Google recently announced that all websites must enable SSL or face punishment in the search engine rankings. In 2019, you cannot run a professional website without encryption. keep reading to learn how to enable SSl on your website.
The internet is a distributed Network. When information transmits across the internet, it goes out in small packets. At the start of the signal, the sender doesn’t know the route to the receiver, only his IP address.
The sender of the information sends out the packet of data with an address and passes it on to the next node. That node then looks at the address and passes the packet on to the next closest node. With this technique, information flows across the internet without having to be mapped from start to finish.
The point of this system was to make it resilient, particularly in a cold war dystopian nuclear exchange. The idea behind the internet was that the United States infrastructure could still work after nuclear attacks. Nodes don’t have to know the route. They only pass the information on to the next closest node, making the system harder to attack.
The obvious problem is that by passing the information on to the next closest node you have to trust them. They need to both faithfully pass the same data on to the next node in the chain and not snoop on private information.
This creates an opportunity for the so-called man in the middle attack. Imagine that data flows through a chain of nodes. All the nodes in the middle can read the data as it passes along the chain.
The solution to this problem is encryption. By encrypting the data into what is essentially gibberish, it doesn’t matter if the man in the middle looks at it. It’s only random noise.
With encrypted data, only the sender and the intended receiver can unencrypt the information. This is where SSL / TSL security comes in. Commonly, it’s referred to as SSL for Secure Socket Layer.
If you’re wondering how to make your website secure, an SSL certificate is the way to go. If you fail to install an SSL in 2018, Google will punish you in the SERPs.
An SSL certificate is a computer file with a bunch of numbers and letters. It is a key that proves two things:
Anyone can issue an encryption certificate. In fact, all modern browsers have the ability to run something called a self-signed certificate. The website that the browser is viewing issues the self-signed certificate.
A self-signed certificate provides encryption but doesn’t provide verification of the domain name through the issuing authority. Therefore, self-signed certificates or not acceptable for public-facing internet pages. They are for development purposes and on internal internets.
A Certificate Authority [CA] issues a standard SSL certificate and provides encryption and verification of a domain name. On most browsers when someone views these sites, a grey or green “validation padlock” image will usually appear in the URL bar.
In the European Union, the European Union technical Standards Institute [ETSI] grants the root certificate authority. ETSI authorizes commercial certificate authorities to issue SSL certificates. All major browsers recognize the CAs authorized by ETSI.
In the United States, the WWWC Consortium is the root authority for CAs. When you access a website on the internet, your browser will first check a list of valid CAs. If the certificate represents that it is from one of these valid CAs, then the browser will check with that CA to authenticate the domain.
An Extended Validation [EV] certificate offers an extra layer of protection for the consumer. The Certificate Authority verifies the domain manually. The Certificate Authority has a business relationship with the domain displayed by the browser.
On many browsers, extended validation certificates display an extra green bar and brand information in the URL bar. This is an optional feature of the browser. Browser companies have relationships with many certificate authorities. Between 100 and 300 come pre-installed in most modern browsers.
The process of installing an SSL certificate varies from vendor to vendor and operating system to operating system. However, there is a generalized process that you can use to install a certificate on most web servers.
The first step is generating a private key. This is the code the Certificate Authority will use to generate your certificate. Once they do that, they will send it to you to place on your server
If you want to know how to make a site secure, the easiest way is to have the pros do it for you. On a shared hosting platform or a VPS, you only have to sit back and relax while the site becomes encrypted. You could do it yourself, but why would you?
You don’t need to know how to get https if you hire a good hosting company. They will take care of all the technical details for you. Certificates have maintenance issues and must be renewed.
It’s a lot easier to hire a professional company to explain how to add an SSl certificate to a website.
Now that you know how to secure a website, you need to make a decision whether you want to do it yourself or have the pros do it. For the technically advanced it’s easy to enable SSL. It’s still a pain in the neck and something you might want to pay the pros to do.
Check out our blog for more great server management tips!