On April Fools Day, of all days, Google announced their efforts in improving SSL certificate security. Part of this announcement confirmed that during Google's web crawl, they gather data on the SSL certificates they run into.
Google said they store three data points for when it comes to accessing SSL certificates, they include:
- The first number is the day that Google's crawlers first saw that certificate
- The second is the most recent day, and
- The third is the number of days we saw it in between
For that certificate to pass, it must be correctly signed (either by a CA or self-signed) and it must have the correct domain name, one that matches the one Google used to retrieve the certificate.
So Google here tells us they are crawling, indexing and storing this data on SSL certificates found on the web.
Can it be used for ranking purposes? Why not?
I mean, does Google want to send searchers to sites that have invalid security certificates? I doubt it. But does Google want to lower the ranking of such sites? It is not like the sites have malware or hacks.
A WebmasterWorld thread has discussion around this new effort from Google and if Google may or currently does use this for ranking web pages.
What do you think?
Forum discussion at WebmasterWorld.