Table of Contents
SSL Certificates are data files that digitally bind a cryptographic key to a company or organization’s details. This includes validating a domain name, server name, and hostname, to an organizational identity (i.e. your businesses name) and location.
In laymen’s terms, an SSL Certificate is what makes a website secure and trusted. It activates the padlock and http protocol, allowing secure connections to take place from a web server to a browser.
Millions of websites depend on an SSL Certificate to keep their customers secure and safe, and free from hackers and malicious malware.
In a nutshell, it’s about trust and safety.
Google wants to protect its customers, and if your website can’t guarantee their data and safety, that reflects badly on them, too.
Recent updates to Google’s algorithm has thus prioritized websites that carry the SSL Certificate and penalized those that don’t possess it.
It makes sense, when you think about it: by prioritizing websites that ensure their customers safety, Google provides a superior experience for the browser that instills confidence in the user.
Here’s what a Secure SSL Certificate appears like in your browser:
And here’s an unsecure connection:
As you can see, it’s immediately visible to your prospective customers whether or not your website is secure. And if your website lacks security, it’s safe to assume it’s also losing money.
A Google search will return countless SSL Certificate providers that can issue the security your business needs to trade with confidence.
Most popular hosting & domain websites also issue SSL Certificates, including the likes of Hostgator, 123-Reg, and GoDaddy to name a few.
One common misconception is that it’s a necessity to purchase your SSL Certificate directly from the same company you use for your hosting. However, this isn’t true – you can purchase an SSL Certificate from a separate company which also works effectively.
And, just like a domain name, an SSL Certificate also needs to be renewed on a yearly basis.
A common misconception is that only one type of SSL Certificate exists for keeping your site secure.
There is a variety of SSL Certificates, however, including:
Domain Validated Certificate: The most common, the Domain Validated Certificate provides assurance to your customers that they’re secure on your site. It’s useful for e-commerce and and areas where transactions may take place between your business and the consumer.
Company Validated Certificate: Adding an additional layer of assurance to your customers, a Customer Validated Certificate requires additional documentation to certify your company’s identity. It is similar to a Domain Validated Certificate, but generally beefs up consumer confidence when browsing your website that it’s secure and free from fraudulent practices.
Extended Validation Certificate: Taking things to the next level, an EV Certificate requires you to verify your business’ identity and domain, by undergoing a series of checks and validations.
The main advantage to an EV Certificate is that the green HTTPS bar that you see in your browser is unique to them, and lets your customers know they’re interacting with a validated and legitimate business/domain.
Wildcard Certificate: A Wildcard SSL Certificate provides SSL encryption on unlimited subdomains using a single certificate. However, the subdomains must have the same second level domain name if you go with this option.
Multi-Domain Certificate: As the name suggests, a Multi-Domain SSL Certificate allows you to register and secure up to 210 domains with just a single certificate. If you have variations on your domain name, this is particularly useful (i.e. marketing.com, marketing.net, marketing.uk, etc).
The first step involves generating a CSR. This identifies which server uses your certificate, in addition to which domain names you’ll use for the SSL Certificates.
You can usually do this by logging in to your hosting servers control panel (i.e. Hostgator or GoDaddy) and requesting it from there.
The next stage is to purchase the certificate from a reputable provider, as previously outlined. Many domain and hosting companies will provide you with the option to add this service in your control panel and purchase directly from them.
After purchasing the SSL Certificate, there may be a short period before your request is approved due to the verification of your details.
You should then notify your host directly and ask them to upload the SSL Certificate onto your website.
If they’re unable to do this, you have the option to do it manually via FTP. However, this requires some programming knowledge, which many find overly complex. You can contact us personally and we can assist you if this is the option available to you.
Once the verification is approved you’ll be granted your certificate. The next task is to install it onto your server.
If you’re using a WordPress based website, you can download the plugin Really Simple SSL. Once installed, activate the plugin in your dashboard.
When returning to your main dashboard, Really Simple SSL will then prompt you to activate your SSL Certificate.
Your website should now be running on a secure connection and served up on HTTPS. You’ll have to log back in again now that it is running on its new, secure connection.
To verify the plugin is working, go to your settings in your dashboard and check under SSL.
If you’re not able to use the plugin, you can do it manually – as aforementioned – via FTP. We can provide assistance for this complex method if you contact us here, we’ll be happy to provide support.
If you’re installing it via FTP, the process will be slightly different.
1) nform Your Host: If you purchased the SSL Certificate elsewhere, you will receive some complex code via Email. You’ll need to provide this security key to your host by contacting them via the control panel of your hosting.
2) Alter Your Config Files: You now need to alter your configure.php files. They’ll be located in (path to catalog)/includes/configure.php, and (path to catalog)/admin/includes/configure.php.
3) Set the SSL to “True”: Within includes/configure.php, set the SSL to “true” and it should look something like below near the top, if you assigned the SSL to your website:
define(‘HTTP_SERVER’, ‘http://www.yoursite.com’);
define(‘HTTPS_SERVER’, ‘https://www.yoursite.com’);
define(‘ENABLE_SSL’, true); // secure webserver for checkout procedure?
define(‘HTTP_COOKIE_DOMAIN’, ‘.yoursite.com’);
define(‘HTTPS_COOKIE_DOMAIN’, ‘.yoursite.com’);
4) Add an “S” after all http’s: Within admin//includes/configure.php, set the SSL to “true” and be sure to add an “s” after all the http’s. If done correctly, it will look like this:
define(‘HTTP_SERVER’, ‘https://www.yoursite.com/’);
define(‘HTTP_CATALOG_SERVER’, ‘https://www.yoursite.com/’);
define(‘HTTPS_CATALOG_SERVER’, ‘https://www.yoursite.com/’);
define(‘ENABLE_SSL_CATALOG’, ‘true’); // secure webserver for catalog module
5) Save And Upload: Be sure to save and upload your configure.php files to their relevant directories, using your tool of choice or FTP tool.
After completing these steps, your SSL Certificate should be running smoothly on your website. Congrats!
Now that you’re aware of the importance of the SSL Certificate and the added benefits it brings to your site, it’s your duty to install it ASAP to stop losing money for your business and enhance your customers confidence when browsing your website.
If you have any problems installing the certificate, don’t hesitate to contact us personally and we’ll be more than happy to complete the process for you.