A correctly implemented security certificate, like an SSL or TLS certificate is what makes your website secure. It will protect the data that is transmitted from your visitor’s computer to your website and back. We’re explaining the best way to implement HTTPS security on your website.
Step 1: Host With Dedicated IP Address
To use an SSL certificate on your website, your site needs a dedicated IP address. Depending on your hosting provider, you may share an IP address with many websites. An SSL/TLS certificate will secure the traffic to your IP address, so your site needs to have a unique IP address.
There are a number of affordable hosting providers that offer dedicated IP addresses for under six or seven dollars per month. If you are satisfied with your current hosting, you can typically upgrade your plan to get a dedicated IP address.
Read More: What is Your IP Address? How To Keep It Private
Step 2: Buy a Certificate
You can use a free and open Certificate Authority, like Let’s Encrypt, or you can purchase a certificate from a site like NameCheap or GeoTrust Quick SSL. A certificate is basically a long series of letters and numbers that only your site knows. This certificate works like a long, complex password that authenticates your website.
Before deciding which Certificate to use, you should decide which type of SSL or TLS certifcate you need. There are Extended Validation, Organization Validation, Domain Validation, and others to choose from.
Types of Security Certificates and Validation:
- Domain Validated (DV SSL) Certificates: DV certificates verify that you or your organization have the right to use your specific domain. These certificates don’t check or verify any details about your organization. These are best for businesses needing a low-cost SSL without submitting company documents.
- Organization Validated (OV SSL) Certificates: OV certificates checks that you have the right to use a specific domain AND that your company, or entity, is legitimate. When you are given an OV certificate your organization name appears in the certificate itself.
- Extended Validation (EV SSL) Certificates: EV certificates are the most thoroughly validated and vetted security certificates. To receive an EV certificate you must verify the legal, physical and operation existence of your organization. You must prove that official records reflect the stated details about your organization. Finally, you must prove that you have the exclusive right to use the domain you’re trying to secure and that you have a properly issued SSL certificate.
In theory you could create your own certificate, but in order for it to be recognized by a Certificate Authority, you’ll need to purchase a certificate from a reputable provider.
Read More: How Do Security Certificates Actually Work?
Step 3: Activate the Certificate
To activate your certificate, you need to generate a Certificate Signing Request (CSR). The easiest way to do this is from your hosting control panel, like WHM or cPanel. Go to the SSL/TLS settings and there should be something like “Generate an SSL certificate and Signing Request”. Fill out the fields in the menu. Once you’ve completed this step you will get a signing request which is a long block of letters and numbers. Copy this text as you’ll need it to verify your identity to your SSL certificate issuer. You will also need an email address that proves you own your website. So you may need to set up an email account on your domain.
Step 4: Install the Certificate
You can do this step yourself or let your web host do it for you. However, if you can do it on your own, it’s a simple process. Just copy and paste the security certificate into your web host control panel and click install SSL Certificate.
If you’re having with this step, make sure you’ve pasted the correct certificate into the correct field.
Step 5: Update Your Site to Use HTTPS
After following the above steps, you should be able to see an HTTPS version of your site if you navigate to ‘https://{your-domain}.com’. However, your users won’t be automatically taken to the secure version of your site. You’ll need to set up your links to redirect to or use the HTTPS links. You should prioritize pages where users enter sensitive information like passwords or payment information.
Keep in mind that Google may prioritize sites that use HTTPS, so for SEO purposes it may be best to use HTTPS on your entire site.
Why Should You Use HTTPS?
- Faster Load Times: While adding SSL or TLS means your site will have additional resources to load, TLS certificates can actually improve load times. Most browsers offer HTTPS enhancements for TLS certificates that will make your site load faster. Some browsers will actually block sites that don’t use HTTPS, so you could be losing out on valuable users.
- Search Engine Optimization: Search engines tend to give priority to sites that use HTTPS, because it is a sign of trust and security. You may notice that after switching to HTTPS, you begin to get more organic search traffic to your site.
- Trust: Visitors to your website will be more willing to make a purchase if they are confident that their payment information is safe. HTTPS makes your site look more professional. If you are taking credit card numbers or other financial information, having an encrypted, secured website is a must.
How To Make Your Website Use HTTPS for Free
If you want to use HTTPS on your website, but don’t want to spend money to do so, there are free options. Implementing the SSL or TLS certificates will require the same process as paid options, however you will just get the certificate for free.
You will need to get a free SSL or TLS certificate, but make sure that the provider you choose is recognized by the major certificate authorities.
Where to Get a Free SSL Certificate?
- Let’s Encrypt: The Linux Foundation created Let’s Encrypt to spread encryption to the masses on the internet. Let’s Encrypt is fully automated so you won’t have to create a Certificate Signing Request and send it to a Certificate Authority to get it signed. This whole process happens automatically on your servers.
- Cloudflare: Cloudflare recently announced that it would be support SSL for free for all its users. If you are currently using Cloudflare but haven’t yet implemented HTTPS, you can do so quickly and easily in your account settings.
Are Free SSL Certificates Safe?
Yes. Many reputable sites and companies use Let’s Encrypt or other free SSL certificates. Let’s Encrypt is supported by Mozilla, Electronic Frontier Foundation, Google Chrome, Facebook, Brave, GitHub and many other well-known internet companies. Not all free SSL Certificates are perfect, but unlike VPNs or other products on the internet, free SSL Certificates work just like the paid options.