Which company provides a positive SSL certificate?

Setting up an SSL certificate: step by step to the encrypted website

Since Google declared "https" a ranking factor in August 2014 at the latest, website operators should find out how encryption of their website works. Since January 1, 2017, secure connections have also been identified by specifying "https" in front of the URL in the SERPs. However, there are still numerous websites that are offered without SSL encryption. In this article we will show you how to set up an SSL certificate for your website and what you should pay attention to.

Which steps are necessary for SSL encryption?

  • Think about which SSL certificate you need.
  • Buy the certificate from a provider.
  • Install the SSL certificate on your server.
  • Select which folders, subpages, etc. should be encrypted.
  • Check the SSL encryption with a tool.

What is ssl

SSL stands for "Secure Socket Layer" and is an encryption protocol. Strictly speaking, SSL is the previous version of TLS (Transport Layer Security), but the term SSL is used for both versions. TLS is a modified variant of the last version of SSL, with which some critical vulnerabilities of SSL have been eliminated. The use of an encryption protocol ensures that data transmissions are encrypted and therefore more secure.

What happens with SSL encryption?

When a website is secured with SSL, the connections between a client and the server are encrypted. This means that visitors can access your website securely with their browser and, for example, enter data when ordering, without third parties being able to read it. In order to establish a secure connection between the browser and the server, the browser asks the server whether it belongs to the called domain. To confirm this connection, an SSL certificate is required, which is a kind of proof of legitimation for the website.

The required SSL certificates are issued by so-called "Certification Authorities" (CA) or "Certification Authorities". If the SSL certificate is issued for a publicly accessible website, the relevant CA first checks all the information on this page. The certificate can then be viewed publicly and deposited with the CA. To create the encryption, the public key is first used to secure the transmitted information. This data can only be decrypted with a second key that is stored on the certified server.

Select the appropriate SSL certificate

There are several SSL certificate providers authorized by the CA Security Council. The CASC is an interest group that wants to increase security on the Internet. Well-known providers of SSL certificates include GlobalSign, Geo Trust, Symantec, AlphaSSL, RapidSSL and Thawte.

When choosing the right SSL certificate, it is important whether the domain to be protected is publicly accessible or not. Public SSL certificates can only be issued for public domains, as the certification authorities cannot clearly assign the ownership of private servers or an intranet. For this reason, the following is mainly about the SSL certificates of publicly used websites.

SSL certificates are available with different levels of trust. It is important how much information a transmitted file contains and how strongly it is protected.

There are basically three different SSL certificates available:

1. Extended Validation (EV) - highest level of encryption

2. Organization Validated (OV) - medium encryption level

3. Domain Validated (DV) - lowest level of encryption

If you want to decide on a certificate, you should first ask yourself how much security and trust you want to offer your visitors. Also keep in mind how strong your brand is so far. For example, your brand can be linked to the certificate and all domains published under the brand are protected.

1. Extended Validation or EV Certificate

In order to obtain this certificate, a large amount of information is requested from the issuing bodies. The criteria are considered to be the strictest that must be met in order to receive SSL encryption. Not only a single page is certified, but the entire company.

The EV certificate gives visitors the security that your website is operated by your company and that connections to these domains are secure.

2. Organization Validated or OV Certificate

These SSL certificates also contain an authentication of your company. In order to receive the certificate, the respective company checks some of the data that you provide. However, your information is not highlighted as strongly as with the more extensive EV certificate. If visitors want to see this data, they have to call up the individual details separately.

3. Domain Validated or DV Certificate

A DV certificate also encrypts your website using SSL. But the certificate actually contains significantly less data about you and your company. The DV certificate is only a validation that you are the owner of the website and actively manage the site. However, such a certificate does not confirm that it was issued specifically for your company or that your site is actually operated by your company. It is therefore recommended, especially for online shops or other commercially operated websites, to use at least the OV certificate.

Illustration 1: Infographic for setting up a Ryte SSL certificate.

One domain or several?

In the next step, you should check whether you only need SSL protection for one domain or for a whole range of domains. If you only want to secure one domain, a single domain or so-called "standard certificate" is sufficient. You can choose between the three authentication levels here.

If several domains or subdomains are to be secured using SSL, you can choose a multi-domain or wildcard certificate. Initially the costs will be higher than for a single certificate, but overall it is cheaper if you protect several domains with a multi-domain version. The certificates for several domains are also called "Subject-Alternative-Names-Certificates", SAN certificates for short.

Integrate the SSL certificate

If you have purchased the SSL certificate from a provider, you will usually receive instructions from them on how to implement it. But the steps are always similar:

  1. Install the SSL certificate on your server. If you don't use a dedicated server, some web hosts offer an SSL solution with just a few clicks. How the SSL certificate is implemented depends on your server type. You can find a good overview of the installation of the SSL certificate on different servers such as Apache or Exchange here.
  2. Then select which pages, subdomains or domains should be protected with the certificate.
  3. Access your pages with different browsers. Show you whether elements are still being loaded without SSL encryption. With an SSL checker like the one from sslshopper.com you can check for free whether your SSL connection is implemented correctly.

Checklist - You should pay attention to these six points

    ✓ After installing the SSL certificate, remember to set up a 301 redirect from your website with http to https

This will prevent Google from continuing to index both versions. Otherwise, due to duplicate content, the Googlebot does not know which version should be preferred. This can ultimately damage both versions in terms of their ranking.

In Ryte's individual page analysis, individual URLs can be randomly checked for SSL handling and, accordingly, for correct forwarding. In addition, it is checked at this point whether images, Javascripts and CSS files have been loaded via HTTPS.

Figure 2: Extract from Ryte's single page analysis.

    ✓ Enter your https domain in the Google Search Console

In this way you ensure that Google correctly determines data such as clicks or errors on your website. To do this, log into the Search Console with your Google account. Then click "Add Property" in the menu on the left.

There you have the option of creating individual https properties in order to test them later. However, it always makes sense to register the entire domain in the Google Search Console. Because then you don't have to activate a new property for each protocol individually.

Figure 3: Create a domain or https page in the Google Search Console.

    ✓ Store the https page in your web analysis tools

In order for your website to be tracked correctly, you should also make the appropriate adjustment in the log for Google Analytics and other web analysis tools.

In Google Analytics, click on the gear with the button "Administration" in the lower left corner. There you can change the website log with one click.

Figure 4: Switch to https with Google Analytics.

    ✓ Adjust internal links and put https in front of them so that the connections are secure

To do this, you can first check all templates and look for page-wide links. Overview pages can be checked manually. The "Website Success" module from Ryte can also help you here.

To do this, click on "Link Targets" in the "Links" area. Then all internal link targets will be displayed with the corresponding protocol. In the Pro version you have the option of exporting this list as an Excel table.

Figure 5: Check link destinations with Ryte.

You can also use a filter to check whether there are still internal links with http.

Figure 6: Check link destinations with Ryte.

    ✓ Correct links to your domain in AdWords or other advertising programs

You search for ad groups in the Google AdWords administration interface. There you have the option of changing the protocol for the link to your website to https. When adjusting the links, also keep in mind the AdWords extensions such as sitelinks or offer URLs.

Figure 7: Change website history in Google AdWords ads.

If you run Google Shopping Ads, you should also change your address in the Google Merchant Center. Remember that the links to your products transmitted in the CSV file are also https-encrypted.

    ✓ Add the https domain to social network profiles such as Facebook or Twitter

To do this, log into the relevant profiles and change the protocol.

Figure 8: In the info view of a website, the https protocol is visible on a Facebook profile.

Cost and duration of SSL certificates

All SSL certificates are only issued for a certain period of time. As a rule, the terms that can be selected are between one and five years. Payment for an SSL certificate is always made in advance for the entire term.

Simple DL certificates are available for significantly less than 100 euros per year. When it comes to multidomain SSL certificates or products with wildcards, the fees can cost more than 1,000 euros per year. The prices vary from provider to provider and it is worthwhile to compare the costs before booking the certificate. Of course there are also completely free providers such as letsencrypt.org.

Once you have decided on a certificate, it is usually easiest if you extend the term. But you also have the option of switching to another provider or another certificate. This can be useful, for example, if you are adding a new page to your portfolio and want to turn a certificate for a domain into a multi-certificate.

If you change, however, keep in mind that checking your site can take a few days. Incidentally, your page will also be checked in the event of an extension. You should therefore apply for an extension at least 30 days before the certificate expires or, alternatively, apply for the new certificate. This prevents double booking of certificates and avoids double payments, as the SSL certificates always have to be paid for in advance for at least 12 months.

Conclusion

Today, an SSL certificate is essential to create trust with customers and visitors, as well as with Google. It is therefore all the more important that you also secure your site with SSL. For small blogs without registration forms or shopping carts, a simple certificate is usually sufficient. However, if you want to secure a web shop or operate several commercial websites, a multi-domain certificate or EV certificate is certainly the best solution. In all cases, it is important that you set up appropriate redirects after converting the website to https in order to avoid duplicate content. Because even the greats of our time have understood the importance of a secure website. :-)