Using SSL in Your Website

Posted on July 1, 2013 by
singleimage

For years, securing data transmitted online has been an important issue. Without SSL certificate and secure network, it is doubtful that small business can gain trust. In essence, SSL certificate is a compact data packet that’s added into websites. A cryptographic key is activated when users visit the website to make sure that all data is processed securely. SSL certificate prevents unauthorized individuals from stealing information being used on the website. There are three types of SSL certificates.

  • Dedicated SSL: This is evidently the most secure and the most expensive SSL solution. The HTTPS connection can be verified only for your root domain.
  • Shared SSL: Web hosts that offer shared hosting plan often have more than one domain names pointing to a single IP address. With shared SSL, it is easier for the web host and cheaper for customers to obtain secure connection.
  • Wildcard SSL: This type of certificate targets any subdomain in your websites. This is a more appropriate solution if your website is made up from different sections, such as separate subdomains for checkouts and sales.

Beginners who are just getting started should use shared SSL, especially if they can’t afford dedicated IP address/web host right away. Costs associated with dedicated SSL certificates can be rather atrocious for those who are just getting started. Secure websites are indicated by https:// on their URL. There should also be a padlock icon shown on the tray or browser bar. Servers with no SSL certificate will be indicated by an opened padlock and standard URL.

Ramifications of phishing can be far-reaching on websites that accept payments through credit cards. SSL certificate is essential when the website regularly processes sensitive customer information through the server. Startups or any small business wishing to peddle their goods online would attract more customers if they offer a secure server for processing order and payment. Secured severs are quite popular even for those who don’t know how they work. They regularly look for these signs before submitting credit card information. Many online shoppers would think twice about purchasing things through unsecured servers.

In theory, any business that process online payments should have SSL certification. This is an important requirement for them. Many potential buyers are not willing to pay when the site isn’t secured through encryption and other means. Any business that asks buyers to submit standard information such as username, password and email should have SSL certification.

Website owners can purchase SSL certificates through a number of legitimate vendors and because a certificate will eventually expire, it is important to renew it regularly. The process might sound like a real pain for new website owners, but many web hosts can help them to make things easier.

Setting up SSL

First, website owners need to generate certificate signing request (CSR) on their web server. This step is required to get an SSL certificate. After you have the encrypted CSR fully set up, the next step is to notify the certificate provider, such as Thawte and Verisign to purchase the certificate. It is necessary to have full administration privileges to get a CSR and you should contact the web host if you don’t know how to do it. CSR is sent to your email as a chunk of jumbled up keys and characters. This is what you need to verify the SSL installation. Go to the SSL certificate page and click the Activate button. There should be a menu to choose the server type and a field to input your CSR key. A common setup for Apache-powered web servers is Apache+OpenSSL; but check with your web host to define the correct configuration. Copy the CSR key from your email into the specified box and click Submit. Make sure the web host also returns the RSA Key, which is needed for private authentication the server. After your CSR is sent, an email is automatically generated and sent to the domain name approver. It contains necessary information related to your SSL certificate. After you pass the CSR submission procedure, the last form requires additional SSL bundle information and the RSA key.

You need to make sure that the web host supports SSL in shared environment. Your web host may also allow clients to upgrade their web hosting plan to primary IP address to avoid conflicts with SSL certificates. The procedure for SSL installation should be straightforward and you should be able to validate it very quickly.

Often, website owners setup SSL certificates on the primary IP address. The method is called dedicated SSL certificate and it applies on their entire domain. However, dedicated plan can be too expensive for new business and they may need to choose more affordable solutions. Some providers may offer limited-time trial, which can help you save some money. However they expire much quicker that paid certificates.

The actual registration may take one whole day to complete, but in some cases, it is possible to get responses in only fifteen minutes. Once you purchase the certificate it is time to install using the signing request. The plan should come with a reusable return policy if you are not satisfied with it. In addition it should protect the main domain and ask subdomains. Always check everything once you add the package to the shopping cart. The seller may require you sign up for a new account or log into an existing one. The final payment should appear once you enter necessary account data. You have multiple options for paying the certificates, with Paypal or credit card. You will be redirected to the confirmation page and receive an additional email if everything goes well.

Your web host will send a confirmation when everything is all set to go. Once verified, you can try to open your site using HTPPS and check whether all the SSL certification details are displayed. This may sound like a struggle, but things should be much easier if you are willing to ask the web host and SSL provider for assistance. Your web host may also have support articles in its official website to help you understand the setup process. It’s most likely that your web host provides cPanel to manage remote web servers.

One obvious benefit of performing the SSL setup process through a third-party web host is that we don’t need to make too many changes to the code. After completing the purchasing process, many web hosts are kind enough to install the SSL certificate for you. After proper installation, access via both HTTP and HTTPS would work identically. To check whether your SSL certificate is authenticated properly, check whether there’s a padlock icon somewhere on your web browser which shows a verified SSL connection between a remote web server and your computer. Depending on web browser, you can click the lock icon to get essential information on your SSL certificate.

Redirecting Visitors

It is often difficult to divert all visitors to webpages with HTTPS protocols, so you might need to consider installing a Redirect script. Most web hosts allow you to configure the .htaccess file right within cPanel. There are many sample codes available online to help you modify the .htaccess file. Search for codes that redirect incoming traffic to areas with HTTPS protocols; a common method is to remove the standard www from your website and force all traffic to go to https://yourdomain.com/. Proper rewrite rules are needed to run everything perfectly.

One common obstacle is that you need to reference absolute URL to utilize necessary resources. This would only make your website partially safe as “unsecured items” will also be displayed on your page. Often, you must locally call videos, stylesheet files and others. This allows insecure resources to get loaded onto your secure webpages. This is a good way for hackers to infiltrate secured websites, by parsing through VBscript or JavaScript. Just to be sure, you don’t pull any asset directly via normal HTTP.

Problems may also occur if you need to access resources from an external secured server; it takes awhile to verify that you can verify connection to other HTTPS connection. Consequently, major changes may need to be applied to your file structure before installing SSL; try to keep any media and resource consolidated under a single IP address.

Conclusion

This article should give you some insight to the SSL implementation. Web security is a thriving industry as all website owners need to safeguard essential data. Major websites including eBay, PayPal and Amazon have been employing SSL-based methods for decades. HTTPS and SSL may not be topics that you will easily understand, but like learning any web programming language, it is necessary to get your hands greasy and directly set up your own SSL certificate. It’s always a daunting task for any beginner, but you will get a pleasant sense of accomplishment as well as a newly-learned skill to perform additional changes in the future.

Author :

  • Subash