Expansion of Google Chrome, Gmail, Android, etc. made a Google a primary requirement of every individual; whether it’s an internet surfing, product/question searching, emailing, file sharing, etc. Google is the first choice of each user. This made Google to think about security and privacy of its users. To provide better privacy and security Google has adopted SSL Certificate for all its services which offers a secured connection and there will be no risk of data theft, it also offers an encrypted search as well.
Let’s talk about Internet Marketing and Search Engine Optimization; in August 2014, Google announced HTTPS as a ranking Signal. Which simply means if a website which is protected with SSL Certificate (HTTPS) will get ranking benefits in terms of SEO.
SSL Certificate comes up three types as Domain Validation, Organization Validation and Extended Validation which are signed by Trusted Certificate Authority (CA) and all web & mobile browser trust them as well. A user can adopt any of these certificate for 1-3 year of time limit.
But in case of Self-Signed SSL Certificate, they were signed by the issuer itself which means they are not signed by trusted CA and web browser will display an error message for un-trusted connection. This make Google to think about whether to trust Self-Signed SSL Certificate! Finally, Google Announced not to trust Self-Signed Certificate for flagged it from SEO ranking signal.
Why Google Flagged Self-Signed SSL from Ranking Signal?
Since Google announced Ranking Boost with HTTPS page, the web crawler was only checking whether a page having HTTPS or not, it never checked that page is working https or not. Invalid HTTPS can put user in a risk of information. So Google team have now powered web crawler and create methods which first checks whether the Certificate is valid or not before giving rank to that website/webpage. If we talk about Self-sign certificates, it is the same situation we’ve discussed above. It is not trusted by most web browsers and it contains some privacy related factors which can put user at a critical risk.
Google’s Webmaster Trend Analyst John Miller twitted about this issue as “Self-signed usually won’t work in browsers, so we’d flag that.”
@Ebrarkahn Self-signed usually won’t work in browsers, so we’d flag that. I’d use https://www.ssllabs.com/ssltest//a> to check the current state.
— John Mueller (@JohnMu) January 6, 2016
If your website is strengthening with content and if you really care about search engine and online reparation of your website, it is better not to install self-sign SSL certificate and get a valid SSL Certificate from a trusted certificate Authority.
Important Resources to Read