The Core

Just for seo boost?

Commodo ssl are fine. 9 bucks at namecheap.

Comodo and Go Daddy certs are the same level in my book. I don't want to use either. There were a lot of Comodo issues in the past that swore me off of them (although I have a few remaining). DigiCert seems a lot more reputable in this market, although I'm seriously looking at Let's Encrypt certs for a lot of sites.

Thanks for the heads up on Komodo, we have bought them from PAIR but for remote vpn. Will look into the other suggestions. Does the EV level certificates really carry extra kudos ? Such as the green address bar and the extra vendor checks, etc. Noticed not alot of green url bars on many a site.

Many reasons for it. However one of our WP sites has managed to get about 5% of its pure http pages listed as https (which don't exist) on google. Effectively they resolve as an incorrect setup server page; which is definitely bad for ranking/business. Though I've added some rules to stop the indexing of https, I've been warned this could lead to bigger issues.

I'm thinking of taking advantage and redirecting the site to https on an EV level certificate to get a boost. So really its a technical solution and if there is any temporary seo boost great.

>>SEO boost

>Are you seeing one from moving to SSL?

I've not switched any yet, but will be soon. New sites get SSL and seem to respond more quickly. I've got anecdotal info from peers of it helping.

>don't want to say more than that on the outside.
same

>There were a lot of Comodo issues in the past that swore me off of them (although I have a few remaining).
Really...I've not had any problems, using on a few sites. What issues have you run into I may need to look out for?

>RapidSSL is a cheaper Geotrust, and preferable to Comodo.
What's preferable about it?

>Many reasons for it. However one of our WP sites has managed to get about 5% of its pure http pages listed as https (which don't exist) on google. Effectively they resolve as an incorrect setup server page; which is definitely bad for ranking/business. Though I've added some rules to stop the indexing of https, I've been warned this could lead to bigger issues.

I think you should have your entire site either SSL or not, and not doing so is causing you problems. If you want ssl, all your http should redirect to https.

My understanding is the boost is simply from properly set up SSL, nothing to do with type or level. EV level stuff is only for the verified business info and green bar, overkill for most sites.

Quote from: Drastic on August 11, 2016, 05:34:18 PM

I think you should have your entire site either SSL or not, and not doing so is causing you problems. If you want ssl, all your http should redirect to https.

Agreed. And check your redirect hops. Our devs originally set it up so that each redirect action, including http -> https was a hop. So if we had a URL that was used in print in the form

Very true gents. It was pure HTTP until a limited number of non existent HTTPS pages listed in the index. Checked all the 301's (all dating back to 2015) nothing obvious that would affect approx 4% of pages from a 3000 page site. Started about 3-4 weeks ago (when I noticed the issue). May have been when WC2.6 was released or a kin. Thinking about it a google analytics plugin went on the fritz around about then also. No idea where google is getting the https from, screamingfrog finds none. Hence why I'm thinking to buy a certificate and turn the entire site https; least the currently index https pages will resolve properly rather than pick up penalties. The EV cert was just trying to stand out a little. My logic is probably skewed on the matter.

>There were a lot of Comodo issues in the past that swore me off of them (although I have a few remaining).
Really...I've not had any problems, using on a few sites. What issues have you run into I may need to look out for?

I've not had specific issues with the certs themselves (my remaining ones are from Pair too), but rather the company as a whole. They have a pretty cavalier attitude toward security that hasn't improved over the years.

Some examples:
They'll issue a cert for just about anyone. Back in 2008 here's a story where someone got a Mozilla.com cert just for asking https://blog.startcom.org/?p=145
Then there was ComodoGate https://www.f-secure.com/weblog/archives/00002128.html in 2011 where they did essentially the same thing again.
On the side they release products that are themselves security threats, like their browser http://www.pcworld.com/article/3029435/security/custom-web-browser-from-comodo-poses-security-threat-researcher-says.html , and their 'security kit' http://www.theregister.co.uk/2016/02/18/comodo_flaw/
Most recently they were just being dicks trying to trademark "Let's Encrypt" https://letsencrypt.org/2016/06/23/defending-our-brand.html

There are more examples out there, but after years of this sort of news I actively try to stay away from their products.

>>SEO boost
http://searchengineland.com/googles-https-algorithm-two-years-later-still-looks-url-give-ranking-boost-261156 - "Google’s HTTPS algorithm still only looks at the URL to give ranking boost"

They don't even care about mixed http/https