An SSL (Secure Sockets Layer) certificate is a digital certificate that encrypts the connection between a user's browser and your web server, protecting data in transit. Websites with an SSL certificate load via https rather than http, and display a padlock icon in the browser address bar.
How does an SSL certificate work?
When a user visits a site with an SSL certificate, their browser and the server exchange encryption keys and establish a secure connection before any data is transmitted. This means information entered on the site, such as contact form data, login credentials, or payment details, cannot be intercepted in transit. Without SSL, data is transmitted in plain text and is vulnerable to interception on unsecured networks, such as public Wi-Fi.
Does SSL affect SEO?
Yes. Google confirmed https as a ranking signal in 2014, and its weight has increased since. More practically, Google Chrome and other browsers display a "Not Secure" warning on http pages, which undermines user trust and increases bounce rates.
For any page that collects user information, the absence of SSL is both a security risk and a conversion barrier. All websites built today should use https as a baseline requirement.
[Screenshot: Browser address bar showing a padlock icon and https URL for a secure website, alongside a second example showing the "Not Secure" warning on an http page. Alt text: Browser address bar showing a padlock icon and https prefix on a secure site next to a "Not Secure" warning on an http page.]
What types of SSL certificates are available?
The three main types are:
Domain Validated (DV): the most common type. Verifies that the applicant controls the domain. Suitable for most websites.
Organisation Validated (OV): verifies the domain and the organisation behind it. Used by businesses that want to display verified company information in the certificate.
Extended Validation (EV): the highest level of verification. Previously displayed the company name in the browser bar, though most browsers have moved away from this visual indicator.
For the majority of business websites, a DV certificate provides sufficient security and is adequate for SEO and user trust purposes.
How do I get an SSL certificate?
Many hosting providers include SSL certificates free of charge through Let's Encrypt, an automated certificate authority. If your host does not provide one, SSL certificates can be purchased from providers such as Comodo, DigiCert, or Sectigo. Installation is handled either by the hosting control panel or by a developer. Once installed, a redirect should be configured to send all http traffic automatically to the https version of the site, and Google Search Console should be updated to use the https property.
Related KB articles:
• What is Technical SEO
• What is a 301 Redirect and When Should You Use One
External links:
• Google Search Central, HTTPS as a ranking signal
Frequently asked questions
Is an SSL certificate free?
Basic domain-validated certificates are free through providers like Let's Encrypt, and most good hosts include one. Paid certificates mainly add organisation validation and warranties.
Does SSL improve rankings?
HTTPS is a lightweight ranking signal, so it will not transform results by itself, but browsers flag non-HTTPS sites as not secure, which costs trust and conversions.
How do I know if my site has SSL?
Look for the padlock icon in the browser address bar, and make sure the site loads at https:// and redirects the http:// version.