Getting Started with SSL Certificates
Today, a growing number of websites collect sensitive information, or otherwise wish to secure the transmission of information. The use of a SSL (Secure Socket Layer) certificate allows for the secure transmission of information between a visitor and the website.
There are three main types of certificates in use today which provide the visitor with varying degrees of assurance that their information is secure. The different types allow websites to select a certificate that best meets their needs. For example, an eCommerce website might want an Extended Validation (or Green Bar) certificate.
Ordering a SSL Certificate
Regardless of the certificate type, they all require some basic information to start the process. One of the differences between certificate type is the amount of information required for verification. There are several items required for even the most basic certificates:
- Certificate Domain Name(s) - This is the domain address that you want to secure. i.e. www.domain.com and domain.com. If you request www.domain.com the non www version is included free.
- SANs Addresses (if any) - Additional address(es) that are valid for a SSL Certificate in addition to the Certificate Domain.
- Point of Contact - Who should be listed as the certificate owner.
- Certificate Signing Request (CSR) - A file containing the relevant certificate information.
- Verification Contact - Who can be reached to verify the certificate request (typically chosen from a list of addresses, or in some cases alternative methods are offered).
You will find that more advanced certificates aren't instantly issued due to the fact that the Certificate Authority performs additional checks. They must satisfy that the requesting party is who they say they are. Once the verification process has completed, your certificate will be signed with the additional information, and issued.
The verification process helps to prevent malicious websites attempting to mimic a legitimate business such as your bank website. The verification process can take one to seven business days depending on the Certificate type and Authority.
Generating the CSR
In order to request a SSL Certificate you must first provide a CSR file. This file contains information that's required for generation of the actual certificate. This file must be generated on the webserver hosting the site, as the process also generates the keys needed for proper certificate functionality.
As the CSR file must be generated on the server, it's common for control panels such as cPanel to offer a generation tool. This simplifies the process while ensuring no information is missed. If you don't have a control panel to help generate the CSR file, GlobalSign® offers an online Certificate Signing Request Tool that provides you with the necessary server commands.
If you need help generating a CSR Request you can always ask our support for help. If your website is hosted with us, we will handle the entire installation process for you.
Installing the Certificate
The process of installing a SSL Certificate is fairly straight forward, depending on your server. cPanel accounts with a Dedicated IP Address are able to install certificates in cPanel. Otherwise you will need to request that support install the certificate for you.
If your server supports it the use of SNI can allow you to use a shared IP address with your SSL Certificate, however the use of a Dedicated IP Address is more common.
Enabling the SSL Certificate
Once a certificate is installed in cPanel it's enabled by default. If you want your website to be accessed through the certificate, simply change the address to https://domain.com. In some cases you may need to make changes in your .htaccess file. i.e. if you force normal traffic or redirect the domain name.
If you wish to redirect all traffic to use the SSL Certificate you can do so by adding a small bit of code.
RewriteCond %{HTTPS} !=on
The above line will check if the site is being accessed securely, and if not, it will execute the following rule(s). The full code would look similar to this:
RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]