Installing HTTPS may seem like an incredibly complicated venture for the general layman, however, it’s not really too much trouble for webmasters to secure their website. Setting up an SSL (secure sockets layer) certificate will mean that all connections between your website and browser and encrypted, and this can be done by adhering to the following steps:
For the best security, SSL certificates require your website to have its own dedicated IP address, rather than a shared IP address as can be expected with many low cost hosting plans. By hosting your website on a dedicated IP you’ll ensure that any traffic going to the IP address is being directed to your website and no one else’s since your website will be the only one on the server. If you already have hosting, but on a shared IP, then you should speak to your hosting provider to upgrade your account to a dedicated IP address.
Buying an SSL certificate is almost like acquiring an ID card for your website that basically contains a type of password that’s exclusively linked to your site. This password essentially verifies that you are who you say you are and when people visit your website this password is checked, before encrypting all connections to and from your website and browser. Most popular browsers will conduct this verification using ‘Certificate Authorities’, which will have a copy of your password to confirm your website’s identity.
To activate the certificate you will have to generate a CSR through your web hosting control panel, such as WHM or cPanel. When accessed, go to the SSL/TLS admin area, select “Generate an SSL certificate and Signing Request”, and then insert your domain name into the “Host to make cert for” field, whilst leaving the contact email as blank. When this has been filled out, simply copy the first block of text then log into your account where you bought the certificate and activate it. Next, add your email address associated with that domain and follow the steps to obtain the cert as a .crt file.
If you’re happy enough to wait for a couple of days, then the best option to install the certificate is to ask your hosting provider to do it for you. However, if you’d prefer to install the certificate yourself, then all you need to do is paste the cert into your web host control panel. Once submitted, your website should now be secure and your site should now be visible at https://www.yourdomain.com. Be sure to make a note of when your certificate expires so that you can process a renewal and ensure to keep your website secure well into the future.
Now that your certificate has been installed with the HTTPS protocol enabled, you’ll need to update your site to ensure that your visitors are accessing your site through HTTPS. As such, you should first identify which pages you actually need to be HTTPS because if you enable HTTPS on pages that don’t collect sensitive data then it could slow the whole experience down for the user. Once you’ve decided which pages to enable HTTPS, you should ensure to put 301 redirects in place to ensure that all traffic is redirected from the HTTP to HTTPS version of your website.