Whether you have an online store or just want to increase consumer confidence, incorporating an SSL certificate is a task worth undertaking. Also, aside from the obvious security benefits, including an SSL (Secure Sockets Layer) on your site has an added SEO (Search Engine Optimization) benefit that has been verified by Google.
If you are considering the update there are a few considerations that require a little planning.
- What is a SSL Certificate and which type SSL Certificate do you Need?
- Updates to your hosting and expected downtime
- Forcing HTTPS utilizing HTACCESS (for Apache Servers)
- Updating Google Analytics for SSL
What is a SSL and which type should you use.
There are a number of levels to the different certificates, but we will only talk on the three most common here: Domain Validated Certificate, Wildcard Certificates and Multi-Domain Certificates.
Domain Validated SSL Certificate
The first is the Domain Validated Certificate and this is most common and least expensive of the three we will be writing on. This particular SSL certificate ties directly to your domain name and lets customers know that they are connected to a secure site (see the pad-lock in the browser url above) and is used when you desire secure communication between your website and its visitors. Typically, you’ll use this for e-commerce and securing forms, but we also like to note the added SEO benefit that will increase your natural seo page rank.
Wildcard SSL Certificates
A Wildcard SSL Certificate enables SSL encryption on multiple subdomains using a single certificate. Subdomains on the certificate must all share the same primary domain. The costs are more, but you can protect multiple subdomains and utilize a single IP address. Please note that when you use the Wildcard certificate in a cPanel or WHM environment you’ll need to “install” the certificate for each subdomain.
For instance,
example.com, blog.example.com, store.example.com, client.example.com and of course www. could all be secured using the same wildcard SSL as they all use the same primary domain.
Multi-Domain Certificates: UCC SSL
A Unified Communications Certificate (UCC) is an SSL certificate that secures multiple domain names and multiple host names within a domain name. A UCC lets you secure a primary domain name and up to 99 additional Subject Alternative Names (SANs) in a single certificate. UCCs are ideal for Microsoft® Exchange Server 2007, Exchange Server 2010, and Microsoft Live® Communications Server.
For instance, you have 5 different sites example-1.com, example-2.com, example-3.com… you get the picture, you can buy one certificate to “rule them all”… ha ha. The same process would be applied to the installation process for each domain:
1) Generate Private Key
2) Use Private Key to Generate Certificate Signing Request
3) Upload the Certificate (from the SSL provider)
4) Activate / Install – Varies from System to System
Planning the update to incorporate a dedicated IP, Activate the SSL and anticipated downtime
When updating to use an SSL certificate there are number of items you’ll need to be aware of before you begin. First, you’ll need to speak to your host provider to ensure that you can apply a dedicated IP address to your site. There is a “shortage” of IPV4 addresses so your host provider may require that you purchase and show the CRT file prior to giving you the IP address; it typically adds $1 to $3 per month to your hosting cost.
Once you have verified that you can apply a dedicated IP to your site and have purchased a SSL certificate (we purchase ours through GoDaddy.com or ENOM.com) you can go through the process of the Key generation and document the various items that will need to be updated to give your site the “lock”. Remember, all items on your site will have to be pulled in through the https address for the SSL to go into full effect. Most browsers will not display insecure content once they are using https
Google says this gives websites a small ranking benefit, only counting as a “very lightweight signal” within the overall ranking algorithm. In fact, Google said this carries “less weight than other signals such as high-quality content.” Based on their tests, Google says it has an impact on “fewer than 1% of global queries” but said they “may decide to strengthen” the signal because they want to “encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
Changing to a Dedicated IP Address Requires Time to Propagate
When switching to a dedicated IP, the IP address of your website will change, and the DNS will subsequently need to propagate (update) worldwide, which requires approximately 4 to 8 hours.
This means that some visitors will be able to view your website at the new IP address immediately, while others will not be able to see it for up to 8 hours after the change to a dedicated IP address. Planning ahead can minimize the impact. For example, we don’t recommend switching to a dedicated IP address when you are in the middle of a promotion or advertising campaign.
Different systems will allow a different amount of SSL certificates per account. In our case, we use Apache’s cPanel and WHM which only allows for one SSL certificate per cPanel Account
On all of our accounts that utilize cPanel (such as shared, reseller, certain VPS accounts & Linux dedicated hosting), there is a technical limitation of one SSL certificate and one dedicated IP per cPanel. If you would like to have more than one SSL certificate (for a different domain or subdomain), you will need to create another cPanel account.
Ok. Now you have the SSL certificate up and running, but your site still displays the
http:// vs. https. If you are on a cPanel account you’ll want to update your .htaccess file and make sure that you monitor your Google (and Bing if you really wanted to) Analytics; use your webmaster tools and create a new domain using the https:// for the best results.
To help you out we’ve included what we use for our primary site as well as how we update the .htaccess in the “root” folder to help the subdomains as well. We are using ExpressionEngine so we have bolded the items that you won’t need if you are using WordPress etc. The # in the code allows for the notes to be added so you’ll be able to see what each part does.
Helpful little site to locate any item that causes the lock not to show: https://www.whynopadlock.com/
HTACCESS Code
RewriteOptions inherit
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# Removes index.php from ExpressionEngine URLs
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteCond %{REQUEST_URI} !/system/.* [NC]
RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]
# Directs all EE web requests through the site index file
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
# Directs website to include www
RewriteCond %{HTTP_HOST} ^example\.com$
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
# This checks to make sure the connection is not already HTTPS
RewriteCond %{HTTPS} !=on
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e.
http://www.example.com/services/ to https://www.example.com/services/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# Directs All Parked / Alias Domains Web Requests to www
RewriteCond %{HTTP_HOST} ^yourparkeddomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.yourparkeddomain\.com$
RewriteRule ^(.*)$
https://www.example.com/$1 [R=301,L]
SEO Benefit to HTTPS
So now one of the primary reasons to use HTTPS if your not doing so for e-commerce; SEO. Google posted last year that the secure content will become a noted ranking factor and will help sites increase their rank; provided that they have quality content. You can read the full article here.
If you have a need to update your site, your hosting or just want to go over your options on your existing platform please feel free to contact us and we’ll be happy to go over any details.
92 West
13504 Stevens Street
Suite C
Omaha, Nebraska 68137
t. 402.620.2633
https://www.92west.com
We’re in the ideas business.
branding + graphic design + web design + mobile apps + seo