How does HTTPS works for better search results
HTTPS is the industry standard protocol used for securely transmitting data over the internet, in this case web pages. It addresses the issues with HTTP but at the same time it operates in exactly the same way, apart from the fact that all data is sent encrypted. Use of HTTPS is effective for SEO process too as helps to improve Google rankings
When you visit a website with the https:// prefix you are telling the web server that you want to establish a secure communication path. HTTPS will use a different port (number 443) to ensure that all secure and non secure communications are kept separately. The initial connection establishment sequence goes a little like this:
- The client web browser will inspect the certificate that the web server has to ensure its authenticity and make sure that they are who they say they are. Only certain governing bodies are able to issues certificates and these come at a cost to the company who want them.
- Once the client has confirmed the certificate is legitimate the browser will check to see what types of encryption the server is offering that it can use.
- Upon agreeing on the type of encryption to use the client and server will then exchange unique encryption keys that are used to encrypt the data, only the client and server know about these keys.
- Using these keys data transmission begins, before anything is sent it is encrypted and once the other party receives it the data is then decrypted and processed as normal.
This whole process is a lot more complex than regular HTTP communications and because of the extra overhead that is created you might notice a decrease in speed. The same applies to both to the server and client since both have to use extra processing power to encrypt and decrypt any data. With HTTPS though a packet sniffer will only pick up encrypted data which will be useless to a potential attacker
Getting an SSL certificate — An SSL certificate is used for two reasons; firstly it proves the identity of the server who has it. Secondly it is used to encrypt the data itself. These are two totally different considerations that a webmaster should think about before getting a certificate. If data encryption is the only concern and identity is not such an issue then an SSL certificate can be generated by free software that is widely available on the internet. By doing this the webmaster would offer full data encryption to and from the client but without the proof of identity.
On the other hand companies such as VeriSign and Thawte are very big and reputable companies who offer the same certificates that offer the same level of encryption but for a yearly fee. The difference here is that your site will have proven identity certificate and users can rest assured that your site is legitimate. You will find that many only retailers will buy these certificates from companies like VeriSign so they can prove who they are and give customers the peace of mind they need before entering things like credit card details on their site.