Website security is understandably one of the aspects customers look for most in deciding who to do business with. As such, it’s become something that more website owners need to know more about.
Do you know anything about how HTTPS and SSL certificates work? If not, don’t worry. In this post we’ll go over some of the basics every website owner needs to know.
The Information Exchange
HyperText Transfer Protocol (HTTP) is the way information is exchanged online. This protocol is decades old, and is susceptible to many kinds of security attacks. When a person visits a particular website, this action opens an HTTP link between the visitor’s computer and the servers of that site. However, if anyone were to intercept this connection, this party could then eavesdrop on the information being exchanged, which is obviously a big security issue.
Encrypting the data exchanged via HTTP with something called a Secure Sockets Layer (SSL) certificate solves this issue. This more secure connection is called HTTPS, appending “Secure” to the well known acronym.
It’s important to note that HTTPS doesn’t prevent your information from being intercepted. Instead, it makes sure that the information is undecipherable to anyone who doesn’t have the code, so it’s virtually of no use to anyone.
How does HTTPS actually work?
SSL uses what is known as asymmetric Public Key Infrastructure (PKI) system. The system uses two keys: a public and a private one. Information encrypted by one of these keys can only be unencrypted with the other.
When you visit a HTTPS website, the website sends its SSL certificate to your browser, and this certificate includes the public key. The private key remains secured on the website’s servers. Then, some basic information is exchanged between the site and your browser to show that the certificate is working. This exchange is known as the SSL “handshake” and it’s what makes your browser know that the website is indeed secure. Most browsers acknowledge the HTTPS connection in some way, such as with a padlock or other secure symbol next to the address bar.
Basically, when the website sends secure information to the visitor, this information is encrypted with the private key, and the visitor’s browser uses the public key to decrypt it. Then when the user’s computer sends information to the website, their computer uses the public key to encrypt this information, and it is decrypted by the site using the private key.
Why This Matters Now
A few years ago, HTTPS was something that not many sites had. Even fewer users knew about it, so if your website had it, it was a nice thing, but by no means considered crucial. As online security has entered the public consciousness, it has become much more important.
Now that HTTPS is much more common (and, really, the standard for any website that involves the exchange of secure information such as credit card transactions) browsers have begun to draw attention to HTTPS status. Often if you visit a site that doesn’t have HTTPS, your browser may display a warning that says the website is “Not Secure”.
As you can guess, this more proactive approach is having an effect on consumer behavior. One survey showed that 84% of customers are ready to abandon a purchase if their browser gives a warning about an unsecured connection in the middle of the transaction.
HTTPS also has other benefits. Every online business owner cares about SEO, and Google has admitted that HTTPS has played a factor in its ranking algorithm since about 2014. So, the security of your site could also have an impact on how well it’s ranked by Google and other search engines.
Time to Embrace HTTPS
Approximately half of all websites on the Internet are now using HTTPS. If you’re a business owner and your site is currently using HTTP, you should do your best to convert to HTTPS as soon as possible.
If you’re a CanSpace Solutions customer, we try to make it as easy on you as possible—all of our plans now come with SSL certificates free of charge. Simply follow these instructions to set up the SSL certificate for your site.
Upon converting to HTTPS, you should thoroughly test your site to make sure everything works as it should. Sometimes, things like redirects don’t function as they should without some extra tweaking.
You’ll also want to test the speed of your site. Technically, the extra encryption due to HTTPS requires more resources and could result in slightly slower performance. In practice, this is negligible for all but the most complex of sites. Still, since site load speed is such an important factor for the customer experience, it’s best to do a quick test.
As Canada’s leading registrar and domain hosting provider, we know a thing or two about website security. If you have any questions about HTTPS or the types of SSL certificates we work with, don’t hesitate to reach out to us!
