Creative Solutions and Digital Designs since 2010

A3 Creative Solutions The A3CS Blog

Stories, Tips, Tricks and Trends

The A3 Creative Solutions Blog

Business Catalyst and SSL/HTTPS


Blog postedPosted on June 25, 2017 by Aaron Macdonald

We are excited to announce that Adobe Business Catalyst, our preferred hosting provider, now offers a secure HTTPS/SSL connection for all private domains.

After initial testing by the A3 Creative Solutions team, we are pleased to inform our customers that the set up is working well. However, there are some things to consider before switching to HTTPS. Before we start, here is a brief explanation what HTTPS & SSL are, and why you need it for your site.

What is HTTPS?

HTTPS stands for Hyper Text Transfer Protocol Secure - this is the secure version of HTTP, the protocol used when data is transferred between your browser and the server that hosts the website you are visiting. As the name says, in the case of HTTPS all the communication between your browser and the website you are visiting is encrypted.

This means that all data exchanged, like personal data you are filling into a webform, credit card related data, the information you are getting when opening up your Member only webpage, and so on is encrypted at one end (the browser or the server), sent across the Internet and decrypted at the other end, thus making it unusable for a potential attacker that might intercept it.

Various search engines have recently also started favouring HTTPS enabled websites when displaying websearch results. In general HTTPS enabled websites are regarded as more trustworthy for visitors.

What is an SSL certificate?

In order to enable the secure connection, an SSL certificate is used. This certificate is purchased from a Certificate Authority by the server's administrator and is sent over the web browser of the visitor in order to initiate the so called "SSL handshake". The handshake is basically the initial exchange between the web server and the browser in which the SSL certificate that contains the public encryption key is downloaded by the browser. After the certificate is downloaded from the webserver, the encrypted communication can begin.

Why do I need this for my website?

Data protection is by far the biggest advantage of HTTPS, but it’s not the only one. HTTPS sites also load significantly faster. In a test on HTTP vs HTTPS.com, the unsecure version of the page loads 334% slower than HTTPS – try the test on your own device and see how they compare.

That’s not all. Back in 2014, Google tried to persuade webmasters to make the switch to HTTPS and made the secure protocol a stronger ranking signal as motivation. Google flat-out said they would start giving preference to sites with an SSL in 2014. Since that time, encrypted sites have earned a boost in rankings over their unsecured counterparts. Since that bit of motivation didn’t provide enough encouragement for sites to switch, now Google is forcing the issue. Instead of incentivizing HTTPS, Google may even penalize HTTP sites.

More recently, Google and other top search engines will begin shaming those sites that are not using secure using HTTPS. Unfortunately your customers are seeing this change in their browser.  Here is a snapshot of a Chrome Browser URL bar.  As you can see, a Secure HTTPS shows a nice healthy green lock

Chrome HTTPS vs HTTP

As with anything on the web, it is constantly changing to better improve the user experience. It's important for your business to stay current with these updates and offer the technical and visual security for your customers so that they feel confident and trust your site. It's also important to note that your website has always been secure, as Business Catalyst is a closed-system, and your e-commerce transactions and member only areas have always been secure using Business Catalysts .worldsecuresystems.com  domain. This new HTTPS/SSL offers another layer of protection for the entire website.

This is what your website URL bar should look like after the upgrade:

A3CS HTTPS

What does it cost to upgrade my Business Catalyst website to HTTPS/SSL?

Business Catalyst charges $80/USD per year to upgrade your domain to HTTPS/SSL.  This includes creating an SSL certificate for your domain and all sub-domains.  As a client of A3CS, we will set up this upgrade to all existing clients at no-charge. This does not include updating any old HTTP links within your site, or updating any external sites with your new website address (i.e. Social Media Accounts, Retailers, etc). If you require a full-scope update of all links pointing to your site to be updated with HTTPS we can offer this service at our normal billing rate.

If you are interested in upgrading, Donna will contact you to ring through your credit card for the upgrade.  We can also discuss the other options available to make the transition as smooth as possible.

Important things to consider before making the switch to HTTPS/SSL

We have tested the upgrade process on our agencies website. The transition has taken about 2 weeks. This included:

• Creating the SSL Certificate
• Waiting 24 hour for the SSL Certificate to be created
• Once SSL Certificate was created, we set all site visits to be re-directed to the https:// domain.
• Once Domain was switched, a new internal Sitemap was generated within 24 hours.
• Once sitemap was generated, we re-submitted Sitemap to Google for site indexing.
• Since Google sees this as a new website, it takes time for pages to be indexed by Google (we have ways of pushing this along).

At the end of it all, you should start to see your website re-indexed back into Google Search at least partially within 2 weeks. During this time your website will lose some slight ranking, but should make it back up as Google sees your site as being secure. Even more important so that Google does not get confused with your HTTP vs. HTTPS website, you need to change all external links pointing to the site with https://www.yoursite.com.

There is a lot more to discuss, so please schedule a time with our team to discuss the upgrade process.

Some other things to consider:

1. All the assets you use have to be delivered securely

This means that all the js, css and other assets you link in your templates, pages or layouts need to be delivered via https.

Testing this is pretty simple. Just browse your website using the default secure domain to browse your site and look out for "mixed content" warnings. Do note that depending on the browser you are using this warning might be different but the tell-tell sign is the red padlock next to the URL:

If you run across this error on one of your pages you need to look in the template's HTML code and make sure there are no assets still using the HTTP protocol.

2. What about SEO?

After switching to HTTPS, SEO-wise, it will be like changing your website's domain altogether. It will take some time for the crawlers to re-index your website and a certain drop in rankings will most likely be seen.

Maintaining your link integrity - only use relative links and making sure that no links point to the non-secure, http version of the site will help with the SEO score.

3. Webmaster tools, analytics, domain verification

As you might have guessed, enabling HTTPS will also require re-registering your website in Google's webmaster tools, updating your Analytics tracking code (as this is basically a new website) and re-verify your domain ownership.

4. HTTPS on older browsers

You need to keep in mind that older browsers do not use the latest security standards required by the SSL-enabled communications. Here is a list of browsers that are unsupported:

• Google Chrome 6 or older
• Internet Explorer 7 or older, as well as all Internet Explorer running on Windows XP
• Firefox 2 or older
• Safari 2.1 or older

As far as mobile browsers are concerned here is the list of unsupported browsers:

• Safari on iOS 4.0 or older
• Android browsers running on version 3 or older
• Windows Phone browsers running on version 7 or older

CONTACT US TODAY TO DISCUSS!

(778) 355-4765 or info@a3creative-solutions.com

Top