Enabling SSL on your Website

L

LPTechs

New member
With the new security protocols and requirements the world is seeing now, SSL certificates are becoming more in demand to keep the site secure.

SSL (Secure Sockets Layer) is a standard security protocol for creating secured links between a web server and a browser in an online communication. All this means is that any information collect on your website is encrypted nd protected.

You only need to worry about using this if you website collects private information like credit card payments, email addresses, etc.

What you first need to do is install an SSL certificate on your website. You can do this through any 3rd party website that installs it or you should be able to get one through your hosting company.

Once that certificate is installed, you can put this code in your .htaccess file to turn your domain into a https:// instead of a http://

Here is the code:

# Force SSL connections
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
 
Let's just clarify something.

SSL encrypts the transmission of data across a network connection, so it cannot be overheard.

Once on the server it's unencrypted.

It does NOT mean that the data on your website in encrypted.
So if your site is vulnerable, SSL will not help it.
 
LPTechs said:
You only need to worry about using this if you website collects private information like credit card payments, email addresses, etc.
Click to expand...

Not entirely true. With the new changes coming from google, all sites should have https for the added security and be viewed as "trusted".

With the widespread use of auto-SSL/Lets Encrypt its quickly becoming the norm.
 
 
The first step is to determine which type of certificate you need – and how many. You might need different SSL certificates if you host content on multiple platforms, such as separate domains or subdomains.

As for cost, an SSL certificate will cost you anywhere from nothing (Let’s Encrypt offers free SSL certificates) to a few hundred dollars per month. It usually averages around $50 per month per domain. Some CMS providers (like HubSpot) have SSL included, so check with them before making any moves.
 
If you want to encrypt just one domain (i.e. not multiple sub-domains) then simply get a free certificate from LetsEncrypt

But if you run a site especially something that involves transfer of confidential information and to gain trust of users you can try a wild card certificate from GeoTrust it usually costs under $200 per year and you can issue certificate to unlimited subdomains
 
hostEONS said:
If you want to encrypt just one domain (i.e. not multiple sub-domains) then simply get a free certificate from LetsEncrypt

But if you run a site especially something that involves transfer of confidential information and to gain trust of users you can try a wild card certificate from GeoTrust it usually costs under $200 per year and you can issue certificate to unlimited subdomains
Click to expand...
I'm not so sure about the trust factor for the majority of clients - differing between a Lets Encrypt SSL versus a GeoTrust certificate. They are looking primarily for that lock icon before they purchase.
 
SenseiSteve said:
I'm not so sure about the trust factor for the majority of clients - differing between a Lets Encrypt SSL versus a GeoTrust certificate. They are looking primarily for that lock icon before they purchase.
Click to expand...

Only thing with free SSL you dont get any assurance badges and also they could be here today and gone tomorrow and you have no come back.
also looks at Lets Encrypt when they first started, they were given APis etc to create the cpanel plugin to offer free SSLs to cpanel customers and then all of a sudden cpanel formed an agreement direct with Comodo to offer their AutoSSL which is enabled as default so automatically adding a free SSL to all cpanel domains and subdomains that did not have a paid SSL, which meant hosts that sold SSL certs lost out as why would a client order an SSl when they got one free without asking.
 
We all knows that even google has declare that websites with ssl certificate would be on priority for ranking. If you are providing your banking details and anything like that then you should check if website is ssl secured or not. It is most important to be a ssl secured website.
 
techperx said:
We all knows that even google has declare that websites with ssl certificate would be on priority for ranking. If you are providing your banking details and anything like that then you should check if website is ssl secured or not. It is most important to be a ssl secured website.
Click to expand...

The only main issue i see with free SSL certs is that sites selling counterfeit goods and looking like genuine sites will install free SSL so they look secure and people trust them as these sites wont install paid SSL certs.
So when it was a case of look for the padlock to make sure the site is secure, this info no longer is valid to check it a site is genuine or not.
 
Alot of hosts are providing default SSL and there are plenty of few SSL providers as well. Just figure out your requirements and choose accordingly.
 
LetsEncrypt captured the most low-cost SSL market, especially for website owners but high-end SSL are reliable for businesses and eCommerce platforms.
 
YouStable said:
LetsEncrypt captured the most low-cost SSL market, especially for website owners but high-end SSL are reliable for businesses and eCommerce platforms.
Click to expand...
The problem with free LetsEncrypt certs is it allows those with fake website to get an SSL to make them more credible
 
easyhostmedia said:
The problem with free LetsEncrypt certs is it allows those with fake website to get an SSL to make them more credible
Click to expand...
That happens with most of DV ssl certificates no matter its Sectigo or anything else. All you have to do is upload an HTML file or a DNS and its validation is completed that's why OV SSLs are better than DV SSLs.
 
You must log in or register to reply here.

Supporters

Back
Top