How To Get HTTPS: Setting Up SSL On Your Website: Google has improved its Search Engine ranking algorithm a lot in last few years. Following the commitment to provide secure search results Google announced in 2014 that it will give a ranking boost to websites with HTTPS certification. Before this announcement, the HTTPS certificate was considered necessary for those websites which collected any sensitive information from users including email, password or banking details. But Google started HTTPS certificate as criteria to make websites rank higher in search results and HTTPS pages ranking is increasing since then.

According to Dr. Pete Meyers from Moz, a study shows that Google’s front page constitutes 45% HTTPS pages and will reach 50% by June 2017.

So if you want to maintain your rank on Google search engine results then you need to have the SSL certification that will allow you to convert all your website’s HTTP links into HTTPS. So what is HTTPS and how to get HTTPS? In this article, we will discuss the step by step procedure to get and install SSL certificate.

What is HTTPS?

HTTPS is a secure version of HTTP for data transmission and SSL is a group of small data files that binds an encryption key to a host on which it is installed. SSL stands for Secure Socket Layer which ensures that any data transmitted between website’s server and the browser is encrypted automatically. When SSL has activated it redirects all your data over to port 443 after passing through basic port 80 for HTTP.How To Get HTTPS: Setting Up SSL On Your Website

It protects sensitive user information from hackers as it travels through the internet. Getting HTTPS for your website will also increase user’s trust in you and your website.

How To Get HTTPS: Setting Up SSL On Your Website

It is very easy to set up SSL for a website and then you have to redirect all your website traffic to HTTPS version of your website instead of going to HTTP. But redirection is a time taking process based on the quantity of content you have on your website. If you try to access your website by putting https:// before the URL of any page on your website it will get you an error. Because you have not installed an SSL certificate on your website, yet.

There are few points that you need to consider first before buying the SSL certificate:

  • All your website links should be redirected to HTTPS not just the pages but images, JavaScript, CSS, posts etc. So you have to go through all your internal links very carefully without missing anyone out.
  • Security provided by SSL is not equal for everyone and for every setup. After the completion of SSL installation process, you need to decide how much security do you need for your users. Then change settings based on your decision.
  • After SSL installation you can use SPDY, a networking protocol specially designed by Google for SSL traffic. That makes your website load faster as compared to your regular HTTP site.
  • Your CDN should support SSL if you are using one.

 

Setting up HTTPS on your website is very easy, just follow these 6 simple steps:

  1. Host with a Static IP address
  2. Buy an SSL certificate
  3. Activate the certificate
  4. Install the certificate
  5. Implement Strict Transport Security Header (STSH)
  6. Update your site to use HTTPS

Step 1: Host with a Static IP address

Before installing SSL you need to get a static and unique IP address. You can get a static IP only if you buy a dedicated web hosting server plan. Most of the cheap web hosting plans put your website on a shared server IP. In such cases, multiple websites use the same IP location and you can’t assure that the traffic going to your website is being received by your website only. With a dedicated IP, you can avoid any such possibility and whole traffic reaches to your website only.

For a dedicated server, you can use any of the hosting services, but StableHost is one of the most affordable service providers for dedicated hosting. At the time of writing this article StableHost has a dedicated hosting plan at around 10$/month. You can get it even at a cheaper price if you buy a plan for a full year. You can also ask your host to provide you a static IP. They might charge you for this service but it will lesser as compared to purchasing a dedicated server.

You can also check if your server supports Server Name Indication, if yes! in that case, you won’t even need to buy a dedicated IP.

Step 2: Buy an SSL certificate

Now you have to buy an SSL certificate that proves to the browser if it is really receiving and sending information to your website and not with some hostile source. SSL is kind of identity card and generally, contains a long paragraph of characters which only your website knows. It works like a long password. When a user visits your website then browser checks for the SSL certificate embedded in your website and if it checks out with the “Certificate Authority” (CA) then only it verifies that the website belongs to you.

Technically you can create your own SSL certificate but all popular browsers check with “Certificate Authority” which keeps a copy of that long password file. To be able to recognized by browsers you have to get the SSL certificate from the authentic source.

NameCheap is one of the best sources to get an SSL certificate. You can choose from various options but GeoTrust QuickSSL will do a fine job. This plan also provides you with a security seal which you can show off on your website, so your readers feel secure while browsing through your website.

Step 3: Activate the certificate

How To Get HTTPS: Setting Up SSL On Your Website
How To Get HTTPS: Setting Up SSL On Your Website-Form For Generating An SSL Cert

To activate the certificate by yourself, you have to generate a CSR. The easiest way of generating CSR script is the control panel of your web host, whether it is cPanel or WHM. Loo for the SSL/TLS admin area and select Generate an SSL certificate and Signing Request. A form will appear on next screen, just fill out all the fields:

I want to clarify that you need to fill your domain name in the Host to make cert for field. You can leave the contact email empty if you don’t want to receive a copy of the certificate in your inbox. After and clicking the Create button you see something like this: 

How To Get HTTPS: Setting Up SSL On Your Website-Generated CSR
How To Get HTTPS: Setting Up SSL On Your Website-Generated CSR

 

Copy the first block of CSR because you will be needed to give this CSR to certificate issuer, who will generate a unique identity for your website. Now login to the dashboard of your certificate issuers and activate the certificate. Paste the previously copied CSR in the required field and provide other details if asked.

You have to provide an approver email id in the asked section as it will prove your ownership of the domain. It might look something like this: webmaster@mydomain.com. If you haven’t created one yet then you have to create one now. On email address, you will get the final SSL certificate for your website with the .crt extension.

Note: It is also possible that your web host may complete this step for you. So I will suggest you confirm with the hosting provider before proceeding further. It will be best if you can wait 1 or 2 days, one mistake can make things messy.

Step 4: Install the certificate

How To Get HTTPS: Setting Up SSL On Your Website-Installing a cert
How To Get HTTPS: Setting Up SSL On Your Website-Installing a cert

Next, you have to install the SSL certificate on your host server, which is the easiest step in the whole process. You have to open the cPanel or WHM, whichever is applicable in your case and paste the file content on it. In the case of WHM.CPanel, select Install an SSL Certificate under SSL/TLS menu. Paste the content in the main box and press Submit button. Now you can access your website by putting https:// before the URL of your website.  

Note: It is also possible that your web host may complete this step for you. So I will suggest you confirm with the hosting provider before proceeding further. It will be best if you can wait 1 or 2 days, one mistake can make things messy.

Step 5: Implement Strict Transport Security Header (STSH)

One optional precautionary feature that you can implement on your website is STSH. For doing this, you have to add Strict Transport Security header. Which will force the browser to fetch all subsequent pages or requests from the same secure HTTPS host even if you have linked it to HTTP. For NGINX host, you have to add the following code to your host:

# This forces every request after this one to be over HTTPS
add_header Strict-Transport-Security "max-age=31536000";

This code is applicable only for Apache server and for other servers you can visit Wikipedia page based on Strict Transport Security header. If you have sub-domains running then you can also add them.

Step 6: Update All Website Links To HTTPS

If you completed following steps accurately your website will start loading on replacing http:// with https://. Congrats on successfully installing the SSL certificate and enabling HTTPS on your website. But traffic coming to your website is not secure yet.

Now you have to make sure that users are passing through HTTPS protocol. Typically you only needed to secure pages, managing sensitive data like login or registration page and payment gateways etc. If you are running an e-commerce website, perhaps you have it installed already. But as we mentioned above, Google has updated its search result ranking algorithm. If you want to stay at a reasonable position on the front page then you should redirect all pages, images, JScripts, and posts to HTTPS from HTTP.

If you don’t want to redirect every single link on our site manually. You can just use the server level redirect from HTTP to HTTPS. You can do this easily by adding a code snippet to the top of the .htaccess file by going to Theme Editor or in web host’s File Manager. For Apache you need to add following code:

 

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

For NGINX, we implement it by defining two servers, secure one listens on Port 443 and a simple server who listens from Port 80. Use this code:

server {
listen 80;
server_name yoast.com www.yoast.com;
return 301 https://mobiviki.com$request_uri;
}

By using above script you can easily redirect all your traffic to the HTTPS version of the pages or posts.

Additional Tips

  • Getting HTTPS installed successfully doesn’t mean that data on your server is also secure but it only protects the data transmission between browser and server. For protecting the data on the server you have to take extra actions like encrypting database etc.
  • If you are serious about this and want to get the full benefits, then it is better to invest in Extended Validation certificate which gets you a green lock icon in the address bar. The EV isn’t expensive either as NameCheap provides offers EV SSL in just $139 for a year.
  • If you are on a budget, try domain validation certificate, which costs you only $9 for a year.

Conclusion

If you have completed all the above steps carefully and accurately then congrats! Now you have a secure website where users can share their data without fear of hackers sniffing it. Also, you will also get the trust of search engine bots, looking for information. Migrating site from HTTP to HTTPS is a time taking task but you can use help available online. Google has help pages to guide you through the recommended process of converting to HTTPS.

Well, that was the whole process on how to get HTTPS: setting up SSL on your website, if you have any queries, leave comments in below section and share with your blogger friends!

 

Have Any Comments