You’ve probably heard about some of the benefits by installing SSL on your website, but have you actually done it yet? Many people are reluctant to get their own SSL certificate because they think it’s a very technical process, and would require a developer to set up.
SSL is an abbreviation of Secure Socket Layer, and if that didn’t sound technical in itself, browsing through different certificates for sale where they often use even more confusing marketing terminology to describe the secure connections could make you stop right there.
However, SSL is here to stay, and that’s because it provides much needed safety for your website’s visitors. Apart from creating a token of trust with your users, there are other benefits such as Google preferring SSL-certified websites in their search results, backlinks from various SSL listing sites.
Keeping with Google, it is expected that their browser, Chrome will start displaying warning messages if the website is not connected securely by 2017. While this won’t apply to all websites, if your site has a form, search field, comment area or of course payment info, your site risks being listed as insecure automatically.
So besides the technical hurdle of having the certificate installed, there are no real reasons not to use one, and plenty of reasons to get one today.
How To get one?
Looking back just a few years, things have gotten much easier with regards to buying and installing SSL certificates without having a developer to help out. Many of the larger hosting sites have begun offering SSL packages and solutions directly to website owners, some of them even helping out with installation free of charge.
Not only are we seeing a trend where you can have a certificate installed with help from your hosting company, many of these businesses are offering free SSL certificates as a marketing ploy.
Normally, these types of certificates are free of charge and of a rather low quality, meaning that the speeds and level of security are also in the low end, but still, it’s better than not having one at all, and provides a great way to get one’s feet wet.
How Do these certificates work?
Most hosting companies use a few different services to provide free SSL certificates to their users. One such service is Lets Encrypt which is a non profit organization with the primary goal of advanced SSL usage online. They offer these SSL certificates free of charge to anyone interested, and is another great place to start if you’re unsure whether SSL is for you.
Technically SSL certificates work by identifying the website compared to the list of data that is maintained by the SSL provider. These providers are responsible for security in terms of having an up to date list of secured websites, and are in layman’s terms the middle man vouching for the safety of the website.
Once a user visits your website with SSL enabled, the user’s browser will ask your webserver to identify itself, and the data your server sends must be the same as the SSL certificate has registered. This means that it is no longer possible for hackers to intercept your data and change the content for one.
Once The certificate is issued
As soon as you’ve gotten your SSL certificate issued, you’ll need to install it on your webserver. Most likely this will have to happen through the control panel of your hosting provider, where you will need to copy and paste some encrypted lines of code from the SSL certificate into the hosting panel.
Once this is done, one more step is left. It should now be possible to access your website via https://yoursite.com and if it works, your SSL is working fully now. However, your old website is still located at http://yoursite.com and will need a 301 redirect to send users from HTTP to HTTPS.
Redirecting HTTP to HTTPS can be done a number of ways, one of the most popular is to add a few lines to your .htaccess file in the root of your webserver’s folder. Another way is to use the hosting panel’s options and add a redirect rule in there, eliminating the need to use code.
If you are using a content management system, such as WordPress, Drupal or Joomla, there are already created plugins free of charge to help with this step. For WordPress, these two plugins are some of the most commonly used for this job:
Once installed, and redirecting, you should now see a small green lock icon next to your address bar when visiting your secure pages. Be aware that some of the cheapest SSL certificates are quite slow compared to the more expensive ones, so if your site needs the best performance, it might be worth the investment to get a proper SSL certificate.
Mark Pedersen has been developing for the web since 2001, always with a penchant for open-source technologies such as PHP. Since 2010 he has been working full time with app development, these days being employed at Nodes, a leading European app agency and Etech Spider. He also regularly contributes to WordPress and other open-source projects.