Have you ever tried to visit a website and been shown a warning message by your browser “Your connection is not secure…”
Your browser usually then goes on to list what could happen to your data and discourage you from visiting that site.
You might have noticed that these websites don’t have a ‘lock symbol’ just before the website URL.
This lock symbol and a https prefix (instead of http) are what indicate that the website you are trying to visit has a valid SSL certificate installed, meaning the data that you exchange with the website is encrypted.
But we are getting a little ahead of ourselves here. So let’s start with the basics.
Table of Contents
Before you begin…
If you are not already familiar with these terms, it will help to understand what HTTPS and SSL mean, and why it is important for you to implement it.
HTTP vs HTTPS Protocol
HTTP (HyperText Transfer Protocol) is a way for browsers to exchange data with a website. The browsers uses the HTTP protocol when a website’s link is prefixed with http. For example, http://yourwebsitename.com.
HTTPS (HyperText Transfer Protocol Secure) is a protocol that’s very similar to HTTP, but with a very important difference. HTTPS forces the exchange of data to be encrypted, which makes your website safer, for you and for your website’s visitors as well.
What is SSL and TLS?
Secure Sockets Layer (SSL) is a protocol that helps two devices to communicate. Transport Layer Security (TLS) is a newer, improved version of SSL that includes fixes for some of SSL’s loopholes. If you want to know more about SSL vs TLS or their similarities, there’s a really well-written article about SSL and TLS on the Amazon AWS blog that you can read.
What is an SSL certificate?
The technical definition of an SSL (Secure Sockets Layer) certificate is that it is a digital certificate that creates an encrypted connection between the website’s server and the client browser.
In other words, an SSL certificate is what keeps hackers from viewing or manipulating sensitive or private data that is exchanged between your website and a customer’s browser easily.
Why get an SSL certificate / HTTPS?
An SSL certificate makes sure the data transferred to and from your website is always encrypted. When data is encrypted, it is harder for hackers to read or change. Which is why you should always make your website use HTTPS via a SSL certificate.
How to get an SSL certificate?
To make sure your website uses HTTPS, you need to install a SSL or TLS certificate. Also, in most cases the SSL certificate will have an expiry date. So after you install it, make sure you note down your certificate’s expiry date. You have to renew it on time, before it expires.
There are two ways to get a SSL certificate –
From your Hosting Provider
Check with your Hosting Provider if they can help you with getting a free SSL certificate or getting one for a nominal fee.
Here’s a list of hosting providers that offer free SSL certificates (if you host with them)
- BlueHost offers a free SSL certificate with all its Shared Hosting plans.
- Hostinger offers unlimited free SSL certificates for lifetime, from Let’s Encrypt.
- WPEngine also gives you a free SSL certificate from Let’s Encrypt
From a Certificate Authority
Look for Certificate Authorities like DigiCert , SSL.com or Let’s Encrypt (for free SSL certificates), buy a SSL certificate from them and install it on your website.
In Conclusion
Irrespective of whether you manage a hobby blog or an e-commerce website that handles sensitive customer data like payments or personal details, you should take every precaution to make your website as secure as possible.
And making your website use HTTPS, is literally the least (and probably most important thing) you can do.
Next – Quick guide that shows you how to switch from HTTP to HTTPS.