Monitoring SSL Migration – The road to HTTPS being the default on the web

 

Google Announces HTTPS as a Ranking Signal for SEO

It’s official, Google openly “encourage(s) all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

On Wednesday, August 06, 2014 – Google announced HTTPS as a ranking signal for SEO. If you’re not familiar, Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication, protecting the connection to the website through authentication and encryption. Utilizing HTTPS to secure all traffic on your website ensures your site visitors that their information, both what they consume and what they submit, is secured from prying eyes as the data travels across the internet.

For the most part, you do not have control over where your data travels in between your web servers and your visitors browsers, but you do have control over how that data is secured.  Encrypting your traffic prevents hackers, governments, security agencies, ISPs and anyone else who might try to view your data from doing so.  It also helps protect your site from fraud and helps protect your visitors’ identities and reputation.

Who is Migrating to HTTPS?

HTTPS isn’t just for your bank or credit card anymore. Giants like PayPal, Google, Twitter and Facebook have all migrated, and with the recent news of Google’s SERP algo update, most Fortune 500s are scrambling to switch as well.  According to the Trustworthy Internet Movement, as of August 2 2014, over 28% of the net’s most popular websites have already migrated to HTTPS, and now that Google has announced that it affects search engine rankings we expect the majority of major sites to follow suit.

So what are the steps to implement this process?

 

Tips to Migrate to HTTPS Everywhere

Here are some tips from Google and explanations we have provided as to how these tips help ensure that your migration goes as smoothly as possible.

  1. Determine what type of SSL certificate you need:
  • If you host a single site with no sub-domains, then a single certificate will do.
  • If you have multiple sub-domains on your site such as users.example.com and mail.example.com, then you need a wildcard SSL certificate.
  • If you support multiple domains such as www.example.com, www.example.net, example3.com, etc… or multiple sites on the same server using the same IP address, a Unified Communications Certificate or multi-domain certificate is necessary.
  1. Be sure to select a 2048 bit RSA private key (as of January 2014, no web browsers or certificate authorities support smaller keys).
  2. Use relative URLs for all links within the same domain.  A relative link looks like this href=”/thispage.aspx” versus an absolute link which looks like href=”https://www.example.com/thispage.aspx”.  This way your links will not break when you migrate to httpss because the link will assume the file path relative to the domain of the current url.
  3. Use protocol relative links to all resources outside your domain.  Protocol relative links simply don’t specify what protocol to use, such as //example.com, so that they do not break if the external domain does not support the protocol you are currently using.
  4. Don’t use robots.txt to block crawlers from your secure site.
  5. Allow search engines to index your secure site by not using the no-index meta-tag in your robots.txt.

Before going live with any changes, it is always smart to back everything up – files, folders, configs, images, databases – just in case something doesn’t work out you can always roll back.

HTTPS and Site Speed

It has long been understood that migrating an entire site to HTTPS can cause your site to slow down due to additional overhead including bandwidth usage, key exchanges and extra processing time for encryption.

Before migrating your site to HTTPS, it is important get some baseline metrics of how your site performs as an HTTP site from different locations around the world. Then you can compare the results after you make the migration to see if your site really did slow down and by how much. Use our free tool to see metrics on how your site currently performs.  If you wish to establish and record running averages to give you a more realistic baseline for your site speed, log in to our free trial to monitor your site over time from over 20 locations around the world, and save those results to be directly compared after you update your site.

Does Migration to HTTPS break anything on your site?

It is important to track your HTTP to HTTPS migration carefully in your analytics software and within Google Webmaster Tools to ensure traffic fluctuations and errors do not occur.

If you are concerned that certain key components, links or processes on your website could break during the transition to HTTPS, we suggest you create a free monitoring account to actively monitor your website during the transition. With active monitoring you will automatically receive email alerts if the monitor detects any errors on your site during this process.

Additional Layers Add Complexity

Finally, we recognize that securing 100% of your website with HTTPS sounds great in theory, but there are also plenty of pitfalls to watch out for when you are using HTTPS/TLS.  Google has listed a number of these common mistakes at the bottom of this helpful webmaster support article.  In order to avoid these mistakes or at the very least catch them as they may affect your site in the future, we recommend you sign up to create active SSL monitors to catch errors and notify you as soon as they are found.

If you have already migrated to HTTPS, we also offer website monitoring with SSL validation & expiration alerts.  For more details see our SSL Checker page.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on email
Email
Share on print
Print