As you know, Google is giving a tiny ranking boost to HTTPS URLs.
But I was under the impression the HTTPS URLs must be really secure and that broken/invalid SSL certificates and content mismatch errors would invalidate the ranking boost. I was wrong!
Google's John Mueller told me in a Google+ Hangout yesterday that Google will currently give the tiny ranking boost even if there are errors, if the URL is HTTPS. He said that may change but right now, since it takes time for webmasters to switch over and deal with the HTTPS/SSL migration quirks, they are being very easy on the requirement.
So right now, even if the URL is really not 100% secure, even if you use a low-bit encryption key, Google will give you the HTTPS ranking boost (whatever that may be).
Google's John Mueller implied Google will get stricter in the future by possibly enforcing that ranking boost only on higher level and newer SSL certificates (i.e. 2048-bit key certificates) and by checking that it doesn't have security errors on the page.
Google does use mismatch errors when there is no redirect from HTTPS to HTTP, and Google has to choose a URL. But not for the HTTPS ranking boost.
John Mueller said this 17 minutes and 47 seconds into the hangout. Here is the video:
Here are our past stories on the HTTPS ranking signal in Google, yes a bit obsessive covering this:
- Going HTTPS/SSL Will Now Give You A Ranking Benefit In Google
- Google HTTPS: Run On A Per URL Basis In Real Time & Not Part Of Panda
- Google News Publishers Can Switch To HTTPS
- I Just Migrated This Google News Site To HTTPS
- My HTTP To HTTPS Status Report For RustyBrick
- Google Change Of Address Tool Does Not Support HTTPS Migration
- Google AdSense Earnings Drop With HTTPS Migrations
- Google's Feedburner Doesn't Like HTTPS Source URLs
- SEO Says: I Switched To HTTPS & My Google Rankings Dropped
- A New SEO Business: Selling SSL/HTTPS Links
Forum discussion at Google+.