Google recently announced that it will start warning Google Chrome users that they are visiting an unsecure website. An unsecure website is a website that doesn’t have HTTPS (Hyper Text Transfer Protocol Secure). This tutorial will teach you how to install an SSL certificate and make your website secure with HTTPS.
What is an SSL Certificate?
When you try to open a website with an HTTPS connection, the website will send its SSL certificate to your browser. The SSL certificate contains the public key necessary to start the secure session. Based on this initial exchange, your browser and the website will then initiate the “SSL handshake.” The SSL handshake involves the generation of shared secrets to establish a unique and secure connection between you and the website.
HTTP vs HTTPS
Any communications that are transmitted through an HTTP connection are in “plain text” and can be read or intercepted by a hacker. This is dangerous if the communication includes sensitive information such as credit card numbers.
With an HTTPS connection, all communications are encrypted, so if a hacker manages to break into a connection, he will not be able to decrypt the data that passes between you and the website.
How to Install an SSL Certificate
Step 1: Purchase an SSL certificate from a reputable vendor such as SSLs.com (owned and managed by Namecheap). For this tutorial, I purchased a Comodo PositiveSSL certificate which is good for small websites.
Step 2: Activate your brand-new SSL certificate.
Step 3: Generate a Certificate Signing Request (CSR) using this free tool.
Step 4: Copy the generated CSR code as well as the 2048-bit RSA key and save them as a plain text file using Notepad. You will need them later.
Step 5: Enter the CSR code into the SSL activation page.
Step 6: Choose the type of server where you will install the certificate. In most cases, it’s Apache so choose “Any other server.”
Step 7: Verify your domain ownership either by uploading a file or receiving an email.
Step 8: Enter your company contact information.
Step 9: Complete the activation by uploading the activation file to your website’s root directory or by receiving an email.
Step 10: Once your SSL certificate is activated, you will receive an email from the issuer. Download the zip file containing SSL certificate and the Apache bundle file.
Step 11: Log in to your website’s Cpanel and go to the SSL/TLS section.
Step 12: Click “Manage SSL sites.” You will be presented with a form where you will enter your certificate.
Step 13: Copy and paste the SSL certificate that you downloaded in Step 10. Enter the 2048-bit RSA key too, although this is optional.
Step 14: Click “Install Certificate.” It will confirm that your certificate was successfully installed. Click “OK.”
Step 15: In this page, you will be able to manage your SSL certificate.
Step 16: On your WordPress settings page, change the WordPress address and site address to “https” as shown in the screenshot below.
If you’re not using WordPress, you might have to edit the .htaccess file to force HTTPS for your website.
That’s it! Your website is now in HTTPS. If you see an error message that says “Your connection is not private,” please wait a little longer as it takes some time to completely propagate.
If you have questions on how to install an SSL certificate on your website, please comment below and I will do my best to help.