Want to subscribe to topics you're interested in?
Become a Member

Featured SSL HTTPS as a Google ranking signal

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Aug 9, 2014.

  1. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    12:26 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    By now the news has spread that Google is how factoring in https / SSL as signal in their search ranking algorithm. It will initially only affect less than 1% of global queries so there is still time to get your SSL certificates and get your domains sorted for conversion from http:// to https://

    But how many queries is 1% of Google's global search queries, a quick Google (pun intended) led me to Google Search Statistics - Internet Live Stats which suggests that Google processes up to 3.5 billion search queries globally each day. So 1% = 35 million Google search queries each day maybe affected by factoring https and SSL into Google's ranking algorithm.

    More info from Explainer: How Google's New SSL / HTTPS Ranking Factor Works

    The info that would concern us Centmin Mod Nginx users who are thinking of setting up their domains with https supported SSL certificates.

    Centmin Mod Nginx SPDY/3.1 SSL setup

    For Centmin Mod Nginx users wanting to use SSL and serve their web sites via https, check out the following threads and Centmin Mod Nginx SPDY SSL setup guide.
    Domain Validation for SSL certificates

    You'll most likely be using domain validated SSL certificates so will need a working @yourdomain.com email address to verify and prove your domain name ownership at SSL purchase time. So check out Free @yourdomain.com Email Accounts & Alternatives | Centmin Mod Community

    SPDY check

    Test your https:// SSL based domain for SPDY via the following:
    SSL check

    Then test your https:// SSL based domain via these SSL test sites:
    CSR (Certificate Signing Request) Code Checker
    General SSL Info
    Difference between an SSL Wildcard vs standard SSL Certification

    Wildcard SSL Certificate covers all sub-domains of your main domain. If you have multiple sub-domains to secure, then a Wildcard SSL Certificate can save you hundreds or thousands of dollars and save your time for the configure and install process as opposed to buying individual SSL certificates. For example a single Wildcard SSL Certificate for *.yourdomain.com can be used to secure:
    • forum.yourdomain.com
    • blog.yourdomain.com
    • news.yourdomain.com
    • download.yourdomain.com
    • anything.yourdomain.com
    For standard SSL Certificates, for the above 5 listed sub-domains, you would have to purchase and configure and install five separate SSL Certificates - one for each sub-domain.

    Making Centmin Mod Nginx site domain conversion to https SSL a useful exercise


    Thought I'd post this as it's what I am doing with some of my private paying clients who are looking to switch to https SSL. What you do if you're unsure if https SSL conversion is right for your web site is to setup a duplicate test dev copy of your live site on a separate Centmin Mod Nginx setup server or IP address and preview the test copy site domain via local computer hosts file edits.

    For instance on windows pc to preview a test site on different ip, just edit C:\Windows\System32\drivers\etc\hosts with line
    Code:
    newipaddress domain.com www.domain.com subdomain.domain.com
    Then when you go to domain.com in your browser it bypasses your ISP DNS and uses the local hosts file edit to dirct domain.com to newipaddress. You can then setup https SSL as per Nginx HTTPS / SSL Google SPDY configuration on the test dev copy and preview how your site will function under https SSL before doing the same on live production site. You can then use test dev copy for any other testing you like to do in future too as well as serves as a useful exercise in making sure your backup and restore processes are working ;) And also allows you to test https SSL on test dev site without affecting your live production site's rankings or search engine listings.

    Just remember to remove the hosts file edit line once you want to view your live production site ;)

    Sharing your http to https SSL experience and journey

    If you want you can share your own experiences with converting from http to https SSL in the forums at Domains, DNS, Email & SSL Certificates. I have added a prefix tag for SSL for new threads created, so you can also filter on SSL prefix by clicking on it to view only SSL tagged threads - example click here :)

    Additional Notes

    If you rely on using advertising networks like Google Adsense etc, be sure to ask your ad rep whether they support serving ads via https SSL as not all ad networks support https SSL which may cause mixed content errors for visitors to your https SSL enabled site if the ads are served via non-https methods. See article here
     
    Last edited: Oct 2, 2014
  2. Peter Downey

    Peter Downey Member

    64
    24
    8
    May 28, 2014
    Ratings:
    +27
    Local Time:
    10:26 PM
    I gotta admit, I saw this coming back when they changed Webmaster Tools.

    For those of you that don't know, Google Webmaster Tools now views http and https as different domains. So if you haven't looked at your account in a while, and previously neglected to specify either tag on your site, you should go do so now. Previously you were able to just put Domain Name Registration and Web Hosting | Domain.com or domain.com, now you must include the http or https part too. The change is not retroactive either, so you'll need to update old domains if you failed to add the tag the first time around. Otherwise your stats will look very strange.
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    12:26 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah I found out when I switched this forum to https and needed to setup a new domain entry in webmaster tools
     
  4. Bubka3

    Bubka3 New Member

    17
    5
    3
    Jun 1, 2014
    New York, NY
    Ratings:
    +5
    Local Time:
    10:26 PM
    1.7.1
    5.5.37
    I started forcing HTTPs 3 months ago, and then this! More rank for me. :)

    You wouldn't happen to know what "The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-. MORE INFO »" means?
     
  5. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    12:26 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Better explanation of Forward Secrecy at Security Labs: SSL Labs: Deploying Forward Secrecy | Qualys Community

    Old brrowsers don't support Forward Secrecy though so not much you can do about

    i.e. no support for Forward Secrecy in browsers via
    • Android 2.3.7
    • IE 6 /XP
    • IE 8 /XP
    • OpenSSL 0.9.8 some versions
    For Centmin Mod Nginx SPDY/SSL users following Nginx HTTPS / SSL Google SPDY configuration should get you setup for Forward Secrecy (via Elliptic Curve cryptography (ECDHE) algorithm) for browsers that support it.

    i.e. for this forum Qualys SSL Labs - Projects / SSL Server Test / community.centminmod.com (yeah certificate up for renewal so getting a new SSL wildcard certificate for centminmod.com domain soon) :)
     
    Last edited: Aug 10, 2014
  6. hungphutho

    hungphutho Member

    55
    35
    18
    Jun 2, 2014
    Ratings:
    +35
    Local Time:
    9:26 AM
    1.7.2
    Percona 5.6
    @eva2000 I use the Netcraft toolbar for chrome , I see problem security warning Heartbleed on community.centminmod.com
    Link
    Code:
    http://toolbar.netcraft.com/site_report?url=https://community.centminmod.com
    I do not know about bug Heartbleed , Heartbleed Bug
     
    Last edited: Aug 12, 2014
  7. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    12:26 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    that toolbar is wrong, do a propper heartbleed test at Qualys SSL Labs - Projects / SSL Server Test / community.centminmod.com or Test your server for Heartbleed (CVE-2014-0160) :)

    Code:
    Heartbeat (extension)    Yes
    Heartbleed (vulnerability)    No (more info)
     
  8. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    12:26 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  9. hungphutho

    hungphutho Member

    55
    35
    18
    Jun 2, 2014
    Ratings:
    +35
    Local Time:
    9:26 AM
    1.7.2
    Percona 5.6
    sad :(
    Code:
    https://www.seroundtable.com/https-google-adsense-19035.html
     
  10. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    12:26 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ouch that ain't good at all for folks counting on adsense

    first comment on that site says Adsense web site mentions this specifically at AdSense ad code support for SSL - AdSense Help

     
  11. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    12:26 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    But I guess with Google adding https SSL to ranking signal, over time more advertisers within Adsense would themselves move to https SSL compliant ads and thus the Adsense revenues for publishers would rise back to normal levels.

    The question how much time would it take for advertisers to move to https compliance and how much time it takes for adsense rates to go back up

    Also advertisers would have incentive to move to https now, as they know without being https compliant, their ads won't have maximum coverage and exposure
     
    Last edited: Aug 22, 2014
  12. Peter Downey

    Peter Downey Member

    64
    24
    8
    May 28, 2014
    Ratings:
    +27
    Local Time:
    10:26 PM
    I totally agree. I have a feeling that this will be a problem in the short term, but in the long run things will slowly get back to normal.

    That being said, I feel like a lot of the internet is slowly moving away from adwords and moving towards stuff like affiliate marketing and sponsored posts. On the few websites that I write for, a much larger portion of my monthly earnings come from that type of content. A dependable stream of adsense revenue is nice to count on month to month though too.
     
  13. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    12:26 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah affiliate and sponsored ads just provide better control for webmasters to properly target their visitor audience. Afterall, who knows their audience best :)

    I guess SEO folks and web sites can do their part in speeding up this transition by hammering at the message to advertisers that non-https compliance reduces advertiser's maximum exposure and that they should become https compliant ASAP :)
     
    Last edited: Aug 22, 2014
  14. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    12:26 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    interesting web site https SSL web site adaption and usage stats at SSL providers Web Usage Statistics

    Looks like top 10k sites has the most dramatic SSL usage increase for Comodo SSL and Comodo Positive SSL certificates. The Top 100k sites a minor bump and top 1 million sites actually a drop.

    ssl_trends_220814.png
     
  15. Floren

    Floren Active Member

    148
    77
    28
    Jun 6, 2014
    Ratings:
    +77
    Local Time:
    10:26 PM
    SSLabs do not check for old browser presence, but rather if you have the ciphers enabled on your server for proper forward secrecy:
    Qualys SSL Labs - Projects / SSL Server Test / axivo.com

    capture.png

    @Bubka3, with robust forward secrecy you will lose some key exchange points. But to myself, it is much more important to have proper forward secrecy configured on your server.
     
  16. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    12:26 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    @Floren what's your cipher suite order ? only difference from FS with most browsers vs FS with modern browser score, I see from Security Labs: SSL Labs: Deploying Forward Secrecy | Qualys Community is supporting DHE ciphers and Google doesn't even support DHE ciphers anymore (Qualys SSL Labs - Projects / SSL Server Test / google.com)

    with my FS with modern browsers, FS is lost on ancient browsers such as Android 2.3.7, IE 6 XP, IE 8 XP which are ancient and don't even make up 0.6% of my traffic.

    7 out 13,305 sessions are XP with IE 6 + 8 = 0.53%. I am actively encouraging visitors to update their browsers too Browser Update Reminder | Centmin Mod Community :)

    ga_xp_browserstats_00.png
     
    Last edited: Aug 23, 2014
  17. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    12:26 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    More interesting SSL statistics which are updated monthly Trustworthy Internet Movement - SSL Pulse

     
  18. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    12:26 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  19. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    10:26 AM
    Mainline
    10.2
    What is it by the way?
     
  20. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    12:26 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    sharding domains = dividing your page elements to several hostnames like you would do for CDN usage

    i.e. sharding centminmod.com would be serving css and images via

    hostname1.centminmod.com
    hostname2.centminmod.com

    instead of serving all SPDY SSL requests via just one domain

    centminmod.com

    The reason is part of the benefit of SPDY SSL as outlined at Nginx HTTPS / SSL Google SPDY configuration is

    So you use one TCP connection to serve all page element requests via SPDY SSL. If you split the hostnames (shard them), then you're using more than one TCP connection. Of course you could offset that if your sharded domains are also SPDY SSL based. So like on this forum, using the KeyCDN CDN service via SPDY SSL Nginx PageSpeed - If I'll try to use CDN | Centmin Mod Community you'd end up funneling all page element requests via 2x TCP connections (community.centminmod.com and cdn served SPDY SSL hostname) rather than single TCP connection = community.centminmod.com. Still better than several dozen http requests in non-SPDY SSL setup :)