SSL was important before, in 2017 it's essential. What is SSL?SSL Stands for "Secure Socket Layer". It is the industry standard for web security technology and is accepted globally. As the name suggests, SSL establishes an encrypted link between the web server and the browser.It is the reason some site urls are prefixed by 'https' (instead of 'http') and a green padlock.
How does this help my site?
This secure link ensures that all data passed between the web server and browser remains private and integral. Due to this encryption, even if your data gets stolen by a hacker, it would be gibberish to him.
Do you need it?
The answer is really simple. If your site is taking data from the user or sending him important data, then your site should implement SSL. With this benchmark in mind, most of the websites on the internet should implement SSL. This is because most websites today have login capabilities or at the least accept user email for newsletter subscription.
Why is 2017 the year of SSL?
Google has always been partial to non-SSL websites. But now it is aggressively distinguishing SSL from non-SSL websites. They are doing this by allocating a piece of Chrome address bar to identifying secure sites. An SSL implemented site will get a green padlock along with the words "Secure" shining in their address bar. (Refer to the image above)In the future, Google will also use this space to identify non-SSL websites, where it would explicitly show the words 'Not Secure' for a non SSL website.
How is SSL implemented?
SSL is implemented by virtue of certificates. In this, a Certificate Authority (CA) issues an SSL certificate to a domain. The Domain owner has to send a Certificate Signing Request (CSR) to the CA. This CSR is then processed by the CA to produce an SSL certificate.This SSL certificate awarded is the batch of assurance to the end user. A visitor viewing an SSL certificate on your website can be rest assured that his precious information will be handled carefully.
Types of SSL
SSL certificates are of three types. They're classified on the basis of the level of verification done to get the certificate. They are:-
- Domain Validated certificates (DV)
- Organization Validated certificate (OV)
- Extended Validation certificates (EV)
Let's dive deep into the various types.1.Domain Validated certificates (DV)In this type of SSL certification, the CA checks if the applicant has the right to use a specific domain. In DV certificates no company verification is carried out.When a website receives a DV certificate, a green padlock along with the words "secure" are loaded in the address bar.
2.Organization Validated certificate (OV)In OV certification, CA does a little company verification along with checking the applicant's right to use a specific domain.The applicant also receives a green padlock in this case. Along with this some CAs provide the applicant with secure site seal
3.Extended Validation certificates (EV)In EV certification, the CA does extensive verification on the organization applying for the certificate on top of domain verification.This verification includes an array of audits and checking of records. This verification is also repeated on a yearly basis to ensure the existence of the organization. This is ideal for a website which deals with monetary transaction.An EV certified website gets the name of the organization along with it's location, shining in green on the address bar.
How do I implement SSL on my website?
I've classified the installation into two types:-
- Paid Implementation
- Free Implementation
Are you wondering why would one go for the paid implementation when there is a free alternative?That's because the free alternative (Let's Encrypt) is fairly new, not compatible everywhere and is only applicable for DV certificates.Let's dig in.
1. Buy SSL certificate from your hosting
2. Ask the hosting to set up the ssl certificate (Free of cost, well mostly)
Free implementation of SSL is provided by a CA named Let's Encrypt. It was launched on April 12, 2016 and since has been dedicated in providing free DV SSL certificates.
If you have shell access
1. Check hosting software and hosting OS
2. Go to https://certbot.eff.org/
3. Select the hosting software and hosting OS
4. Copy the displayed commands
5. Go to shell in your hosting
6. Implement the copied commands
7. Use really simple ssl plugin (https://wordpress.org/plugins/really-simple-ssl/) to redirect to https:// and to remove duplicate content.
If you don't have shell access
1. Go to the list of hosting providers and check if your hosting provider is listed. (https://community.letsencrypt.org/t/web-hosting-who-support-lets-encrypt/6920)If your hosting provider is listed.
2. Go to your hosting and click on “Let’s Encrypt SSL”
3. Choose the domain/subdomain you wish to cover with a certificate to and click on the Issue button next to it.
If your hosting provider is not listed
2. Choose from one of the other Let’s Encrypt ssl clients here- https://letsencrypt.org/docs/client-options/Recommendation - https://zerossl.com/
3. Click start under “FREE SSL Certificate Wizard”
4. Go to your hosting and click on SSL/TSL
5. Now click on private keys
6. Generate a new private key by clicking on generate
7. Now go to CSR and generate a certificate signing request by the selecting the key made and enter the required info
8. Copy and paste the generated CSR in the https://zerossl.com/free-ssl/#crt inside “paste your CSR” and enter your domain name in the domain section
9. Check zerosll, let’s encrypt TOS and DNS verification. Click next to generate your CSR
10. Download the key for safekeeping. You’ll be taken to the DNS verification page, from here copy the TXT records and paste them into your DNS records
11. Click next and you’ll be provided with your certificate
12. Copy this certificate and upload it into your list of certificate
13. Use Really Simple SSl plugin (https://wordpress.org/plugins/really-simple-ssl/) to redirect to https:// and to remove duplicate contentAnd you have a SSL enabled website.So don't wait any more, follow these steps and get yourself a SSL enabled website. And don't forget to enlighten us with your SSL related suggestions and queries in the comment section.