Get an SSL Certificate for Your Website
Since I just wrote a post with some tips on managing email accounts and the Administrative Contact for your domain name called:
I thought I’d write another post about how to get an SSL certificate since that’s something people often have questions about.
Why Do You Need an SSL Certificate?
First, let’s find out if you really need one. What happens with an SSL certificate is that it creates an encrypted stream of communication between the web server and someone viewing the website or submitting information. This traffic is moved from port 80 to another port, 443. There is a private key on the server and also a public key. These are used to make the information passed secure (I won’t get into all of that but that’s what happens). The standards for this encryption has moved up from a 1024 bit key to a 2048 key, which is a lot more secure. Also, this type of encryption is very secure. From what I’ve heard, it has not been broken.
The drawbacks to using SSL encryption on every page is that it slows things down. Every image and bit of text sent between the server and person viewing the page needs to run through the encryption, which involves server processing power. So you do not want every page and image on your site encrypted if it doesn’t have to be. You want to keep things fast. But on pages where critical and personal information is being sent, you do want SSL to be in place.
One side note – on a page that has a form, that actual page does not have to be secure – only the page that the form is posting to needs to be secure but the standard best practice is to make the page that someone is filling out also secure.
The SSL Application Process
You can either have your web host purchase it for you or else you can do it yourself. In either case, you will need the help of your web host most of the time. The first step is for them to generate a private key along with something called a CSR. The CSR is a request for a certificate. It’s some encrypted looking information that states things like the domain name, who owns the certificate, etc. When buying an SSL certificate from a certificate authority (CA), you will need the CSR. The private key usually stays on the server.
You (or they) buy the SSL certificate by submitting the CSR. The next step is the verification of the domain name. What this step involves will depend on what level of SSL certificate you buy. With the lowest level (which is still very safe and secure), the Administrative Contact of the domain (the person that bought and registered the domain) is contacted via email to make sure they want this certificate purchased. This also ensures that someone else that they don’t know isn’t trying to set up a website to spoof their website. Other levels of verification and SSL certificate strength include getting things like business incorporation documents faxed in.
Once the verification is done, the SSL certificate is generated and delivered. This is actually an easy thing to generate. With the right software, you can generate one yourself but you are not a registered CA (certificate authority), so using a self-generated SSL certificate will not make your website look secure. Along with your SSL certificate, you will usually (not always) get a CA certificate which adds strength to your SSL because it shows that your certificate was generated by a certificate authority.
This SSL certificate is just a group / block of letter and numbers and can safely be sent via email. It is then installed on the server.
Installing the SSL Certificate
Your host assigns your certificate to your website’s IP address. It used to work where you needed a dedicated IP address for each SSL certificate but they now can be stacked on each other – meaning, you can have multiple SSL certificates on a single (shared) IP address.
Once it’s installed, you typically just need to change the URL of any page from http:// to https:// (adding the “s”) and that page will be secure. The web server then knows to put communication on port 443 instead of the standard web port 80.
Renewing Your SSL Certificate
Depending on for how long you registered it, you will need to renew it from time to time. There’s no way around this. Most companies will choose the get the SSL certificate for 2 or more years so that you don’t have to go through the process of renewing it every year.
When it is renewed, sometimes you can use the same CSR or maybe the certificate authority might still have it on file for you. You pay for the renewal and sometimes it’s issued right away or sometimes the CA wants to verify things again. When you get it, you then just upload the new certificate or your web host does this for you.
Now you know!