https everywhere and ssl certificates - website security just got a lot more important

30
Everything you need to know about HTTPS Everywhere and SSL for SEO Benefit Including Why You Need It, How It Works and How to Get it Installed HTTPS & SSL: WEBSITE SECURITY JUST GOT A LOT MORE IMPORTANT Presented by 1st on the List Promotion Inc.

Upload: 1st-on-the-list-promotion-inc

Post on 20-Jun-2015

686 views

Category:

Technology


4 download

DESCRIPTION

In this HTTPS and SSL presentation learn what is HTTPS, how SSL works, benefits of HTTPS and SSL, HTTPS Everywhere as an SEO ranking signal, typical SSL vs HTTPS Everywhere implementation, SSL vulnerabilities, upgrading to SSL 2.0, SSL installation and how to get SSL for your website.

TRANSCRIPT

Page 1: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

Everything you need to know about

HTTPS Everywhere and SSL for SEO BenefitIncluding Why You Need It, How It Works and How to Get it Installed

HTTPS & SSL:WEBSITE SECURITY JUST GOT A LOT MORE IMPORTANT

Presented by 1st on the List Promotion Inc.

Page 2: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

The Need for HTTPS & SSL

SSL Cert & HTTPS

Google now uses HTTPS Everywhere as a small

ranking signal; will likely increase importance in the

future.

More and more customers are becoming savvy online shoppers and reward the brands that they

trust with increased business.

Multiple security compromises with Big Brands in the media lately and consumers

weary of having information stolen.

Online security breaches can have devastating

financial costs and be a PR Nightmare.Using SSL on secure info pages for

encryption is no longer enough to combat today’s threats.

Popular browsers will soon start

giving warnings to visitors trying to

access non-secure websites.

Page 3: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

In this presentation …• What is HTTPS and SSL and how does it work?

• Benefits of HTTPS and SSL.

• HTTPS Everywhere as an SEO Ranking Signal.

• Typical SSL vs HTTPS Everywhere.

• DigiCert®, our SSL Certificate Authority partner.

• SSL Vulnerabilities and Upgrading to SSL 2.0.

• SSL Installation and Implementation.

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 4: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

The BasicsWhat it isHow it worksWhat your visitors see

Page 5: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

What is HTTPS?

HTTPS makes it harder for hackers to break the connection and steal personal information such as credit card numbers, addresses, passwords, etc.

HTTPS helps further protect the privacy of your visitors!

HTTP (Hypertext Transfer

Protocol)

+ SSL (Secure Socket

Layer)

HTTPS (Hypertext Transfer

Protocol Secure)

=Defines how messages are

transmitted between visitor’s browser and

website’s server.

Protects and encrypts information sent across

the Internet.

Encrypts information sent between browser and

server.

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 6: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

What is an SSL Certificate?• All browsers have the capability to interact with secured

web servers using SSL protocol.

• However your website needs an SSL Certificate to establish a secure connection.

• Your website can get an SSL Certificate from a Certificate Authority (CA) which is a trusted third party that authenticates your organization and website’s identity.

• Since the browser trusts the CA the browser now trusts your organization’s identity too.

• The browser lets the user know that the website is secure and the user can feel safe browsing the site and even entering their confidential information.

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 7: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

The SSL Handshake

1. Browser connects to a web server (website) secured with SSL (https). Browser requests that the server identify itself.

2. Server sends a copy of its SSL Certificate, including the server’s public key.3. Browser checks the certificate root against a list of trusted CAs and that the certificate is unexpired,

unrevoked, and that its common name is valid for the website that it is connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key.

4. Server decrypts the symmetric session key using its private key and sends back an acknowledgement encrypted with the session key to start the encrypted session.

5. Server and Browser now encrypt all transmitted data with the session key.

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 8: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

How does it look to your visitors?Look for Green, the Lock and the “S” up in your Browser:

Notice that not all HTTPS look the same. That’s because there

are different levels of SSL Certificates.

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 9: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

Added Visual Trust CuesOne of the most important components of online business is creating a trusted environment where potential customers feel confident in making purchases. Different browsers give different visual cues, such as a lock icon or a green bar, to help visitors know when their connection is secured.

How it looks on different browsers

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 10: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

Benefits of SSLReasons why your website should be secure.

Page 11: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

Benefits of HTTPS EverywherePROTECTION Secures visitor personal information reducing risk of

compromised information.

TRUST Visual trust indicators such as the green bar and lock symbol.

SEO HTTPS Everywhere is now a ranking signal and expected to become even more important in the future.

COMPATIBILITY In the future popular browsers like Chrome will give warnings for websites using less-secure SSL Certificates.

ENGAGEMENT Visitors are more confident in using your website.

SAFEGUARDS Protect your brand against the devastating costs of data breaches.

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 12: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

HTTPS is Google Ranking FactorGoogle officially confirmed HTTPS as a ranking signal on August 7, 2014:

Security is a top priority for Google … Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure … “We want to go even further. At Google I/O a few months ago, we called for “

HTTPS everywhere” on the web. We’ve also seen more and more webmasters adopting HTTPS on their website, which is encouraging.

For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal while we give webmasters time to switch to HTTPS.

But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 13: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

HTTPS EverywhereTypical SSL vs. HTTPS Everywhere Install

Page 14: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

Google’s HTTPS EverywhereSSL Certificates and HTTPS pages have been around for a long time … but typically only on parts of websites where secure information is exchanged. This is Typical SSL.

But now Google is saying that there is a ranking advantage when you have your SSL Certificate installed across every single page on your website and everything about your website is secure.

This is what is called “HTTPS Everywhere” or “Always On SSL”

Only when SSL is properly implemented across EVERY COMPONENT of your website

will it earn Google’s ranking advantage.

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 15: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

Typical SSL (Good)SSL is only installed on pages where private information is exchanged.

Changes to HTTPS when visitor goes to Redeem a Giftcard

Changes to HTTPS when visitor

Proceeds to Cart

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 16: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

SSL Everywhere (Better)SSL is installed on every single page and image of your website whether or not private information is exchanged on that page.

Contact

Every single page you click through on Facebook is HTTPS.

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 17: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

We do both types!Typical SSL (Good)

Enables you to create secure pages, sections or components of your website.

SSL Everywhere (Better)

Get the SEO Ranking Advantage! Only when every single component of your site comes from a secure connection is your site truly SSL Everywhere. This includes:

• URLs• Javascripts• Images• Stylesheets• Include files• Configure relative URLs• Noindex robots meta tag

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 18: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

Our SSL PartnerIntroducing DigiCert® EV SSL Plus Certs

Page 19: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

Our Official SSL Partner

One of the world’s leading SSL Certificate Authorities (CA) and their product value is unparalleled.

Used by over 80,000 customers in more than 180 countries securing over 1 trillion transactions each day!

5-star, award winning customer support.

Highest rated Certificate Authority on SSL Shopper.

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 20: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

DigiCert® SSL Certification Levels

SSL Plus Certificate Basic 2048-bit strong encryption with browser trust, with SANs to secure good for both:

example.com www.example.com

Wildcard Plus Certificate

Secures an entire domain and its subdomains:www.example.com mail.example.com

Extended Validation (EV) SSL Plus Certificate

Highest level of certification that gets you the green address bar up in the browser and other visual cues your visitors will look for.

RECOMMENDED

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 21: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

SSL and Site Speed/ Performance

DigiCert’s OCSP response times over 4x faster than competitors!

Many are concerned that SSL will affect a website’s load time and thus affect user experience and SEO rank. The delay is often due to the SSL handshake as the browser waits for the issuer of the certificate to confirm that it is valid before the page will load. Revocation Checking (OSCP Response Time) is one of the most important factors as it influences site speed.

*lower response time is better/ faster!

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 22: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

SSL Summary• SSL Certificate and HTTPS Everywhere boosts rankings.

Google says HTTPS Everywhere is a factor in their ranking algorithm and says that the weight of SSL as a ranking factor will increase as webmasters have time to migrate their sites.

• Early SSL Adopters will get the advantage.As with other SEO ranking factors, the first wave of websites who migrate to HTTPS Everywhere should receive the best long-term results.

• SSL is the way of the future.As more sites adopt SSL your visitors will become accustomed to seeing HTTPS and question the security of your website if you don’t have it.

• Small cost, big gains.The upfront cost to implement SSL is well worth the ranking and trust benefits. Better rankings mean more visitors and more trust means better engagement metrics and conversion rates.

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 23: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

Making the Switch or UpgradeGet SSL for the First TimeUpgrade Current SSL Certificate Switch to HTTPS Everywhere

Page 24: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

Do you need SSL on your site for the first time?• Do you collect credit card payments?

If you website exchanges credit card information you are required by the Payment Card Industry (PCI) to have an SSL Certificate.

• Do you send/ receive other private information? Visitors like to know that their personal information like street address, phone number and health records are secure.

• Are you in a competitive market?If you are in a highly competitive market where every small advantage can make a difference.

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 25: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

Do you need to upgrade your current SSL Certificate?• Are you using SHA-1?

90% of websites with SSL encryption use the SHA-1 algorithm which is dangerously weak and gets weaker each year. SHA-2 is much stronger and supported just about everywhere. In fact, Google Chrome will soon start displaying warnings for sites with SHA-1.

• Are there other hidden vulnerabilities lurking in your current SSL?Some SSL Certificates can be vulnerable to things like weak keys, SSL 2.0 Enabled, Weak Algorithm, Heartbleed Bug, Broken Chains, B.R.E.A.C.H., C.R.I.M.E., B.E.A.S.T. and more.

• Does your SSL Certificate give adequate Visual Trust Signals?The strong validation SSL EV Certificates turn the address bar of the user’s browser green, telling them you are who you claim to be.

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 26: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

We’ll scan and analyze how your SSL Certificates and SSL Termination Endpoints are configured, including any potential vulnerabilities that may be lurking on your website.

Don’t Delay … Get Your Report Today! Call 1-888-262-6687 or Email [email protected]

Improperly installed or misconfigured SSL Certificates are the most common source of SSL vulnerabilities.

Your Complimentary Inspector Report

Find out if your Current SSL is Vulnerable

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 27: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

Our SSL Services Through DigiCert®SSL for the First Time

SSL Certificate Upgrade

Now’s the time! We offer 1 and 2 year EV SSL Certificates with discounts available when you purchase the multi-year certificates. We also offer renewal discounts when your SSL Certificate expires.

Regardless of the current state of your website we will walk you through the verification process and help with the Basic Install and/or Sitewide Implementation of the SSL Certificate on your website.

Are there vulnerabilities in your current SSL? Don’t wait for your current SSL Certificate to expire before upgrading to a stronger, more secure SSL 2.0 Certificate. When you purchase a DigiCert® SSL Certificate through us you will be credited for the remainder of your existing SSL Certificate no matter who you originally purchased it through!

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 28: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

SSL Installation and ImplementationWhether you are getting an SSL Certificate for the first time or upgrading your current SSL Certificate, we’ll install it and take care of all the details for you!

STEP 1: Basic SSL Certification and Installation

1. Purchase Extended Validation SSL Certificate.2. Verify the SSL Certificate.3. Basic installation of SSL Certificate on your website.

STEP 2:“Site Wide” Implementation of SSL Certificate

1. Implement SSL throughout the entire website.2. Extensive tests to ensure sitewide implementation is

working.3. Get Google’s HTTPS Everywhere ranking advantage.

Let Us Help You Purchase and Install the Right SSLCall 1-888-262-6687 or Email [email protected]

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 29: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

RECAP – You Need It and We Do It!• Upgrade or Purchase your SSL Certificate with us.

There are various levels of SSL Certificates depending on your site needs.

• Verify the SSL Certificate through DigiCert with our help.Rigorous evaluations and meticulous documentation checks to confirm your authenticity and ownership.

• We’ll Install the Certificate on your Server.Add the text file to your Server along with the intermediate certificates required by browsers so that they know to trust your SSL Certificate.

• We’ll Implement HTTPS Everywhere.In order to get the SEO benefit of an HTTPS you need to have site wide implementation so that every page is HTTPS. This also helps to boost user confidence and online trust.

SEO BENEFIT COMES INTO PLAY HERE!

Typical Install

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca

Page 30: HTTPS Everywhere and SSL Certificates - Website Security Just Got a Lot More Important

This presentation is brought to you by

For more information on our HTTPS Everywhere Services and how we can help you implement a Total SSL Package on your website

please visit https://www.1stonthelist.ca/web-design/ssl-certificate/ or

Call 1-888-262-6687 Email [email protected]

1st on the List Promotion Inc. | 888-262-6687 | Fax: (604) 746-5475Email: [email protected] | Website: www.1stonthelist.ca