords, Bing Ads and the like): if you enter unencrypted contents (photos, scripts, etc.) in an HTTPS website, an annoying warning message for the user is displayed when the page is opened. Especially in advertisements, problems can arise, because the advertising is still transmitted largely without encryption, so the corresponding advertising accounts must be absolutely adapted.
Configure Webmaster Tools and Google Analytics : in theory the HTTP variant and the HTTPS variant are two different websites. The HTTPS variant must also be registered after migration in the Webmaster Tool.
Update the XML sitemap : the sitemap (site map) must also be updated and uploaded to the Webmaster Tool.
Check internal and external connections (links) : even if the 301 redirect avoids dead links, all internal connections should be changed after switching to the HTTPS protocol. Depending on how the contents have been edited in the CMS, a manual entry may also be required. In external links you should try to modify the most important links (for example of the Page Authority) in HTTPS addresses.
How to verify that a page has a valid certificate?
If a website is called, which is encrypted with a valid SSL certificate, this is recognizable already from the URL:
https : //www.example.com
The ” s ” in the HTTP protocol of the URL stands for ” secure ” and shows that this page is encrypted with an SSL certificate. Depending on the type of certificate there are several visual alerts depending on the security of the encryption:
How to verify that a page has a valid certificate?
Through the free SSL verification of 1 & 1 you can check in one click, if your SSL certificate is installed correctly and if your website is protected from attacks.
Increase web security with secure company websites
In addition to the advantages of an SSL connection mentioned above, a crucial topic for a secure website is to increase user security on a company’s website and therefore in the company itself.
Integrate security certificates (Trust Seal) into a website
Security certificates (Trust Seal) are indicators used for the reliability of a website. For example, the various certificates guarantee data security, secure payment transactions or ensure that the website is free from malware.
Enter SSL certificates with a high level of security
Certificates with a high security level visually show a secure connection on the browser bar and increase user confidence.
“Always on SSL”
The SSL certificate should be integrated on all subpages of a domain, not only on the login page but also in the shopping cart. Thus, optimal protection is offered from the beginning to the end of the visit.
HTTPS from an SEO perspective
For some years now, we have been debating whether the passage of websites to HTTPS has a positive influence on search engine positioning . In 2014, Google announced that the secure connection via HTTPS is evaluated as a positive signal in the ranking.
Google, according to some statements, wants to make the web more secure and also lead website managers to encrypt their pages without exception.
According to official communications, websites without encryption will be displayed in the future on the Chrome browser with a red “X”. Until now HTTP pages are presented in the browser field in a standard way with a blank page, instead HTTPS pages are shown with a green padlock. So HTTPS should become the standard connection for all websites.
But, regardless of the big search engine plans, HTTPS pages already suggest quality and seriousness. Users are becoming more and more aware of data security and even beginners can easily recognize whether a page is marked as safe or not.