How To Secure Your Website Using An SSL Certificate

By
Judy W
-
0
5717

As with development and popularity of the internet, sending and receiving information online has never been a problem. Along with that is the increased risk of security threats like phishing attacks, virus attacks, unauthorized viewing, or data tampering. Surprisingly, there still are many webmasters don’t fully understand how to make use of security tools at their disposal to protect their website from cybercriminals or hackers.

What Is SSL?

Secure Socket Layer Certificate, also known as SSL Certificate, is a widely-used security solution nowadays to helping defend against malicious code that can damage your system and against cyberthieves on the lookout for sensitive data to sell on the black market. And in addition to securing your website’s connection for users, an SSL certificate can also boost the website’s search engine rankings. So, if you’re running an e-commerce website or any other type of website that involves in user data collection, every single word in this article is of value and needs extra attention and learning.

How Does SSL Certificate Work?

If your website enables an SSL certificate, the browser will automatically establish an SSL connection to the web server through the process of “SSL Handshake”. The SSL Handshake keeps invisible all the time and starts working instantaneously whenever the browser attempts to access your website.

Essentially, the SSL connection is set up with three keys, including the public, private and session keys. Anything that is encrypted with the public key can only be decrypted with the private key, and vice versa.

Since it needs a lot of processing power to encrypt and decrypt with the private and public key, they are only used during the SSL Handshake to generate a symmetric key. Once the secure connection is created, all transmitted data will use the session key to keep security.

  1. Browser connects to a web server secured with an SSL certificate. The web server is required to identify itself by the browser.
  2. The web server sends a copy of its SSL certificate to the browser, including the public key.
  3. Browser takes a check of the certificate root against every trusted CA on the list, verifies whether it is expired and revoked. As soon as the SSL certificate gains trust from the browser, an encrypted symmetric key will be generated and sent back to the web server.
  4. The symmetric key is decrypted by the web server using the private key. At the same time, the browser sends back an acknowledgement which is being encrypted using the session key and will be used for triggering the encrypted session later.
  5. All transmitted data is encrypted by the browser as well as the web server in the help of the session key.

SSL: Not Only for Visitors But Also for Your Business

Almost every SSL certificate contains if not all, at least part of the information as the domain name, business name, address, city, state and country, in addition to the details of the CA and a period of validity. A browser usually would make sure the certificate is still within the effective period and is issued by a trusted CA when it tries to establish an SSL connection. It displays a warning to let you know that the site is not secured by SSL if any of the checks fails.

According to a research conducted by Gartner, 70 percent of people shopping online have given up an order because they didn’t trust the website. What’s more, 64 percent of those shoppers expressed their willingness to finish the transaction if the website had a trust mark or SSL certificate. In other words, an SSL certificate not only protects both customers and internal data, it creates safer experiences for the customers, therefore building customer trust and improving conversion rate.

Importantly, HTTPS has significantly affects Google rankings. The world’s largest search engine is storing the data of Crawling and Indexing in your website SSL certificate and considers HTTPS as a ranking factor. Clearly, websites having SSL certificate are boosted in the search rankings besides providing solid security during information transfer.

What Type of SSL Certificate Should You Use?

It can be a real challenge to choose an SSL certificate for you website, after all there are many types of SSL certificate with confusing names, without saying a bunch of Certificate Authorities boasting about affordable, powerful SSL certificate solutions. However, your final decision of an SSL certificate should be based on the level of security your website requires and how much money you plan to invest in it.

DV Certificate

Domain validated certificate is the most basic type of SSL certificate, but also known as a low assurance certificate since the CA issuing the certificate by only verifying the website’s ownership.

You’ll be asked to offer documentation for proving that you own the domain that you wish to protect and the validation can be confirmed simply via a standard email.

The whole verification process can typically be completed in a few minutes.

Suitable for websites where visitor trust is not of high importance and information like usernames, passwords, or credit card information is not required.

OV Certificate

Organization validated certificate is a high assurance certificate. Besides the domain ownership, CAs also confirms that your organization is legit before issuing an OV SSL certificate. Because of that, organization information like name, city, state, and country is required to offer for verification.

This type of SSL certificates typically take between 2 to 3 days to be issued.

Suitable for businesses and companies who are interested in going beyond standard encryption and beefing up their trust.

EV Certificate

Extended validated certificate, usually in the form of a green padlock on visitors’ web browsers, comes with the highest level of security and authentication. The verification includes the most tedious and vigorous process, requiring webmasters to ensure they’re actually a legitimate business, in addition to offering business information as a proof of domain ownership.

It typically takes longer to complete the thorough validation process.

Suitable for ecommerce sites or other mission-critical websites that need to communicate a high level of trust to users.

The above SSL certificate types are categorized based on different validation level. They can also be classified into different groups in accordance with the number of secured domains/subdomains, namely, single-domain SSL certificates, wildcard SSL certificates, and multi-domain SSL certificates.

  • A single-domain SSL certificate supports protecting only one hostname or subdomain.
  • A wildcard SSL certificate supports protecting an unlimited number of subdomains for a single domain.
  • A multi-domain SSL certificate or UCC allows you to protect up to 100 domains, regardless of whether they are hostnames or subdomains.

Free or Paid SSL Certificate?

There are a wide range of SSL certificate providers on the web. From free to paid.

Pros and Cons of Free SSL

With the popularity of SSL certificate, some free SSL certificate solutions are popping up across the internet, amongst which Let’s Encrypt is the leader. They stand out for quick verification process and easy to obtain, making them appealing to personal blog sites and small websites who don’t process payment online.

Besides the free pricing, free SSLs can be generated automatically. And similar to paid solutions, the free SSLs also offer a signal boost to increase your SEO rankings on search engines.

Just the same as free web hosting services, free SSL certificates have some inherent flaws.

  • Domain validation only.
  • Unsuitable for e-commerce.
  • May hurt your users’ trust.
  • Limited lifetime.
  • Tardy customer support.

Pros and Cons of Paid SSL

Paid SSL certificates have quite a long history on the web and you can buy one from a lot of retailors.

The major reasons why you’re recommended to choose a premium SSL certificate include:

  • High recognition by a reputable Certificate Authority.
  • More validation options available, including domain, business, and extended validation.
  • Issued for a longer lifetime, from 1 to 3 years.
  • Compatible with any hosting services, plus self-managed or dedicated servers.
  • Liability protection with warranty ranging from $5,000 to $1,500,000.

When it comes to the disadvantage of paid SSL, relatively high cost apparently is the greatest concern of most individuals and small businesses.

Get An SSL Certificate from Bisend

SSL certificates can be purchased directly through most web hosting providers, even better, some of whom will help install it for you for free. If, luckily, your web host is an SSL certificate retailor as well, it would be much better and quicker to get started at the same place.

Here we take Bisend as an example, guide you through the detailed process of how to set up an SSL certificate for your website.

Option 1: Enable the free SSL certificate in Plesk Onyx

Bisend packages a free Let’s Encrypt SSL Certificate in all web hosting accounts and enables you to install it for your domain in Plesk Onyx.

1.Log into your Plesk Onyx > Websites & Domains tab > Let’s Encrypt.

2.In this interface, you’re required to offer an email address and select what else will be secured. Usually, we suggest you choose to Include a “www” subdomain for the domain and each selected alias for the purpose of securing all redirects at the same time. After that, click on the Install button to complete the installation.

3.Not ends. You need to enable SSL support at Plesk Onyx > Websites & Domains tab > Hosting Settings. Under the Security section, select SSL/TLS support checkbox and select a required certificate for your website in the dropdown list.

4.Click OK and confirm your website now is loading on HTTPs and no SSL warnings.

Option 2: Purchase a premium SSL certificate through Bisend

To secure a website with a premium SSL certificate, you will need to purchase one from Bisend SSL Certificate Store directly. However, before you buy an SSL certificate, you must decide what type of SSL certificate is right for your business.

Now, let’s start with the GeoTrust True BusinessID to show you how SSL purchase works.

Step 1. Select the year and quantity you require.

Step 2. Offer details and make payment.

Step 3. Submit CSR to us during the process.

A CSR is short for Certificate Signing Request, which is necessary for all SSL certificates in order to complete the generation process. A CAR is generated from your server. So, if your website is being hosted on Bisend’s server, you don’t need to generate it by yourself because we will do it for you. If not, you should consult official documentation for your server, operating system, or control panel.

Step 4. We start processing with GeoTrust on receipt of order.

Step 5. Complete documents and requirements during enrollment.

As GeoTrust True BusinessID certificate is an Organization Validated certificate, the Certificate Authority will verify the identity of your business entity which is responsible for the domain name that the certificate is going to secure. The following information should be provided to our support team to complete the verification process, including:

  • Domain name which should be listed on the InterNIC/WHOIS records
  • Organization authentication, such as DUNS number, business license, sole proprietorship documentation, etc.
  • Locality presence, including country, state, and city
  • Business telephone number and zip code
  • Email address for receiving certificate verification information

Step 6. Once enrollment process is complete, you will be emailed certificate via email.

Step 7. Upload the certificate you purchased.

This requires you to upload your SSL certificate first. Log into your Plesk Onyx control panel, and navigate to Websites & Domains > SSL/TLS Certificates and upload cert files as below.

After it, you will your GeoTrust True BusinessID Certificate in your SSL repository, which could be found by going to Websites & Domains > SSL/TLS Certificates tab.

Step 8. Enable the SSL certificate for your website.

After finish uploading the certificate, you need to install it. Just repeat the process of the above free SSL installation, select the certificate you uploaded right now under the Security section, then click OK.

Troubleshoot Common SSL Problems

Your SSL certificate should secure your website 24*7 once it is set up and running. But it’s inevitable that there are some errors occurred at times. These errors usually can cause your SSL certificate to be invalidated. Here we have listed some common problems you can troubleshoot when your SSL certificate refuses to work.

  • Serving mixed content. If your website content is loaded from both HTTPS and HTTP sources, your SSL certificate will be invalidated. This error usually is caused by plugins, images or JavaScripts.
  • Missing intermediate certificate. Intermediate chain certificate varies from different server types. Some servers require one while others require two.
  • Expired certificate. When your certificate is outdated, your website will be unavailable. As a result of that, you’d better renew it 90 days in advance.

HTTPS has been a clear indicator of the secured website and no one track your personal information during communication channel. Especially as a business website owner, you’re responsible for setting up a secure environment for your users and visitors. Making sure your SSL certificate is issued by a trusted certificate authority and then have it well configured on your web server, in which way can you fulfill your promises and optimize search engine rankings incidentally.