SSL certificates seems to still be one of the most misunderstood website’s features being mentioned in terms of website security and user security, but also SEO and website reputation general. We have covered already this topic to an extent in an article explaining should a website have one – and the answer is a resounding YES.
Quite a compelling reasons is the fact that Google is taking SSL into account when defining website rating and position in the search index. To what extent is unclear, but the fact that your website without SSL encryption is marked as “Not Secure” should indicate that it is an important factor for search engines.
How to know if your SSL certificate is correctly configured for your website
TLDR; / The simple answer – if your website URLs (page addresses) starts with https:// or you see a green padlock icon – you have it correctly setup. Sometimes though, this can be a lot more complicated…
Often, a website will have an SSL certificate installed on its website, but the pages will still load via http:// and consequently be shown as not secured or red padlock in the browser. The most likely reason for this is the fact that the use of SSL is not enforced and the website treats both versions with the same relevance. So even Google will treat your https://yoursuperwebsite.com/ and http://yoursuperwebsite.com/ differently.
One solution to get this sorted is rather simple – one must force the use of https so even pages that are called as http are then redirected to https. This redirection can be handled by your application, htaccess or if you use Cloudflare the ‘force http’ option.
A more annoying situation can be the dreaded yellow padlock or mixed content issue!
Yellow padlock = Mixed content
This is likely the most confusing situation for our customers as all steps have been performed and the site is still not seen as fully secured. The reason for this lies in how the page content has been put together. Your pages are being served as https i.e. having a certificate, but they also contain content, images or scripts that are not served via https i.e. they don’t have am SSL certificate.
Given various browsers display this different ways, the easiest way to check if this is the issue you are faced with is to use a tool like https://www.sslshopper.com/ssl-checker.html – their results will in detail provide you info about your website’s SSL certificate – It will even list parts of the page that is problematic so it is easier for you to recognise it and fix it. Sometimes is it just some image on the page that has been embedded via http – Sometimes though it is script and this even cases issues with the page display.
Fixing it then might be as simple as enforcing some redirect from http to https, but then it might also be a more intricate task. The solution for resolving these issues can be varied, so if you are not technical – it may be wise to get your developer to have a look.
We Can Help Save Your Business
SITE FIXED IN LESS THAN 1 HOUR
WordPress website defaced ? If we don’t fix a defaced website in less than 1 hour then we do it for FREE!. Luckily for us we are very good at fixing sites fast!