Get started with SSL (https:)

When doing business with your customers online, you might need to ask for your customers' information at some point – for example, if they're signing up for your newsletter or placing an order. To help protect your customers' information, there's a technology called "SSL" (Secure Sockets Layer) that encrypts data traveling between a web browser and a web server. Web addresses that are secured with SSL begin with https: rather than http: so some people refer to SSL as "HTTPS." When collecting certain personal and financial information, AdWords requires the use of SSL connections on your web page.

Benefits of SSL

Using SSL provides greater privacy and security than an unencrypted web connection. It reduces the risk that information might be intercepted and misused by a third party. Many site visitors feel more comfortable sharing payment and other personal information when they know they're using an SSL connection.

Checking for SSL on web pages

Most web browsers show a lock icon when an SSL connection is established. See Google's Chrome browser SSL indicators as an example.

The most straightforward way to check for SSL is to enter the web address into your browser with https:// at the beginning -- for example, https://adwords.google.com. If you see a lock icon in your browser, then click it for additional information to confirm a secure connection. If you don't see a lock icon, then the page isn't secured with SSL.

Note that many websites only use SSL on certain pages where sensitive information, like a password or credit card number, is transmitted.

Setting up SSL on your website

If you don't have SSL and need to implement it for one or more pages on your website, here are the main steps:

  1. Get an SSL certificate for your website. An SSL certificate is an electronic document that verifies your business identity and allows a web server to establish a secure encryption with a visitor's web browser. As with website hosting, there are many SSL certificate providers and options available. You might want to check with your existing web host to find out what SSL certificate offerings they have available and whether they can assist with certificate installation. The most affordable option typically offered by web hosts is called a "shared certificate." Using a shared certificate is acceptable for satisfying the AdWords SSL policy requirements.
  2. Install the SSL certificate on your web server. The installation method will vary depending on your web server and the type of certificate you purchase. Specific installation instructions, resources, and support are typically offered by your certificate provider or your web host.
  3. Identify pages on your website that you want to secure with SSL. The most secure websites use SSL across their entire site. AdWords policy, however, only requires that you use secure connections on pages that collect or transmit certain personal and financial information, like personal login passwords, contact details, or bank account numbers.
  4. Edit links to the pages (and page elements) that you want to load securely. For any pages that you want to load securely, change the links to those pages to read https:// at the beginning instead of http://. For example, if you wanted to change http://checkout.google.com/login.htm to be secure, you would change all links to that page on your website to https://checkout.google.com/login.htm. You may also want to set up server redirects to automatically route people who try to visit an insecure URL, like http://checkout.google.com/login.htm, to a secure connection, like https://checkout.google.com/login.htm.
  5. Test to verify that your pages are secure. Try visiting all of your new secure pages using at least two different modern browsers that your typical site visitors might use. If you see a lock icon in your browser, then click it for additional information to confirm your connections are secure. The most common error is having "mixed content" on an https: page. That means one or more elements (usually images, flash files, or CSS files) are being loaded on an https: page using a non-secure http:// URL. Most modern browsers will list insecure resources on mixed content pages in their Javascript console (in some browsers, it may be called the "Javascript debugger"). To fix these problems, examine the HTML code for the page and do the following:
    • Search for http://
    • Replace any instances you find with //
    • Save the changes to your web server and try testing again.

If you're still having problems getting mixed content warnings on the page, it's most likely the result of problems within your Javascript or flash code.

The cost of SSL

Fees for SSL services vary. As of March 1st, 2012, many SSL certificate providers offer one-year certificates for less than $100 USD. Many web and e-commerce hosts offer basic SSL services as part of web hosting packages at no additional charge.

Next steps