SSL explained in a manner that even Chelsea Battle (pictured) would understand it!

Here at OMA, we display a beautiful board outside our office which, amongst other things, says we build websites. Whilst attempting to go about their daily craft of writing code, our devs noticed the internet going mental recently. Tens of thousands of websites have been compromised as a consequence of what seemed to be wave of hacks launched from Russia.

Now that the dust has settled and we were able to fend off c.43,000 of these attacks, we think it’s time to look into one of the main factors which leaves us vulnerable to attacks: namely, SSL certificates or lack thereof.

1. What are SSL Certificates and how do they help?

In typical OMA fashion, here’s a mouthful of technical words: Hypertext Transfer Protocol Secure (HTTPS) provides a secure connection to users on pages where they share personal data. When a visitor shares their precious personal information, HTTPS adds extra layers of protection.

In order to ensure your website is able to provide such a secure connection, you’ll need to install a Secure Socket Layer (SSL) certificate (the protocol that HTTPS uses). This way, exchange of information between your web server (where the data is hosted) and browser remains private and secure.

When an SSL certificate is installed on a web server, it operates similar to a padlock and acts as a secure connection between the web server and browser. An SSL certificate binds together your domain name (or server or hostname), company name and location.

The process behind the way in which SSLs operate involves a public key and a private key, what you’d need to know is: even if your data is intercepted by a hacker, they won’t have the private key to decrypt it.

2. How to identify whether your website has an SSL certificate or not?

There are multiple ways of identifying whether a website has an SSL certificate installed or not:

1) Unless you have been living under a rock, you’re probably using Google Chrome. Chrome automatically identifies websites without an active SSL certificate and marks them as insecure, whereas websites with SSL certificates are marked with a green padlock with the “Secure” sign in the address bar –  as it can be seen in the following snippet:

2) Alternatively, if you’re not using Google Chrome you can use a free tool such as SSL hopper in order to check if a specific website has an SSL certificate installed: 

All you’d have to do is type in the address of the website you’re looking to find out more about:

As it can be seen from the snippet above, SSL Shopper is pretty straightforward in letting you know if your website has an SSL certificate installed.

3) If neither of the two options above help you solve the mystery, then you might want to call OMA on 01865 688 777 and we’ll gladly help you out!

3. Why does Google care if your website has an SSL certificate?

First of all, Google committed to providing a secure browsing experience for anyone using their services. As a result, they have been emphasising the importance of SSL certificates numerous times during the past few years.

In 2014, Google announced that SSL certificates will be considered a ranking signal by their search engine optimisation algorithms going forward.

As of 2015, Google revealed that SSL certificates might begin to weigh in a bit more when their algorithm decides how to settle the tie if both websites are competing for the same ranking in the search pages.

Not much happened in 2016 apart from:

  • lots of people wrote blogs debating whether SSL certificates might actually become mandatory one day;
  • a team of sniffer dogs at Manchester Airport proved good at discovering small amounts of cheese and sausages, but not so good at finding drugs;
  • a delay in repairs to roads in Brussels was blamed on mice eating the plans;
  • Brexit;
  • US elections.

In October 2017 Google released a new version of Chrome which marked websites without SSL certificates as “NOT SECURE”. The following graph was published by Mozilla Firefox. It reports the amount of web pages which were loaded using an HTTPS protocol as of July 2017:


4. How MMA can help

If you are looking for some help with these pesky SSL certificates – have no fear, OMA are here! We employ the services of an experienced and fabulous web developer!

Please contact us on: 01865 688 777 for more information about website stuff, SSLs, or to chat about your favourite brand of breakfast cereal!

See you in the future!