SSL Validity A Factor In Google's Ranking Algorithm?

Apr 7, 2011 • 8:51 am | comments (12) by twitter Google+ | Filed Under Google Search Engine Optimization

Google SSLOn April Fools Day, of all days, Google announced their efforts in improving SSL certificate security. Part of this announcement confirmed that during Google's web crawl, they gather data on the SSL certificates they run into.

Google said they store three data points for when it comes to accessing SSL certificates, they include:

  • The first number is the day that Google's crawlers first saw that certificate
  • The second is the most recent day, and
  • The third is the number of days we saw it in between

For that certificate to pass, it must be correctly signed (either by a CA or self-signed) and it must have the correct domain name, one that matches the one Google used to retrieve the certificate.

So Google here tells us they are crawling, indexing and storing this data on SSL certificates found on the web.

Can it be used for ranking purposes? Why not?

I mean, does Google want to send searchers to sites that have invalid security certificates? I doubt it. But does Google want to lower the ranking of such sites? It is not like the sites have malware or hacks.

A WebmasterWorld thread has discussion around this new effort from Google and if Google may or currently does use this for ranking web pages.

What do you think?

Forum discussion at WebmasterWorld.

Previous story: Google AdWords Position Preference Going Away



04/07/2011 01:07 pm

Adding that as a ranking factor would be Google just once again trying to push mom and pops aside. I know very few everyday sites that use SSL in general.

Alistair Lattimore

04/07/2011 01:51 pm

It isn't going to be about pushing smaller operators to the side, if your site has no need/requirement for SSL - of course Google aren't going to penalise you for it. If they did, they'd be penalising a massive percentage of the internet - which doesn't make a lot of sense. If on the other hand you do use SSL for various secure activities & it is configured incorrectly - it makes a lot of sense to me that they might leverage that. Consider that browsers already put up warning signs if they find a error in an SSL certificate, Google already implements malware checking in their crawl and SERPs. Sending a user to a site that requires SSL but that is incorrectly configured isn't that different to sending them to a site with malware.


04/07/2011 03:03 pm

OK, maybe I'm just the idiot on the page (that happens a lot!), but exactly how would one set up SSL for a site, and wouldn't that block the average visitor from gaining access to the content without setting up a login and whatnot? Sorry, I just don't know anything about SSL outside of FTP.


04/07/2011 04:31 pm

Not at all. SSL simply means the data is being encrypted before its sent. Basically when you see https instead of http on the site.

Michael Martinez

04/07/2011 04:58 pm

Okay, that makes my head spin. I'm not sure about whether it could be used to directly influence rankings but it does make sense that they might use this test to create an inclusion filter to try to flag or filter out malware sites.


04/07/2011 05:25 pm

I used to ask every client (3 to 4 years ago) that was serious about top 10 placement to purchase a ssl - I believed then it helped Google identify the site as valid and public. It seemed to help back in that day - then goog had all kinds of problems separating out the indexing of internal pages being http or https - I could not control the back linking they would find out there and any internal link they found on the crawl that had a https set in motion indexing all the others they found as https - what a mess - dropped that ssl strategy and it seemed to have no effect what ever on top 10 placement - do you think they are bringing this back in?


04/08/2011 05:41 am

I don't think just by getting a SSL certificate, we can improve the organic rankings. However if Google is continuously tracking this information, it might push down sites that have invalid security certificates.

Sean Supplee

04/08/2011 07:40 am

hmmm its a good possibility and one I am going have to look into. Forking over a few extra bucks and taking the time to get certified might every well be worth it.

Krish India

04/08/2011 10:41 am

Don't understand how having SSL will improve the organic rankings. IMHO, its a visitor distracting element even if Google thinks how valid it is. Will Google penalize sites for this?


04/08/2011 03:25 pm

these were the issues I saw first hand with SSL's on the whole site. Slowed load time to a crawl for some sites = highly potential negative impact on visitor usage (bounce rate) and search engine crawl times thus ranking. Indexing of some pages of the site as http and others https depending on how (from where and what link) and when goog crawled into the site, found the pages and indexed ( this was before xml sitemaps option and other ways no standard to feed goog the correct http / www preference) had to set up all internal "elements" linking to fit https connection if used otherwise that goofy warning screen comes up and users may leave asap ... that increase site management and testing times and again the loading of graphics and other elements slows overall load times ... if you have frames or iframes they should not / could not be used to load ssl pages with most certifications (prevents fraud) and I could come up with other problems I discovered back then if I thought about it - when I saw google had a https connection now I could not believe they would go in that direction based on my past experience with SSL's for general use (shop carts excluded and essential) - I built over 120 sites now and support 85 daily so I hope and think this info is helpful and valid for general review.

Blackball Online Marketing

04/08/2011 03:38 pm

Interesting. Haven't pursued the eCommerce angle yet. Coming sooner than later so this is a heads up. Makes sense though. Just another signal of trust. I don't mind when Google does this, I think it strengthens the SERPS and lessens the MLM and spam kings. Put up a barrier or 2 and see if the lazy take the time. Great insight.


04/10/2011 05:43 pm

The interesting information to get from an SSL certificate is the identity of the business behind the site. Not the domain name, the business name and address. "Domain control only" certs don't convey any useful information.

blog comments powered by Disqus