Inspired by a blog post I was reading recently, I started having a play around with an SSL cert.
An SSL cert is what enables a website to encrypt the traffic to and from the end user. This improves security and trust, and I’ve read that it also improves your search rank in Google. The most notable difference to a web site visitor is that the URL of the site changes from http:// to https:// and a little padlock symbol is displayed next to the URL in the address bar.
Some SSL certs can be really expensive to buy. The ones from my own hosting provider range from €30 to €700 a year, depending on the type of cert you want. However by shopping around a bit on the web, I came across SSLs.com who sell certs from as low as $5 a year!
Buying the cert is the easy bit. Configuring it and installing it is a bit more tricky, and I couldn’t find any easy instructions online.
- First of all you need to generate a CSR (Certificate Signing Request). When generated it looks like a really long string of random letters and numbers. Often you need to ask your web host to create the CSR for you, but I found this tool from SSL Store to generate mine. Make sure you keep the CSR and Private Key safe!
- Back at SSLS.com you then need to activate your SSL cert – and you will be prompted to enter the CSR. Copy and paste the full value into the box provided. The SSL cert will then be generated and emailed to you in a ZIP file.
- I installed the supplied SSL cert myself using my web host’s control panel. Make sure you install all the certs provided, together with the Private Key you supplied earlier. In the ZIP file you’ll find your domain cert and three CA certs. Install them all.
The cert should now work for your domain, and you should be able to view your site securely using https at the start of the domain.
For my WordPress site, I also installed the WP Force SSL plugin to automatically redirect non-secure traffic to the secure domain.
Anyway, so it all works, and my richardbloomfield.com site is now encrypted and secure!