There is a lot of talk recently of SSL/HTTPS, it’s a fundamental part of how the web works and is only becoming more so. But what is it? and why should you care?
What does HTTPS mean?
HTTPS stands for Hypertext Transfer Protocol Secure, but that’s not very helpful, is it? Let’s break it down.
HTTP has been the standard way of transferring web pages from the server side to the clients for many years. It’s the way they transfer the files from one device to the other, it’s why you see at the start of a website address in your browser http:// before the website address.
These requests and the servers’ responses are sent as ‘plain text’ meaning that they are not secure. This means that it’s easy for hackers to eves drop into the communication and monitor what’s going on.
For day-to-day browsing you may think so what, but it becomes a large issue when you start thinking about logging into websites, banking details and other online activities that need to be protected.
This is where HTTPS comes in, essentially this is the same as HTTP but this time the connection is encrypted. This prevents hackers from eavesdropping in on the connection keeping your activity secure.
When is HTTPS used?
Go back a few years and the advice was that HTTPS should be used when there is sensitive information being sent. This meant logins, ecommerce, online banking and similar.
It was thought there was no benefit to encrypting the connections for basic web browsing, such as looking at the news or looking at cat photos! The problem is this information can be collated over time to build up a picture of the person.
This picture can assist hackers in other areas, they will get to know your hobbies, favourite websites and even who you talk to online!
Why is HTTPS important to me?
To tackle the insecure nature of HTTP, Google announced they would start using HTTPS as a ranking factor. This means that websites without HTTPS installed will rank lower than websites with it. It was Googles way of nudging the web to use HTTPS as standard and was very effective, after all google ranking is key to every website.
Recently they have taken it a step further by marking HTTP website as ‘insecure’ in their very popular chrome browser. This gives visitors to the website a poor impression of the site and means they are likely to go elsewhere.
So what is an SSL Certificate?
SSL certificates is how HTTPS works, essentially they are needed to enable to encryption of the data transfer between the server and the client. SSL certificates are issued by an authorised third party, they check the details of the website and create an ecryption key.
The certificate is then installed on the web server, enabling the use of HTTPS.
When the visitor loads the website, their browser will download the certificate and check its validity with the authorised third party before using it to create a secure connection.
These certificates need to be renewed this is done annually to meet with the suggested security advise.
I have my certificate, now what?
Once you have a certificate, you need to update your website so that it can use HTTPS. This means reviewing your website and its links to change them from HTTP to HTTPS.
You need to do this for all of your resources but also any you may load from third parties because for the page to be secure everything needs to use HTTPS.
Depending on your website, this process can be a quick and easy job or a lot more fundamental. Talk to your developer to see and make a game plan in place to update your website.
The good news is that once this work is done you won’t need to do it again each time the certificate is renewed.