What comes to mind when you see that word? Now, add Internet before it. Internet security. Does your perception change?
Before we get too far into this expansive subject, let’s imagine a scenario. You’re looking to buy a brand new—let’s say—home appliance online. Obviously, you can go to a major online retailer, but you’ve stumbled across a website offering the EXACT same product for half the cost. It looks legitimate enough, so you proceed. After adding it to the cart and hitting the checkout button, something seems off. There’s no padlock or green address bar indicating that you’re using a secure connection. Do you continue and put in your credit card information? Or do you leave immediately? You’re probably (and hopefully) going to do the latter.
Although this example is on the “quite obvious” side (who would go to a sketchy site and purchase something?), it does highlight a bigger problem: hackers, identity thieves, and security. Unless you’ve been living under a rock over the last couple of years, you’ve most likely read—or watched—something pertaining to Internet security (or lack thereof). One of the best lines of defense against the “bad stuff” on the Internet is through the use of SSL certificates.
What Is SSL?
According to Internet Week, “SSL, which stands for Secure Socket Layers, is the standard security technology used to ensure the information traveling between an individual’s web browser and a server remains secure. Virtually all kind of private information transmitted across the Internet—from emails to credit card transactions—is transmitted using SSL. Though there are variants on the SSL protocol, some form of it is in place on more than two thirds of all web servers.”
How Does It Work?
In its simplest form, SSL works by encrypting and decrypting data. When an SSL certificate is issued, there is a public and private key. The public key is used to encrypt the information and the private key is used to decrypt the information and restore it back to its original state.
Why Is It Important?
Let me ask you a simple question: when you leave your house, do you lock the doors? The answer is probably an emphatic yes. Locking your doors is the first line of defense to prevent criminals from breaking in and stealing your valuables. In the same way, adding an SSL certificate is the first line of defense for your website. It protects user’s information—and general traffic—that is being transmitted between the browser and server.
Let me ask you another question: do you care about website rankings? Specifically, do you care if you’re at the top of Google searches? As of August 2014, Google implemented HTTPS as a ranking signal. That means that sites that use HTTPS will (theoretically) rank higher in their search results than websites that don’t use HTTPS.
So, at this point, your eyes are either glazed over or you’re giving SSL certificates a serious thought. But what’s next? Where do you go from here?
Well, first thing’s first: figure out whether or not your hosting provider allows third-party SSL certificates to be installed on their servers. Godaddy does not allow third party SSL certificate installations on their servers—you MUST purchase their SSL certificates. Other hosts are a little more lenient. Check with your hosting provider first before rushing out to buy a certificate.
Once you have the above information in hand, you need to figure out which certificate to purchase. There are three main types:
- Domain Validation — Validates a single domain (e.g. example.com)
- Wildcard — Validates a domain along with its subdomains (e.g. *.example.com)
- Extended Validation — Not only validates the domain (and all it’s subdomains), but will also validate the business to make sure you are who you say you are
* Disclaimer: Names may vary depending on whom you’re purchasing them from.
Depending on your hosting provider, you may or may not need to do anything else to install it. Most hosting providers will install the certificate for free (or for a small fee) if you purchase the SSL certificate from them. If you decide to go with a third party certificate, you’ll have to take a couple extra steps to get everything up and running.
Once the SSL certificate has been installed, you need to ensure that all web traffic is using your newly installed SSL certificate. Here’s a list of common things you’ll need to check to take full advantage of your SSL certificate:
- Ensure all of your internal links are using HTTPS. This includes your JavaScript, CSS, and image files.
- If you’re using WordPress, you can set FORCE_SSL_ADMIN in your wp-config.php file that will do just what it says: enforce HTTPS when using the admin area of your site. This ensures that all usernames and passwords are encrypted and not sent in plaintext. To enable it, open your wp-config.php file in a text editor, add
define( 'FORCE_SSL_ADMIN', true);, and then save and re-upload to your server. - Redirect your traffic from HTTP to HTTPS. If you’re using Apache, you can simply add this to your .htaccess file:
RewriteEngine On.
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
This will ensure that all if a user types example.com, they’ll be seamlessly transferred to https://example.com.
Once all that is done, your website should be using HTTPS to transmit information to and from the server. Although this is just a small foray into SSL certificates, there is plenty of information out there to help you if you get stuck at some point in the process. If you don’t feel comfortable with all this, contact your web design/development company and start a conversation with them. They should be able to answer your questions and get SSL set up on your site. Don’t have a design/development company? Contact us and we’ll make sure you have a great (secure) website for your business!
