SSL certificate: mandatory or not?
by: Benoit Gütz
An SSL certificate can make the difference for your website. Both governments and Google are aiming for an internet with the best security. They are pressuring the owners and developers of websites, to make the internet more secure. SSL certificates play an important role in this regard. But is an SSL certificate mandatory? In this article, we explain what an SSL certificate is, in which cases it is mandatory and what the benefits of SSL certificates are.
What is an SSL certificate?
An SSL certificate is required to encrypt the data which is sent between a website visitor and the webserver. If any data is intercepted it will be unreadable because of the encryption. The certificate is thus needed for a secure connection between browser and webserver. You can see if a website is secured by an SSL certificate by checking the padlock in your browser’s address bar.
Is an SSL certificate mandatory?
The EU’s Data Protection Directive states that everyone has the right to the protection of personal data. Companies are required to store, send and receive personal data in a secure way. Websites with payment and/or login modules and even with contact forms are obligated by European law to secure their websites. The law doesn’t require a particular technical solution, but legally you aren’t likely to win the battle once you get sued when you don’t have an SSL certificate.
Additionally, an SSL certificate has a few very important advantages. Obviously, an SSL certificate secures information for you and your visitors. Second, research done by Comodo shows that the conversion rate increases using an SSL certificate. The conversion rate of Zamberg.com increased with 11% and average order value even increased with 23% due to installing an SSL certificate.
Another important advantage is that an SSL certificate positively effects the ranking in Google since August 2014. On December 17th 2015 Google announced that SSL is becoming an even more important factor for ranking websites. But pay attention: you must meet the criteria set by Google to qualify.
Login page or payment services? Pay attention!
Not only the European Commission believes that personal data should be well protected. Google takes an important step for websites with a login page or web shops with payments services. From January 2017, Chrome 56 will display warning messages like ‘Not secure’ or ‘Unsafe’ together with a warning triangle for insecure login or payment pages. Google announced that this warning will change regularly, due to research which shows that users ignore such a warning if they see the same one too often.
In the near future, the HTTP/2 protocol becomes the new standard. This protocol has been implemented in the latest browser versions. Summarized, the new version of the HTTP protocol ensures faster data transfer. The HTTP/2 protocol includes many features of the SPDY protocol, released by Google. Now that the use of HTTP/2 increases, Google announced they stopped supporting SPDY since May 2016.. The protocol is a lot faster than its predecessors because different assets can be loaded simultaneously, which is not possible with the HTTP protocol. The HTTP/2 protocol can only be used if you have an SSL certificate
Some browsers that already support HTTP/2 are: Chrome, Safari, Opera, Firefox and Edge. Behind the scenes at Savvii, we are beta testing the protocol. Several sites, including this one, are already running on HTTP/2 on our servers.
Depending on the purpose of your website, how it functions and the investment you are willing to make, you could decide to keep using HTTP. However, there are more good reasons to install an SSL certificate. Are you working with personal data? Want to provide your visitors with better security? Want to gain more trust? Or want to rank higher in Google? Install an SSL certificate!
What type of SSL certificate?
Why choose an EV certificate?
We want to highlight the most complete SSL certificate. The EV certificate (Extended Validation) is often only used by the bigger players such as banks or large webshops. Which is strange because especially the smaller entrepreneurs could benefit the most from an EV certificate. Your visitors can verify that they visit a legitimate company website by seeing your company name in a green box in the address bar. Strict requirements need to be met to be verified by a certificate authority (CA). This authority validates the identity of the company requesting the certificate. Something that is not done for DV certificates.
Larger firms already gained the trust of customers with their established name, but the lesser-known companies will be able to build a lot of trust with an EV certificate. Without trust, visitors will be less likely to click on your call-to-action buttons! An EV certificate adds value to your website and contributes to a stronger brand.
Will I lose speed using an SSL certificate?
Let’s not beat around the bush. A “handshake” takes place between the client and server to check the validity of the certificate. In most cases, you won’t even notice this handshake, but in some cases, it may take up to a few hundred milliseconds. It is so short that you shouldn’t care. When you come home after a long day at work, you also need to put your key in the lock and rotate it, to be able to enter your house. This may take a few seconds, but it reduces the chances of burglary immensely!
Your hosting provider should do the necessary tweaks to ensure SSL won’t slow down your website. At Savvii we maintain the speed by using Varnish cache in combination with SSL. We regularly see that websites perform better at our servers with SSL, then without SSL on servers of generic hosting providers.
Some techniques we use to provide WordPress websites with the best performance can be found in this blogpost.
Hopefully you could answer the question: Is an SSL certificate mandatory? Didn’t switch to SSL yet? Then now it’s time to take action. Sooner or later we all have to install SSL. Ask your web developer or hosting provider about the possibilities and determine what type of certificate you need. Don’t forget to ask your hosting provider what they have done to maintain speed in combination with SSL.
Are you a client at Savvii and convinced? Start setting up your SSL certificate. We install a free Let’s Encrypt DV certificate for each (sub)domain whose DNS is pointing to our servers. Read here how you can set up SSL.
Is an EV certificate more suitable to your situation? Order a certificate now!
Please contact Sales in case you have any questions regarding SSL or if you need more information. Call +31 24 820 00 00 or send an email to firstname.lastname@example.org.