Why does Google Force You to Obtain an SSL Certificate on Your Website?

SSL is no longer optional, it is mandatory as from July 2018

There have been reports in the past two years that Google will clamp down on websites that do not possess an SSL certification. Those reports proved true in July 2018.

Those who upgraded to Google Chrome ‘s latest — Chrome 68 — found that certain websites were marked with ‘Not Safe.’ Essentially, the ‘Not Secure’ alert is provided on all websites that do not have an SSL installed, i.e. those that are still listed as ‘http’ in the URL instead of ‘https’.

In this article, we’ll show you an overview of what an SSL certificate is, why you need one and how you can get it.

What does an SSL Certificate mean?

SSL (Secure Sockets Layer) certificates are a safe means of data transfer over the internet. It encrypts all incoming data so that they can be transferred from server to browser in a secure manner. This prevents access by third party individuals to user data.

Once you receive an SSL certificate, your website uses the https protocol, and when they access your website, a padlock sign will be displayed in the user’s browser. HTTPS stands for Encryption in the Hypertext Transport Protocol.

Why you need an SSL certificate

There are several reasons to get an SSL certificate:

  • Good for SEO: Given that Google is cracking down on unsafe websites, their search engine has also begun to favor https websites. Google has begun the de-prioritization of insecure websites. As such, failing to obtain an SSL certificate could cause your website to climb down the Google SEO ladder, rendering it virtually invisible to new customers and visitors.
  • Security: If users provide sensitive information about your website — credit card details, address details, etc. — you need to make sure their information is secure. SSL allows private browser-to-user transactions, ensuring that no third party can steal that information.
  • Trust: An increasing number of users have become distrustful of sites that do not carry the padlock sign — especially if they are actively marked with the ‘Not Secure’ sign. As such, if you are an eCommerce website, users would hesitate to make transactions or provide details using your website. That might end up costing you in terms of business lost.

Google SSL Guidelines

While marking all HTTP websites as ‘Not Secure,’ Google no longer trusts SSL / TLS certificates provided by Symantec, either. As such, users accessing websites using a certificate issued by Symantec prior to June 2016 or after December 2017 will receive a full-page warning that the website is not secure.

Deadline for Google SSL

Starting October 23 — for Chrome 70 users — all websites with Symantec certificates have been classified as untrustworthy. The only way webmasters can prevent this is to obtain the required SSL certificate.

How do I obtain an SSL Certificate?

You need to purchase a reliable SSL certificate to ensure that your website is safe and you don’t get branded with the dreaded ‘Not Secure’ sign. You can receive a trusted and stable SSL certificate from providers such as Comodo, RapidSSL, GeoTrust, Thawte and Symantec.