HTTPS is a must for every website nowadays, allowing users to browse the web with confidentiality, integrity, and authentication. When users visit a webpage, seeing the iconic padlock in the search bar gives them a sense of security when providing personal details. Chrome and Firefox explicitly mark websites that provide forms on pages without HTTPS as being non-secure; it is an SEO ranking factor; and it has a serious impact on privacy in general.
There are several options to get an HTTPS certificate for free, so switching is even easier than you might think. Before going through the process, let’s review a few basic terms.
This is the basic communication protocol that directs the client/server interaction between your web browser and the destination web page. It covers things such as requests and responses, sessions, caching, authentication, and more.
The HTTP protocol transfers information between the browser and the server in clear text, allowing the network to see the information passing through. This is a security concern, so HTTPS was introduced, allowing the client and the server to create an encrypted communication channel.
The encrypted channel is created using the TLS protocol, previously called SSL. The terms SSL and TLS are often used interchangeably, although SSL 3.0 was replaced by TLS 1.0 in 1999. Since then, TLS has gotten a few upgrades; the latest was TLS 1.3, released in July 2017.
What does it take to certify your website as HTTPS? All you need to get started is a dedicated IP address and an SSL certificate.
To provide the best security, SSL certificates require websites to have dedicated IP addresses. Several smaller web hosting plans put you on a shared IP where multiple other websites are using the same location. A dedicated IP address ensures that traffic going to that IP address will arrive at your website and no one else’s.
Next an SSL certificate will prove that your website is your website. The certificate is a paragraph of letters and numbers that only your site knows—essentially, a really long password. When browsing with HTTPS, the browser will use the certificate to verify that your website is what you say it is. While you can create your own certificate, purchasing a certificate through a certificate authority gives you more credibility since they can vouch for you.
In order to activate your certificate, you'll first need to have a certificate signing request (CSR) code generated on your server by your hosting provider. This can be done within your web hosting control panel, such as WHM or cPanel. Go to the SSL/TLS admin area and choose, “Generate an SSL certificate and Signing Request.” You’ll need this CSR to give to the SSL certification issuer so they can establish and verify your identity.
Installing the certificate is very easy to do. All you need to do is paste it into your web host control panel. If you’re using WHM or CPanel, click “Install an SSL Certificate” from under the SSL/TLS menu.
Now that your certificate is all set up, you need to ensure that you users are actually accessing your site through HTTPS. You typically only need to protect a few pages, such as your login, cart checkout, or any other pages with forms on them. If you enable HTTPS on pages where the user isn’t submitting sensitive data, you’re just wasting encryption processing and slowing down the experience. Go through and update all the links to the target pages to use the HTTPS links. Do this for all links on all pages pointing to the sensitive URLs.
Need help managing your website? Blue Frog Marketing is here to help with everything from writing and SEO to web design and development! We’re a full-service inbound marketing agency with locations in Des Moines, Denver, and Huron, Ohio. Reach out today to schedule a free consultation.