During the SMX West panels last week, Google’s Gary Illyes said on the How to Secure Your Site for Google’s HTTPS Algorithm that about half of all the security certificates on the web just isn’t sufficient, but broken. Currently, he’s trying to address the issue in the Google search results.
Gary is working on a way to flag sites that have these broken security certificates. The result is that when a user does any searching on Google, they are warned in some fashion before clicking on a HTTP web page that isn’t secure. There are too many times when an HTTPS web page will be invalid simply because the page is referencing an image URL that is either not secure, or the third party content or widget isn’t secure.
How “broken” does a page certificate have to be for Google to issue a warning on the search results? It’s currently unclear, but as Gary has stated, this is something that he is experimenting with internally. He isn’t even sure if the experiment will be seen by anybody outside of Google.
There’s the possibility that Google is working on boosting the ranking of secure login pages even more than they do with the normal HTTPS ranking boost.