The Complete Guide To SSL Certificates
Reputation. Security. Trust. These three words are now upon the lips of every CIO and IT manager as they ponder which platform to use to drive innovation inside a startup that faces incredible amounts of online competition both inside the UK, and abroad.
You are most likely familiar with SSL Certificates, or at least the little padlock beside the address of a website. The address bar itself occasionally turns green, while the HTTP prefix in web addresses often becomes an HTTPS prefix instead. These are all visible signs that an SSL Certificate is active on the website and is adding greater security and protection.
Deploying an SSL certificate is the one thing that helps IT managers sleep better at night and simultaneously puts customers’ minds at ease. The green address bar lock that appears to the left of the web address bar along with the letters ‘https’ creates instant trust, credibility, and security at both a technical and marketing level.
However, you may not understand exactly how SSL Certificates work, how to obtain and install an SSL Certificate, or what happens if you don’t have one on your website. In this complete guide, we will tackle all things SSL Certificate related. Let’s get started…
What is an SSL Certificate?
Normally, the data we send and receive online is sent through individual packets that can potentially be viewed by anybody. An SSL Certificate is a small data file that adds a complex security key to communication between the host and recipient computers, preventing data packets from being viewed by anyone else. The secure connection can, therefore, transmit passwords, financial data or sensitive personal information safely and discreetly.
The term SSL is an abbreviation of Secure Socket Layer, and it was created by one of the early internet pioneers. Netscape dominated the web browser market with its Navigator package in the 1990s before Microsoft began bundling Internet Explorer with every Windows package.
Today, Netscape’s SSL legacy is increasingly being known by a new name – TLS, or Transport Layer Security. Geeks may be interested to know that TLS’s use of asymmetric cryptography splits the plaintext and ciphertext content into separately encrypted data that cannot be accessed without the independent authentication of both keys.
The rest of us will simply be relieved to know that any site using this technology is legitimate and largely hacker-proof.
An SSL gives businesses online legitimacy, and industry bodies recognise the SSL padlock as a real, valid signature that the online transaction is “safe”.
Accord to Comodo, UK2.NET’s SSL partner, the value of an SSL is protected by the strength of a standard two-point validation process:
• Step 1: Verify that the applicant owns, or has legal right to use, the domain name featured in the application.
• Step 2: Verify that the applicant is a legitimate and legally accountable entity.
Comodo reports that the compromise of either step endangers the message of trust and legitimacy provided to the end consumer.
Where do SSL Certificates come from?
You must first obtain an SSL Certificate from a Certification Authority approved web host. They confirm that the host company is legitimate, and grant it permission to install an SSL Certificate onto the webserver. By doing so, conventional HTTP communication into the HTTPS version, establishing a secure connection between the two parties for the duration of data transfer. The recipient’s web browser will perform various checks to authenticate that the SSL Certificate is valid, and the browsing session will begin within a couple of seconds.
There are different levels of SSL certificates. Extended Validation is the gold standard with its signature green address bar and industry-leading 2048-bit encryption, while Domain and Organisational SSL still provide effective security across all browsers and devices.
With limited differences between these three alternatives, the choice of which SSL certificate to obtain depends largely on the value of the transactions your site will be hosting. Retailers often rely on a relatively basic secure server certificate for the low-value purchases made by their customers, whereas financial institutions provide full Extended Validation certificates for online banking.
Why Are SSL Certificates Essential?
Experts did not always recommend installing an SSL Certificate until the end of 2016. In general, ecommerce websites were required to be secure, but most marketers and developers would have agreed that a non-secure HTTP website was sufficient for running a blog. So what has changed?
Google announced that beginning in January 2017, the Chrome browser would show any HTTP sites as non-secure when certain information is being asked for on a website, including payments, passwords, data forms, or additional website entities that require personal data.
Since 2017, SSL Certificates have become a basic requirement for receiving website traffic as well as search engine optimisaton (SEO). Websites that do not protect visitors are severely penalised by search engines. Website traffic is often stopped with a warning prior to proceeding to an unencrypted website.
What you need to know to choose an SSL Certificate for your website:
HTTP Vs HTTPS
An HTTP website (this is basically the address of your website) sends and receives information as it is unencrypted. This means that when you enter any information on this sort of site, the data gets sent as is over the internet.
If a hacker were to intercept the sent information, they would be able to use the data for their own purposes. Imagine entering your name, email address, and your physical address knowing that anyone could view it. A concerning thought.
An HTTPS website, which has a security certificate installed, encrypts all information entered and sent. The additional security means that your data is protected and unreadable by an external party.
Do I really need an SSL Certificate?
You might be thinking to yourself that you do not want to use your budget to purchase an SSL Certificate for your non-transactional website. However, know that this thought process is a mistake. SSL Certificates benefit all websites, not only those that accept payment.
What happens if I don’t install an SSL Certificate?
SSL certificates were originally designed to create a secure communication channel between a host server and a recipient device, specifically for the duration of an ecommerce transaction.
This was done by making the host and recipient exchange uniquely generated identification keys, which only these two devices recognised. Keys ensured that every byte of data transmitted was encrypted and decrypted safely. This was so third parties couldn’t eavesdrop or steal information. As a result, man-in-the-middle cyber attacks were hugely reduced.
Online retailers quickly embraced SSL Certificates. While a secure connection was maintained, people could browse and buy at will without worrying about being spied on or having transactions monitored.
The difference between SSL and TLS
Observant readers might be wondering why this article keeps referring to SSL certificates in the past tense. Quite simply, that’s because they’ve now been replaced by the newer Transport Layer Security protocol, even though we still refer to them as SSL.
SSL Certificates date back to the mid-1990s, and a defunct web firm called Netscape. As vulnerabilities emerged in the iconic Netscape Navigator web browser, they released revised versions of SSL. Eventually, TLS replaced it altogether in 1999. Yet the original name stuck, and people still use the term SSL to describe a TLS connection.
The biggest differences between SSL 3.0 and the first generation of TLS involved the retrospective elimination of vulnerabilities and improvements to the algorithms used to generate encryption keys. And if you didn’t understand any of that, it’s enough to know SSL and TLS both refer to the electronic handshake that opens a communication channel between an external server and a personal device.
Ecommerce platforms should ensure that purchases are made securely. Many websites open HTTPS connections for every site visitor – even those who merely want to browse.
At-risk Websites
To be blunt, if you do not install an SSL Certificate, you won’t last very long in the current ecommerce market. Customers don’t always understand how cybercrime actually happens, but they do know that an insecure website is vulnerable to data loss and surveillance. And perceptions matter online since internet shopping is impersonal at the best of times.
Smiling shop assistants are not ready to answer queries and there is no physical proof of a purchase made. You don’t instantly get the goods or services you’ve paid upfront to receive, and most ecommerce transactions are automated. Many people find it difficult to hand over debit card details to an unfamiliar website, but a secure ecommerce portal at least instills some confidence.
Even if you do manage to attract patrons into your site, you’re placing them at risk without employing data encryption.
The consequences of unencrypted data
#1. Redirects
Anyone monitoring an insecure purchase could redirect the purchaser’s browser to a separate web page. The customer might not notice, unwittingly providing card information or directly making a payment into a fraudster’s bank account.
#2. Captured data
The criminals may let a transaction go through while quietly noting down addresses and payment credentials. Having acquired CVC codes and expiry dates, they could set off on an ecommerce shopping spree of their own.
#3. Hacked website
Hackers could potentially access an insecure website to display offensive content. Or worse, they could infect it with malware, which downloads itself onto user devices. Malware comes in many shapes and guises, but its intentions are rarely noble.
#4. Stolen user data
Stolen user data is another problem. Hackers can use personal details in all sorts of nefarious ways from email lists to junk mail.
Search Engine Optimisation
Google and Bing now prioritise HTTPS websites in their search results. So, the absence of SSL or TLS security damages a website’s SEO performance. SSL Certificates are provided free with UK2 Business Hosting packages. So, there’s no excuse for not embracing the included benefits.
We will generate an authentic SSL Certificate on your behalf. We can also help you install it and even ensure it works smoothly. There’s simply no excuse for leaving your website and ecommerce portals insecure…
Next steps
Now that you have all of the important SSL Certificate information. Now you must install your new SSL Certificate. To install your SSL Certificate on your cPanel dashboard, simply follow the steps outlined below. Remember if you need assistance at any time, simply contact our expert technical support team. They will gladly answer all of your questions.
If you do decide to install an SSL certificate, make sure it is done properly. Installing it means the URLs of all of your pages have changed from HTTP to HTTPS. For search engines, this is effectively a different website. So to preserve your website’s SEO credentials, all of the necessary redirects from the previous HTTP pages to HTTPS need to be put in place.
If this is not done properly you will lose all of the existing HTTP links, meaning your domain authority and search engine rankings will disappear. You need to preserve the old links to retain your search results standing. Imagine you have some big brands linking to your site; by switching to secure you could lose them all. That’s definitely not the way to go.
How to install an SSL Certificate to your cPanel dashboard
#1. Download your SSL Certificate and the corresponding CA Certificate.
#2. Log into your cPanel account with your username and password.
#3. Under the Security section, click on the icon entitled SSL/TLS.
#4. Click the Manage SSL Sites link located beneath the heading Install and Manage SSL for your site (HTTPS). Note that this may also read as Set Up an SSL certificate to work with your site.
#5. Beneath the section called Certificate (CRT), copy your SSL Certificate, including the header and footer (BEGIN CERTIFICATE and END CERTIFICATE). Paste the certificate file into the field provided.
#6. Click Autofill to pull the necessary Private Key information. The server will now store it. The private key used to generate the CSR must be created on the server you are installing the SSL Certificate on. It is important to note that you cannot generate a third party private key. You must also note that if you cannot autofill this information, you may copy and paste it into the fields provided.
#7. Be sure that under the heading Certificate Authority (CABUNDLE), the autofill option included the CA certificate information into the field provided. We recommend that you include this information, even though it is marked Optional.
#8. Click Install Certificate.
You have now installed your new SSL Certificate on your cPanel dashboard. You will now be able to protect your website visitors. The SSL Certificate will encrypt user data as it passes between their screen and your server.
Should you run into any issues while installing your SSL Certificate, please contact our expert Technical Support. They are happy to answer any questions or concerns that you may have.