March, 03 2015

HTTP to HTTPS website transition

For making Internet world better, web-sites owners shall care more concerning the end-users' security as well as data integrity, by utilizing secure protocols such as SSL or TLS and obtaining an SSL Certificate.

A website secured by an SSL Certificate increases the users' credibility, given the fact that the Certificate Authority makes some researches about the identity of the company and verifies the owner of the domain name. Thus, the users are sure about the certainty that the website owner takes care of its users and security of their personal sensitive data traveling across the world.

A website accessible via HTTPS and secured by a signed trusted SSL Certificate, gives considerable advantages for website owners and users, even if it does not have a sensible content on it:

  1. An SSL Certificate assures the encryption of the information transfer and only the target user can decrypt and understand it. Secure Sockets Layer and HTTPS encrypts the communication, protects credit cards numbers, browsing history and URLs.
  2. It verifies the connection between the server and the website, to confirm it is the right website that the server speaks to;
  3. SSL and HTTPS gives to the website a ranking boost on the search engines;
  4. HTTPS prevents the third person’s manipulation, making the website secure;

Therefore, here are some tips and tricks to do an easier and more effective switch to an HTTPS site:

  1. It is important to choose the right SSL certificate for your website. From the users’ and security perspective, it has a high significance for the users’ trust level. For an e-commerce website, the best option is to obtain a Business Validation SSL certificate. An Extended Validation with Green Bar SSL certificate is more suitable for the highest users’ trust level;
  2. It is perfect to have a dedicated IP address for each https:// website.  Not all the web browsers and hosting providers support SNI method that allow many SSL secured websites hosted on one IP address.
  3. it is advisable to check if the web hosting provider supports https:// or Secure Sockets Layer Protocol.
  4. It is advisable to ensure that Google is able to crawl and render the website. The Fetch and Render function in Webmaster Tools are probable to be used.
  5. It is required to use 301 redirect https://yoursite.com/request, with .htaccess file for Apache web server for every website pages http://yoursite.com/request.
  6. In Google crawling, indexing and ranking http:// and https:// URLs are treated as separate ones, therefore it is essential to use redirect 301.
  7. Each website element shall use https://. Thus, https:// element is added to JavaScript, CSS files, images, and all included links;
  8. It is reasonable to ensure and verify that all canonical tags in HTML header are specified as https://;
  9. It is advisable to set all user cookies as secure.
  10. The HTTPS website version shall be registered in Google and Bing Webmaster Tools;
  11. It is reasonable to update sitemaps to reflect the new URLs and present the new sitemaps to Webmaster Tools. The original (HTTP) sitemaps will be left in place for 30 days for search engines do the websites 301 redirects crawling and processing.
  12. The websites robots.txt file shall be updated. Add your new sitemaps to the file. Ensure your robots.txt doesn't close off any important pages.
  13. Nearly all modern Google Analytics tracking snippets handle HTTPS, but the original code may require a second analysis. In case it is necessary, you shall update your analytics tracking code.
  14. Developers shall apply HTTP Strict Transport Security (HSTS). This response header communicates user agents to only access HTTPS pages even thought aimed to an HTTP page. This excludes redirects, accelerates response time, and maintains protection.

Finally, moving to an SSL encryption will be by default in time. In the interim, all the websites will have to do the switch from HTTP to HTTPS protocol.

An SSL certificate on the website increases significantly the safety and confidence of the users, helps to keep the business protected, helps to gain the customers certainty.

Choose the right SSL certificate for your internet business on CyberSSL.com to ensure that your business is safe.