Google To Require Transparent SSL Certificates Starting October 2017
Over the years, Google has placed increasing emphasis on providing the best user experience. This goal is evident in their search algorithm updates including Mobilegeddon and the mobile-first index. What webmasters should realize, however, is that improving user experience doesn’t only entail making websites beautiful, mobile-friendly, and fast. The security and privacy of visitors must also be taken into account.
By October 2017, webmasters should make the switch to transparent SSL certificates or risk losing a ton of visitors.
What Is Transparent SSL?
Anyone who’s keeping up with the changes in the search engine landscape should be familiar with SSL certificates. They were once considered a luxury, but Google now rewards websites which use SSL certificates to improve security for visitors. This doesn’t mean, however, that domain certificates don’t come with loopholes. There are structural flaws of which hackers take advantage. In many cases, hackers can manipulate the certificate authority system in a way that lets them launch website spoofing attacks.
It’s not uncommon to hear of stories about criminals using SSL certificates to create identical websites of famous brands. Online users go about their usual routine of visiting spoofed domains, not realizing that their security and privacy are at risk. This is precisely what Google tries to solve by switching to transparent SSL certificates. It compels not only webmasters to up their game, but certificate authorities to enforce tighter rules when issuing certificates as well.
Transparent SSL works by logging relevant information to a publicly accessible repository. After getting an SSL certificate from a certificate authority, Google Chrome verifies the certificate through the public log. A successful verification means the site will get the familiar green banner on the browser, signalling that it’s safe to be used by online visitors. If the site doesn’t abide by the new Certificate Transparency policy, it will be marked as not trusted.
Why Make The Switch?
It’s worth noting that only Google Chrome will implement the Certificate Transparency policy in October 2017. Firefox, Edge, Safari, and other web browsers will not be affected unless they decide to use a similar type of certificate transparency validation. For webmasters, however, this shouldn’t be considered a reason to ignore the new policy. Google Chrome enjoys a commanding 60 percent of total market share. Online users will feel hesitant to click on untrusted websites. Failure to use transparent SSL can lead to a huge loss in search engine traffic.
Certificate transparency also helps brands with online reputation management. Nobody wants to find themselves the victim of domain spoofing. When a copy of a legitimate website is used for fraudulent activities, it can have a huge impact on the overall reputation of the business, even after proving that hackers are to blame.
Of course, such a huge change isn’t welcomed by everyone. Some critics say that while certificate transparency validation is effective in eliminating the pitfalls of the existing framework, it also has loopholes when it comes to privacy. The move requires both external and internal domain names to be registered in a publicly accessible repository, something that may not sit well with some webmasters.
How To Use Transparent SSL?
The first order of business is to determine whether the site’s existing certificate is safe. Google offers a Certificate Transparency Lookup Tool to allow webmasters to see all certificates issued for their domain and spot fakes. If the site doesn’t have a transparent SSL certificate, it’s time to get one from a trusted certificate authority.
After securing a new certificate, be sure to use the HTTPS version of the website. This helps inform visitors that the website is safe to use. Any content published on non-secure URLs must be redirected to their HTTPs counterpart.
Updates are also called for to maximise security. Canonical tags must point to HTTPS URLs. The same applies to internal links. All of them should redirect visitors to the secure URLs of the site. For structured data markup, don’t forget to update and include the HTTPS variations of the URLs.
Create a new account on Google Search Console for the HTTPS version of the domain. It is also worth considering making the switch to HTTP/2. Doing so further boosts user experience, as HTTP/2 enables websites to load much more quickly. This can have a huge impact on engagement and conversion rates.
Monitoring the public logs once in a while can also go a long way in ensuring that no fake certificates are used for deceitful attacks.
Google is set on doing their part to help create a more secure and trustworthy Internet. The Certificate Transparency policy is a step in the right direction, as it encourages certificate authorities to tighten up their rules and webmasters to implement security features, all for the benefit of search engine users.
Your Next Step
- Ask your hosting company for more information.
- If your website(s) are hosted with us call us on 1300 885 487 for a consultation.