This week Netcraft reported that there are now 1 million websites with valid SSL certificates on the Web. Only certificates issued by trusted third parties were included in this number.
In a study by Venafi from 2007 (referenced here), 18% of the Fortune 1000 websites had expired SSL certificates. If that ratio still holds true, and holds true for the rest of the Web as well, it means that in addition to the 1 million websites with valid SSL certificates there are 219,000 websites with expired SSL certificates.
Even the big guys have on occasion forgotten to keep their SSL certificates up to date. Both Google and Yahoo have had incidents with expired SSL certificates.
18% sounds a bit high to us, but even if we cut the number in half we still end up with more than 100,000 websites that have expired (i.e. invalid) SSL certificates. That’s a lot.
Web browser warnings will scare site visitors away
Considering how strictly new browsers handle invalid or self-signed SSL certificates, (we wrote a widely discussed post about this a while back), this is definitely something to keep in mind if you have a website that makes use of SSL (for example to secure a shopping form or login function).
To keep a long story short: Make sure your SSL certificate is kept up to date or you will see a significant amount of visitors simply flee your site when their browser starts to show warning messages that your site isn’t to be trusted.
Image from the Crystal project.