What are SSL certificates and how to use them

Google are increasingly looking to reward and prioritise secure sites that have SSL certificates (this is what makes a web address start with ‘https’ rather than ‘http’). Long term, making the switch can have a positive impact on your website and ultimately, your business.

What is an SSL certificate?

SSL certificates are data files used to secure card transactions, login details and other types of data. You may have seen some websites with HTTPS instead of HTTP, or a padlock, showing that the website is secure and has an active SSL certificate.

Sites like Facebook have an active SSL certificate as shown with the HTTPS and padlock.

Sites without an SSL certificate will display as not secure.

Why do I need an SSL certificate?

Not only SSL certificates are great tool to secure data transactions on your website, but Google has also recently announced that they would start giving a slight priority to websites that use SSL certificates.

Google is keen to push websites owners to switch to HTTPS, so even if the boost seems only minimal at first, we wouldn’t be surprised to see Google strengthening the importance of SSL certificates in the future.

A random search for ‘plumbers Glasgow’ shows that the first 4 results are HTTPS pages.

Rankings aside, SSL certificates are a great way to instil trust in your customers, which can be particularly important if you have an e-commerce website. Increased trust usually translates into better conversion rates!

Secure e-commerce sites can protect their customers’ data.

Where to buy an SSL certificate

An SSL certificate must be bought from a trusted Certificate Authority, such as GlobalSign or DigiCert for example. Browsers and operating systems usually maintain a list of trusted root certificates. All the main hosting providers (including us) can provide options to purchase SSL certificates through them.   There are different types of certificate with varying levels of complexity so make sure you get the certificate that is right for you.

Many sites like GoDaddy offer to purchase SSL certificates through them.

How to install your SSL certificate

Once you have purchased the certificates, you need to install them on your web server. It would usually be done through your hosting provider. Typically, you would need to log in and find the section for SSL certificates in your control panel or ask them to do this for you. If your website is using WordPress, it makes the process easier!

  1. Find a plugin that can make the changes (such as Really Simple SSL or WP Force SSL, for example) and use it to install your SSL certificate.
  2. Change your settings so that your web address starts with “https://”. This will redirect your secure content.
  3. Edit your .htaccess file to add the code below, making sure to use your website address instead of yoursite.com.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]

It is also extremely important that you let Google know that you now have your website parked at https:// rather than http:// .  It is usually regarded as a separate site.

There are loads of guides online that can guide you through the process. If this is getting too technical, save yourself the hassle of doing it and let Ubisan do this for you!