SSL, or Secure Sockets Layer, is an encryption service that prevents hackers from eavesdropping on sensitive information sent between computers. If you want to create a secure login for your visitors, you need to protect your website so that email addresses and other valuable information aren’t stolen. SSL encryption is sold by companies called Certificate Authorities (CA). Certificate Authorities issue certificates that assure customers their information will be protected and the website is not a scam. Don’t give sensitive information to sites without an SSL certificate!
The security status of Internet sites is visible on the location bar, left of the Web address. There are several symbols that represent the safety of Web addresses. A gray lock symbol means the sites has been secured with an SSL. The green lock symbol means the site has been secured and the company has been verified, meaning the company is not a scam.
Securing Your Site
In order to secure your site, you need to install an SSL certificate. You need to first create a key.
Creating a Key
A key will decrypt information encrypted by an SSL. Follow these steps to create a key.
1. From your cPanel, in the Security section, click SSL/TLS.
2. Click Generate, view, upload, or delete your private keys.
3. In the Generate a New Private Key section, type a description of your key in the Description box, and then click Generate.
4. Your key appears.
Generating a Certificate Signing Request (CSR)
Now that you have a key, you can generate a Certificate Signing Request (CSR). You can send this request to a Certificate Authority to receive an SSL to protect your site. Follow these steps to generate a CSR.
1. From your cPanel, in the Security section, click SSL/TLS.
2. Click Generate, view, or delete SSL certificate signing requests.
3. Complete the form to create a new CSR. From the Key list, select the new key you just created. If you don’t have a company name or company division, type Not applicable or your domain name.
4. Click Generate.
5. Your CSR appears. Copy the information in the Encoded Certificate Signing Request box. When you apply for an SSL certificate from a Certificate Authority, this information will be requested.
Choosing an SSL Certificate Authority
A third-party Certificate Authority can encrypt and protect your site. A certificate will assure users their information won’t be stolen and your site isn’t a scam. When choosing an SSL Certificate Authority, there are many options. Most options involve a cost to you. A free option, StartCom is good for test purposes or to encrypt a little bit of personal information. It is powerful enough to be used to secure a site login area. Please note that because it’s a free service, StartCom is difficult to manage and the SSL may be difficult to install or have glitches. If interested in obtaining an SSL certificate from this Certificate Authority, follow the instructions on its website.
Generally, the more you pay for a certificate, the more secure your site will be. More expensive certificates such as Symantec and DigiCert are more widely recognized by users as being secure. The certificates come in contract of one to three years, and can be renewed. Buying a more expensive model will give your Web address bar a green lock or green security bar. To give you a high-security SSL certificate, the Certificate Authority will go through a more rigorous process of ensuring you are a real person and your site is legitimate. For example, you may be contacted personally via phone to verify your personal information.
Other certificate, called Wildcard certificates, protect not only your site, but any sub-domains included in your site. These certificate are about quadruple the price of regular certificates.
Creating a Self-Signed Certificate
You can create a self-signed certificate to temporarily protect your site while you wait for your certificate to be authorized. Note, this is only a temporary solution; users cannot be assured of the security of a self-signed certificate. Your website may still appear as insecure to users until you receive a valid certificate from a Certificate Authority. Follow these steps to create a self-signed certificate.
1. From your cPanel, in the Security section, click SSL/TLS.
2. Click Generate, view, upload, or delete SSL certificates.
3. In the Generate a New Certificate section, complete the form. In the Key list, select the new you key you just created or generate a new one. If you don’t have a company name or company division, type Not applicable or your domain name.
4. Click Generate.
5. Your new certificate appears. Click Installer to install the certificate.
Uploading a New Certificate
Once you’ve received your official certificate, you can upload it to your site. Follow these steps to upload your new certificate.
1. From your cPanel, in the Security section, click SSL/TLS.
2. Click Generate, view, upload, or delete SSL certificates.
3. Your Certificate Authority should’ve send you a zipped file or a long block of text. If you received a zipped file, upload it by clicking Choose File, and then clicking Upload Certificate. If you received a long block of text, type the text into the Paste the certificate into the following text box box, and then click Save Certificate.
4. Your certificate is uploaded and is saved to your cPanel; however it is not activated yet. You need to install the certificate to your site.
Installing a Certificate
Follow these steps to install your new certificate on your site.
1. From your cPanel, in the Security section, click SSL/TLS.
2. Click Manage SSL sites.
3. Your currently-installed certificates appear. Click Browse Certificates.
4. Select the certificate to install, and then click Use Certificate.
5. The certificate information is automatically imported. Click Install Certificate.
Redirecting Your Website
Once you’ve installed an SSL certificate, you may notice your website still doesn’t have a lock symbol. This is because your site needs to be redirected to its new secure address: https://domainname. HTTPS stands for Hyper-Text Transfer Protocol Secure. Secure is the key word. Follow these steps to redirect your site.
1. From your cPanel, in the Files section, click File Manager.
2. Open the folder named public_html. Locate the file named .htaccess. If you can’t find the file, go to your settings and make sure the Show Hidden Files box is selected. If not, select it, and then click Save.
3. Once you’ve located the .htaccess file, click Code EditorTools panel.
4. The code of this file appears in a new window. You’re going to replace the code here. Replace the code on lines five through 10, starting with RewriteEngine On and finishing with Rewrite Rule . ?index.php.
5. Copy this text:
RewriteEnging On
RewriteCond %{HTTP_HOST} ^yourdomain/.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
6. Highlight the text on lines five through 10 in your code editor and replace it with the copied text. Make sure you replace the yourdomain text with the name of your real domain. The purpose of this edit is to force anyone trying to access your website to be redirected to your website’s secure URL: its HTTPS address.
