SSL Encryption

In a so-called "SSL encryption" (Secure Sockets Layer) a connection between a server and a client is encrypted.

This means it cannot be viewed by third parties. The encryption generally takes place via the https protocol. Nowadays SSL encryption of websites is considered as Google ranking factor. An even more secure encryption is now possible by TLS (Transport Layer Security).

This is how an SSL encryption works

If a URL can be called up via https, the data connection between the browser and the domain is encrypted on the webserver. In order to create this encryption, corresponding data is first called up from the browser.

The client then checks whether the server and domain belong to the URL. To this end an SSL certificate is called up, which confirms the connection between the webserver and domain.

The SSL certificates are reissued by certain institutions, the “Certification Authorities” (CA). The certificates must be requested by the operators of a website at these points. Then the request is checked together with all the relevant information on the site. The created certificate is then published by the CA, so that it can be downloaded upon the site call-up by a client.

The actual encryption takes place by the data first being secured with a public key. The information sent between the server and client can then be deciphered with the private key stored on the webserver. This means that third parties have no access to the data connection between the two participants.

Should a secured connection not be created, then the SSL protocol is switched off.

The user can tell whether or not a data connection between a browser and domain server is encrypted with SSL by the https before the web address. This is the conventional http protocol that is encrypted with SSL.

Types of SSL certificates

The CA Security Council (CASC), an organization for increasing data security on the internet, has authorized various providers for the distribution of SSL certificates. The best-known are Thawte, GeoTrust or GlobalSign; one of the best-known providers of free SSL certificates is Let’sEncrypt.

The requirement for acquiring a publicly usable certificate is that the affected website also be publicly used. Therefore, intranet connections cannot be encrypted with a public SSL certificate, but instead require other solutions.

All SSL encryptions are available for a domain or as a multi-domain solution (SAN certificates). Ultimately, website operators have to decide for themselves which versions they choose. Every certificate has a limited duration. Generally this is one year. For this the site operators pay a fee to the CA.

Various SSL certificates are available to choose from for webmasters, which differ according to their encryption or trust level. The individual levels are shown here by increasing security:

Domain Validation (VD)

With this SSL key, also known as a “DV certificate”, the basic data of a website is recorded and stored and published by the CA. This simple form of SSL encryption is used by private or small websites. Because ultimately, whilst the data connection is encrypted, the certificate does not confirm that it was only issued for a certain company. These forms of SSL encryption therefore regularly occur when no dedicated server is used and numerous websites share a server, for example. In this case, the connection is secured up to an https proxy server; the connection between the server and the website, on the other hand, is no longer secure.

Organization Validated (OV)

OV certificates are only issued after a thorough check of the company. Visitors to a website can then call up this data and precisely check the trustworthiness of the website.

Extended Validation (EV)

These SSL certificates are issued according to very strict selection criteria. Alongside the website, the data security of the company is examined at the same time. The EV certificate makes it clear to users that all connections with the domain of this company are SSL-encrypted.

Setup of an SSL encryption

In order to setup SSL encryption for a website, the purchased SSL certificate must be integrated into the server. The certificate is uploaded to the server to this end.

Then depending on the type of certificate, webmasters can decide whether a domain, subdomain or numerous domains can be encrypted in the settings of the server. The configuration can generally be easily taken up by the software of the webhoster.

Finally, the SSL encryptions should be checked with various clients, such as Google Chrome, Firefox or Microsoft Edge. SSL checkers are also recommended tools.

SSL encryption as a ranking factor

Since 2014, SSL encryption is a ranking factor for Google. The web search itself has already been protected with https since 2011. Nowadays Google users are shown in the SERPs whether a website supports the https protocol.

In 2017, Searchmetrics inspected the HTTPS proliferation in Google search results. According to it, in the area of financing 29% of URLs in the search results were encrypted. The further shares: E-commerce 12%, media 12%, health 19% and travel 23%.