Mrkunlex
What is SSL?
The term SSL (short for ‘secure socket layer’) describes a technique for encrypting and
authenticating data traffic on the internet. With regard to websites, the transfer between the browser and webserver is secured. Especially when it comes to e-commerce, where confidential and sensitive information is routinely transferred between different parties, using an SSL certificate or a TLS (‘transport layer security’) is simply unavoidable.
Here are some examples of types of sensitive data that should be protected with SSL encryption:
Registration data: names, addresses, e-mail addresses, telephone numbers
Login data: e-mail addresses and passwords
Payment information: credit card numbers, bank details
Data entry forms
Customer documents
Using SSL helps keep communication safe from those looking to snoop into or manipulate personal data.
What is HTTPS?
HTTPS (‘hypertext transport protocol secure’) is the protocol used for secure data transfer, whereas HTTP refers to the non-secured variant. With HTTP websites, all transferred data can potentially be read or changed by attackers, and users can never really be certain whether their credit card data has been sent to the intended online vendor or a hacker.
HTTPS, or SSL, encrypts HTTP data and verifies the authenticity of requests. This process takes place via the SSL certificate or the more sophisticated TLS certificate. Most experts agree that TLS should be used in place of SSL.
The advantages of using SSL/TLS and HTTPS at a
glance:
Data protection and security for customers and partners
Minimized risk of data theft and abuse of personal information
Positive ranking factor on Google
Enables use of HTTP/2 for improved website performance
Certificates are easy for users to recognize and help to build trust
Tip
The green padlock that appears by HTTPS URLs is an indication that the website takes security seriously and this helps increase user confidence.
Converting websites to SSL and HTTPS
Developers have the option of configuring an SSL encryption for newly developed websites, and there are even options available for changing older pages to HTTPS. The first step involves acquiring the SSL certificate for the corresponding domain.
Obtaining the SSL certificate
An SSL certificate is a kind of website ID obtained through an official certification authority, or CA. The CA’s responsibilities include confirming the certificate’s identity as well as vouching for its authenticity. SSL certificates are deposited on the server and accessed
whenever a website with HTTPS is visited. There are different kinds of server certificates that vary in their identification:
Certificates verified by domain validation (DV):
These certificates have the lowest authentication level. For this measure, CA only checks whether the applicant owns the domain for which the certificate is to be issued. Company information is not checked during this process, which is why some residual risk
remains with domain validations. Because there is only one factor that needs to be verified, certificates
are normally set up quickly by the CA, making it the
least expensive of the three SSL certificate types.
Certificates with domain validations are best suited to
websites that rely less on their security reputations
and are known for being free of fraudsters or
phishing schemers.
Certificates verified by organization validation
(OV):
This kind of validation provides more comprehensive
authentication. In addition to domain ownership, the
CA examines relevant information, such as company
filings. Information that has been vetted by the CA is
accessible to website visitors, which
boosts the
site’s transparency. The somewhat demanding
nature of this certificate means that it can take longer
and be more expensive to issue this kind of SSL
certificate. What users gain, however, is a higher
level of security.
This certificate is best suited to websites where low-
level security transactions take place.
Certificate verified by extended validation (EV):
This certificate has the highest and most extensive
authentication level. In contrast to certificates verified
by organization validation, this process requires
company information to be even more thoroughly
scrutinized. What’s more, this certificate is only issued
by CAs authorized to do so. This exhaustive review of
the company achieves the highest security level of
any certificate and additionally increases the
website’s credibility. Following this, this certificate is
also the most cost-intensive of the three.
This certificate is ideal for websites that deal with
credit card information or other sensitive data.
In the following infographic you can check which
certificate is suitable for your website:
overview SSL certificates
Copyright by Symantec Corporation
Click here to download the infographic about the
different SSL-certificates.
Installation and configuration
The next step is to install the SSL certificate on the
server. Hosting providers often take care of this
step. The customer area of the provider’s site often
allow users to directly apply for the required
certificate, which is then added by the provider.
As a
1&1 customer, you can easily add an SSL certificate
to your existing webhosting package by following the
steps in the
control center. For many packages the
certificate is also included and installation varies
depending on the provider. Generally, providers or
certificate vendors supply the corresponding
installation guides. The following points are essential
for a seamless installation:
Correct certificates
Proper encryption
Appropriate server configuration
Mistakes and problems when converting
Some mistakes should be avoided when converting a
web presence. Heeding this advice can save you the
trouble of having to deal with ranking losses or
unavailable sites.
Website owners wishing to convert their sites to SSL
and HTTPS should therefore:
Avoid expired certificates: an invalid or expired
SSL certificate can lead to warning messages
appearing in the browser window. This sends the
wrong message to the user and can potentially
reduce website traffic.
Setting up the correct redirect: avoiding
duplicate content requires the webmaster to use
the
.htaccess trick-301redirect. Doing this helps
search engines avoid the pitfall of evaluating the
HTTP site and the HTTPS site as two different
websites and expecting different content from
them in the process.
Aligning advertising accounts (Google AdWords,
Bing Ads etc.):
embedding unencrypted content
(pictures, script, etc.) into an HTTPS site causes a
warning message to appear when the user
accesses the website, which can unnerve them.
This can particularly lead to trouble when placing
ads, as most advertisements are dispatched in
unencrypted forms, making it all the more
important to ensure that your accounts have been
properly aligned.
Converting Webmaster Tools and Google
Analytics:
in theory, HTTP and the HTTPS version
are actually two different websites; this is why the
HTTPS variant also needs to be registered in the
Webmaster Tool.
Updating XML Sitemaps: the sitemap also needs to
be updated and recorded in the Webmaster Tool.
Checking external and internal links: Even though
301 redirects may prevent corrupted links, all
internal links should still be changed after
converting to the HTTPS protocol. Depending on
how the content is added to the CMS, carrying out
this step manually may be an unavoidable chore.
For external links, it’s best to adjust the most
important links (e.g. those with significant page
authority) to the new HTTPS address.
Read More Here:
https://www.1and1.com/digitalguide/websites/website-creation/how-do-i-convert-my-site-to-ssl-and-https/
