Adding SSL to existing non e-comm site

[Silverback]

We have a site that has been active for 3 years and generating consistent profits lines and constant traffic. The site has never had SSL certificates partly because we have been test-marketing the market niche. It is now time to get serious and we are about to apply SSL to the existing site. Since there is no e-commerce platform that can accommodate the unique attributes of our requirements, it is our intention to change the links to the necessary pages within the site from an http: location to an https: location as well as do a 301 redirect in the .htaccess to change the server direction.
Is this all that needs to be done once we have the SSL certifucate properly added to the server or is there something that I am missing?

Thanks for your asistance

Silverback

[wige]

Well, the first thing to be aware of is that SSL can cause duplicate content. Most installations will allow your pages to be viewed as either HTTP or HTTPS. Redirects will help, but if you follow this method you would need to make sure that you have redirects for all possible URLs.

One possible solution may be to put all your secure content in a single top-level folder, for example called secure. You could then accomplish the redirects by looking for that folder name.

[SnerdeyWebs]

I'd totally contact your current host as they can advise in detail of what all your choices are and even if SSL is the direction to go.

[Silverback]

Wige - Thanks for the sound guidance. It seems reasonable to me but I was under the impression that search engines like google did not index https pages.
Clearly, I am at the bottom of the big learning cliff here!

SnerdeyWebs - I will certainly contact my host as you suggest. Given my lack of experience however and my understanding of SSL, what are some of the other options to SSL that would give visitors the "visible and recognizable" security that is associated with a certificate and allow the comfort level to carry on doing business?

Thanks for the advice

Cheers

[wige]

As far as search engines, they will crawl https pages, but they don't like it - encrypting and decrypting secure pages requires more processing both for your own server and for the search engine, so encrypted pages often are crawled less often. But as mentioned, they can be a source of duplicate content if you don't take the extra step of setting up redirects.

If your visitors are going to be sending personal financial data to your site, there really is no alternative to having an SSL certificate. Not only is it the best (only) way to assure customers that the data is being transmitted securely, in some countries it is required by federal law for certain types of data.

You do need to make sure that the SSL encryption is implemented for maximum benefit however. For example, the SSL certificate provider will generally give you a seal that shows you use their certificate on their site. Make sure that seal is displayed near every form that requests data users may be unsure about providing. Also, although you only need to encrypt pages that recieve sensitive data from the user, or display sensitive data to the user, you would also want to encrypt the next closest page as well. The page that users use to enter the sensitive data or to request it should be encrypted. This provides absolutely no improved security, but it gives the user a way to verify that SSL has been installed and implemented.

However, if you are only collecting, for example, contact information or other non-financial and non-medical information, the concern of customers is often more privacy than security. Most web users aren't as concerned about sending their e-mail address unencrypted as they are about knowing what you are going to do with that address once you get it. In this case, I think you would get a better ROI from a privacy seal from TrustMark or (better) from Truste. These seals help assure customers that you will keep their data private.

[Silverback]

Since the information collected is relatively detailed and in many cases personal, we will certainly be implementing SSL and I will follow your recommendations Wige as they seem logical and useful to our needs.

Many thanks for your insight and knowledge

DCM