If you are an enterpreneur, then you definitely need a website, and that website simply must have an SSL Certificate if you are selling anything or collecting any sort of private information from your customers. While this post isn’t about why you should have a website, you should understand that having one is crucial to your success as an enterpreneur. I will cover this topic more in a future post. However, for now let’s focus on the certificate itself, what it means, why it’s important, and how to get one. If you ask the all-knowing Google about a SSL Certificate you’re going to be buried in a sea of information. As such, this post isn’t meant to be an exhaustive tutorial on SSL Certificates, but rather a general overview with plenty of useful information and links to put you on the right path to web security.
What is an SSL Certificate?
If you’ve never heard the term “SSL” before, it stands for “Secure Socket Layer” and in basic terms encrypts sensitive information such as credit card numbers, passwords, and usernames sent across the internet so that it can only be understood by the intended recipient. A website with a properly configured SSL Certificate will use the HTTPS:// designation (which stands for HyperText Transfer Protocol Secure) as opposed to HTTP:// in the websites URL. In addition, you will usually see a closed or locked padlock if the site is secure and an open or unlocked padlock if it isn’t. These padlocks will have different colors in various browsers, but the important thing to notice is if it is locked or unlocked when you visit a website.
Why is an SSL Certificate Important?
As I alluded to above, an SSL Certificate is important because it protects sensitive information. When a credit card number, for instance, is entered into a form on a web page it is sent from one computer across multiple other computers (aka: servers) until it reaches the destination computer. And, any computer in the link can “see” the number if it isn’t encrypted. This encryption is what protects your data from hackers and identity thieves. So, as you can see, having an SSL Certificate on your site can be very valuable to your visitors as it shows you are protecting their sensitive information – you are a safe and trustworthy business. Likewise, you should never enter your own sensitive info into an unsecure site.
It should also be noted that even if you aren’t collecting sensitive information from your visitors, your SEO (Search Engine Optimization) rankings could plummet. This is because Google now requires secure data within all Chrome browsers and will mark any site without HTTPS as insecure. Therefore, if Google believes your site isn’t secure, it will notify your visitors and potentially scare them away which is exactly the opposite of what you want. Read more on why Google is requiring site security, how SSL Certificates impact SEO rankings, and how Google manages unencrypted websites.
Where to get an SSL Certificate and How to Install It
As we explore certificate options, keep in mind it is usually much better (and easier) to install a certificate on a brand-new website – that is, one with no content on it. This is true since a site with content is filled with URLs for pages, posts, images, tags, categories, and more. And, all of these links will have to be migrated from HTTP to HTTPS. If a single link is left as HTTP, your site will still display as insecure. Don’t sweat this too much as it’s a bit simpler than having to scan your entire site and update numerous links. Read on.
Since most people reading this likely have a site up and running, I will cover the basics of installing and activating a certificate on an existing site. It is worth noting that simply installing the certificate does not make your website secure. It must be configured properly for the security to be enabled.
Perhaps the best place to get an SSL Certificate is with your current web host. All quality web hosting companies will have SSL Certificates available for purchase. Most will also help you install and configure them, but may charge for this service in addition to the cost of the certificate.
When looking for a certificate to add to your site, you may run across several options including single domain, multi-domain, and wildcard. For the majority of folks reading this, you’ll need a single domain certificate. However, if you would like to know more about choosing the right one for your needs, read this Beginner’s Guide to SSL Certificates from the internet security experts at Symantec, and this List of Different Types of SSL Certificates from Search Engine® Journal.
Configuring Your SSL Certificate
If your web host doesn’t offer configuration of the certificate or you would prefer to save money and configure it yourself, you can use a third-party plugin such as Really Simple SSL. This plugin is designed for WordPress websites, as are others like it. Once your SSL Certificate is installed you’ll need to go into the back end of your website through the admin panel and click on the “Plugins” tab on your dashboard. Once there, click on “Add New” and search for Really Simple SSL. Click to install the plugin and then activate it. Once active, one click will direct the plugin to automatically detect your settings and configure your website to run over HTTPS.
One tip I will offer here is to make sure you do the certificate configuration at a time when you aren’t experiencing high traffic to your site. This will greatly slow down the process and may cause your site to crash. You’ll also want to give your site time to make sure everything has been configured properly before running any Facebook ads or pushing out a new product or service to your email list.
Once the SSL Certificate is installed and configured, your website should indicate it is secure with a closed padlock. If not, you may need to manually search for and update a few things. Some items to look for would be links to PDFs or images within text boxes or widgets which could be in sidebars and/or footers. Your CSS editor may also have links that weren’t updated properly during the install and configuration steps. Essentially, all the links on your site should have been updated to HTTPS URLs.
