SSL Certificate valid for SEO https

Estherpuntu

Hi everybody!

I have talked with my hosting provider and he offers me two kind of SSL. I've read that the best option for SEO is to convert the hole site to https response (not only the payment pages), but my developer team is telling me that this kind of security to the whole site will be negative for all the websites contained under this IP ¡!

So I wonder if somebody who has the https implemented correctly and working properly for SEO could recommend me:

1. which kind of certificate is the correct one and what specific things sould I consider with my hosting provider

2. if it's true that could be a disaster if I implement the https to the whole website beacause I'm blocking the robots and it's dangerous for my domains in this server

Please, any help would be really appreciated. Thanks in advance!

Highland

It used to be true that you had to have one IP per SSL certificate, but if you have a modern web server you can use something called Server Name Indication instead.

I'm not sure what you mean by "offered 2 types of certificate". There's a couple of ways to take that.

1. Your provider is offering you a SHA1 or a SHA2 (SHA256) certificate. If you get this option select SHA2, as SHA1 is now deprecated due to security issues and will be unsupported in modern browsing soon.
2. Your provider offered you domain validation vs extended validation. The latter is only for registered corporations and gives you the "green bar". It does not afford you any more security from an encryption standpoint (both use the same underlying systems), it just looks better in the browser.

Putting your whole site under SSL is not a bad move from an SEO standpoint. Google publicly said that SSL is a ranking factor (nobody knows how much of one it is, but the boost is minor if there is one) and robots have supported SSL for many years. What I would do, if I were you, is make sure you have a proper redirect to force users into SSL. Don't run a mixed encrypted/unencrypted site if possible.

Last but certainly not least, after you get your SSL set up you need to audit your SSL. This is a critical step many website owners miss. Just this weekend I found a site with incredibly outdated software and, as such, it supported every SSL flaw in the book. A site with SSL exploits still enabled might as well not run any SSL at all.

OlegKorneitchouk

1. There is no such thing as an SEO SSL certificate. You just need one that is 2048 bit encryption ideally

2. Having an entire site as https is not a bad thing... in fact it's recommended by Google.

3. Its up to you to implement it sitewide or only on pages with secure information being exchanged (checkout, login)

There is a small boost to SEO from https urls but there also might be a small dip in rankings from switching over (and using 301 redirects). In addition, if you mess up the URL transfer, you could hurt yourself so be sure to do a proper site move.

TimHolmes

Hello Esther,

Before going ahead with a move to HTTPS for what could be little gain, have you thought if there are other things that could be done first that will benefit you more e.g responsive UX etc.

A move to HTTPS can be a big job and needs to undertaken very carefully to minimise problems, check, check and check again all redirects, canonical links, external, internal links etc to ensure that you give yourself the best chance to succeed in a move.

For more on moving to HTTPS take a look at a good article from Branded3 about some of the additional pros and cons.

David-Kley

As long as you properly redirect all pages to the https version, you should be fine. Google released an update a while back stating that secure sites could perform better in search results as it offered users additional security and trust. If you are going through the trouble of updating your site to an SSL, I would set the entire site to fall under the https, not just the payment pages. Google will like it, users will like it. The only drawback I can see is if your account is set up to use shared IP's, in which case you may have to make some modifications if required by your development team.

Here is the quote from Google on this subject:

"Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default. That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google.

Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure. For instance, we have created resources to help webmasters prevent and fix security breaches on their sites.

We want to go even further. At Google I/O a few months ago, we called for “HTTPS everywhere” on the web.

We’ve also seen more and more webmasters adopting HTTPS (also known as HTTP over TLS, or Transport Layer Security), on their website, which is encouraging.

For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."

It's worth mentioning that if the SEO on the site stinks, an SSL will not rescue it from the bowels of page 10 ranking status.

Hope this helps!

Estherpuntu

This post is deleted!