SSL Certificate Ultimate Guide to Secure Your Blog or Website

An SSL certificate is absolutely necessary for anyone who wants to get the most out of their blog, or website, so I’ve written an ultimate guide for you here. We will cover the basic questions like “what is an SSL certificate?”, “why do I need one?”, “how do I get it?” and (literally) every question I could think of concerning SSL certificates.

SSL Certificate and HTTPS

I’ve researched my information from a variety of reputable sources to ensure that this is, truly, the SSL Certificate Ultimate Guide. I broke the information up into small, skimmable, bits of information to help you find the exact information that you need. So let’s get started…

SSL Certificate Giveaway
Enter to win 75% an SSL Certificate with Organization Validation (OV).

What is SSL and What is an SSL Certificate

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. – SSL.com

SSL is what keeps your browser’s communication with a website private and secure and is absolutely necessary for sites that do banking or online payments of any kind. This includes blogs that have an eCommerce plugin installed.

Think of an SSL certificate as an electronic passport that ensures the webserver is who it says it is, and that the connection to that web server is secure.

Why is SSL Important

SSL is important because it builds trust. Knowing that your favorite brand has an SSL certificate on their website gives peace of mind that your personal information is safe to share with them. On the other hand, knowing that your favorite brand does not have an SSL certificate (or, worse, has one that is invalid) can cause you not to trust them with your personal information – perhaps to the point where you don’t feel safe shopping with them online.

#SSL certificates are important because they builds #trust. Click To Tweet

The reason your audience comes to you is because you have a purpose for your blog, a message to share with them. And they trust what you say. You owe it to your audience to give them a secure experience on your website.

SSLShopper.com also explains that SSL provides a form of authentication. Basically, an SSL certificate verifies that you’re connected to the right server (if you weren’t, your browser would know because the certificate would be invalid).

Browsers are starting to flag any website that does not have a certificate as unsecure. Did you read that? Go back and read it again.

Browsers are starting to flag any #website that does not have an #SSL certificate as #insecure. Click To Tweet

 This is just as big of a reason as any why SSL is important. As Troy Hunt has pointed out, [SSL] adoption has reached the tipping point … where it’s gathering enough momentum that it will very shortly become “the norm” rather than the exception”.

Without #SSL, your #customers and #readers will start seeing your #website as #insecure. Click To Tweet

WordPress Will Begin Requiring SSL in 2017

In December 2016, WordPress.org released a statement that they would start requiring SSL early in 2017. While they have not yet specified a date – because browsers are now treating websites as insecure without a certificate, getting an SSL certificate on your WordPress website even more important. CodeInWP.com recently determined that WordPress accounts for 27% of the websites hosted on the entire internet! Therefore, soon 27% of all websites will be required to have a certificate and if you’re reading this there’s a good chance your website is one of them!

Having an SSL Certificate Boosts your SEO Ranking

ahrefs.com, among many other sources online, describes that using HTTPS is one of many small pieces to the SEO puzzle. An SSL certificate on your website allows you to use HTTPS on your website without error. But ahrefs.com goes on to say, in that article, that how you implement SSL on your website is also important. Checkout ahrefs.com to learn exactly how to configure your blog for HTTPS in an easy-to-follow format that’s easy to understand.

Are There Different Types of SSL Certificates

  • Yes.

There are 3 different types of SSL certificates, as described by globalsign.com. Each type serves a different level of security and builds on the security provided by the one in the previous level.

Domain Validation (DV)

  • Level 1: Validation of the domain name only

Domain Validation is the most basic type of SSL certificate. This is also the least expensive option. Let’s Encrypt is a popular vendor for DV certificates (and they’re also free!). A DV certificate validates that the owner of the certificate has a right to use that domain name.

Organization Validation (OV)

  • Level 2: Additional validation of the organization

Organization Validation is the “middle tier” of validation for SSL certificates. This level of validation includes vetting of the organization itself.

Extended Validation (EV)

  • Level 3: Extended Validation of the organization

Extended Validation is the most strict validation of SSL certificates. EV certificates verify the physical existence of the certificate owner (usually by involving the physical mailing address in the vetting process) as well as validating the identity of the owner against official records.

Obtaining an EV certificate also verifies that the owner has exclusive rights to the domain name. EV certificates are usually the most expensive of the 3 types of validation.

What Type of SSL Certificate Do I Need

A certificate with Domain Verification (DV) is a great way to get your feet wet with SSL and let your readers know your website is secure. A DV certificate is sufficient for a simple blog (and if your webhost supports Let’s Encrypt, your certificate will be free!).

A certificate with Organization Validation (OV) tells your customers that your website actually belongs to your business instead of some phishing scammer. This type of certificate is good for small businesses. Typically, the browser will display a padlock in the address bar.

A certificate with Extended Validation (EV) is typically used by banks, hospitals, large retailers and anyone who wants the “green address bar” for maximum visibility of your website’s security.

Source: GlobalSign

Is a Free Certificate from Let’s Encrypt Good Enough

  • Technically, yes – if your platform requires SSL and you are not able to complete the Organization Validation process.
  • Otherwise, No – and neither are the DV certificates you have to pay for.

If – and this is a big “if” – you are not able to complete the Organization Validation for some reason then having a certificate with Domain Validation is better than no certificate at all. Essentially, you’re meeting the minimum requirements of Google Search SEO rules, and WordPress and you’re adding a very basic layer of security to your website.

But your website technically is not any safer than it would be without an SSL certificate. Allow me to explain…

Let’s Encrypt issues Domain Validation (DV) SSL certificates so the connection between your browser and the web server is secure. However, since only the domain is verified – and not ownership of that domain – your customers and readers have no way of knowings it’s actually your server they are talking to. The validation process of OV or EV certificates requires a third party to get involved – increasing the legitimacy of your certificate.

Using an OV or EV #SSL certificate requires getting a third-party involved in the #validation process - increasing the legitimacy of your certificate. Click To Tweet

Hackers could use the “secure” connection provided by a DV certificate to be a “wolf in sheep’s clothing”. They can do this because they don’t have to validate that they are you.

Your customers would think they are secure when they really aren’t. This false sense of security is more dangerous than not having a certificate on your website.

Hackers can use an #SSL certificate with Domain Validation be a wolf in sheep's clothing #Security @LetsEncrypt #hackers Click To Tweet

SSL Certificate with DV
Photo by debspoons

There’s only 1 scenario that makes a DV certificate “good enough”. If you can guarantee 100% success on these 3 points. all. the. time.:

  • The domain in your own address bar is always correct.
  • You will never ask your customers, or readers, for anything on your website or blog; including their email address (yeah subscribers!).
  • Your web hosting account and the server it’s hosted on will never get hacked (remember, server admins are human too).

If you cannot guarantee all 3 of those statements will always be true about your website, or blog, then you need to seriously reconsider using a DV certificate.

It boils down to your customers being able to trust you. I am not alone in this assessment of DV certificates: DigiCert actually refuses to sell DV certificates because they do not consider them guaranteed secure. (Source: Domain Validation vs High Assurance). They point out that you don’t even have to get hacked for you, or your customers, to become a victim. A man-in-the-middle attack could potentially be used to gain access to your “secure” connection if you have anything less secure than an EV certificate.

The only other reason you should settle for a DV certificate is if you are not able to complete the validation process required for an OV certificate.

Where Can I Get an SSL Certificate

An SSL Certificate can be purchased almost anywhere online. Some of the trusted sites you can buy them from include NameCheap.com and RapidSSLOnline.com. Name Cheap also sells an array of products related to web hosting, website security, etc. But my favorite “extras” that Name Cheap provides is Domain Name purchasing and DNS Hosting. DNS hosting is used for your DNS records (the things that tell your browser where to find your website on the internet).  

How do I Renew an SSL Certificate

Renewing your SSL Certificate is similar to renewing your hosting; You’ll receive an invoice when your next billing cycle is about to start with info to renew.

What problems could I face when I switch to HTTPS

Claire Brotherton, of A Bright Clear Web, explains some of the problems you could face when switching to HTTPS. If not done right, your blog could lose all of its social media share data, and Google Analytics referral data, because of the link change. There is also the potential for problems with 301 redirects and trying to use SSL via a Content Delivery Network (CDN).

Claire has done a great job of explaining how to work through some of those problems. Her suggestions are easy to follow and super important to us bloggers!

How to Install an SSL Certificate

No matter what environment your website is hosted on you must have bought an SSL Certificate before you can start. The only exception to that rule is if you’re settling for an SSL certificate from “Let’s Encrypt”. In that case, you must first verify that your webhost supports Let’s Encrypt.

  • Any SSL certificate that is FREE is most likely using Domain Validation (DV) only and is merely a formality to benefit SEO and minimum platform requirements and is not a good form of security.

DigiCert has put together a set of separate SSL instructions for an extensive list of web hosting environments.

How to Install an SSL Certificate on WordPress

If you choose to settle for a less secure DV certificate from Let’s Encrypt, you can use the free WordPress Plugin WP Encrypt to generate a certificate. Be aware that some PHP modules are necessary, which your webhost may or may not allow, and that this plugin does not actually enable HTTPS for your blog.

The Really Simple SSL plugin gives you a way to install any certificate you’ve purchased and will even redirect all traffic to HTTPS for you.

How to Install an SSL Certificate on Blogger

If you choose to settle for a less secure DV certificate, Blogger offers free certificates to their users under their HTTPS settings. If you’re using a custom domain, you can enable HTTPS using CloudFlare CDN.

How Do I Add a Site Seal to My Website?

If you’ve purchased an SSL certificate with Organization Validation (OV) or Extended Validation (EV), your vendor most likely provided you with instructions on how to add the Site Seal to your website.

For WordPressers, you often need to paste an HTML snippet somewhere into your admin area. I would recommend using the  Simple custom CSS and JS plugin, for WordPress. While my instructions for that plugin are specific to CSS, there is also an option in that plugin to add HTML snippets as well.

How Do I Know my SSL Certificate is Installed Correctly

There are tons of online tools to check that your SSL certificate is installed correctly, and is valid. Some of them even offer to remind you when your certificate is about to expire so you don’t forget to renew it.

But not all of these tools are recommended. A DV certificate is used to “secure” some of these tools (see “Is a Free Certificate from Let’s Encrypt Good Enough“) so you don’t know if you can trust them. Some of them will tell you everything is secure when, in fact, you are relying on a DV certificate.

That is why I recommend the thawte CryptoReport. It tells you if your certificate can truly be trusted and even offer information about a handful of vulnerability checks.

If you’re testing a DV certificate, thawte will warn you:

This server uses a Domain Validated (DV) certificate. No information about the site owner has been validated. Data is protected, but exchanging personal or financial information is not recommended. – thawte CryptoReport

Can I Transfer an SSL Certificate to Another Hosting Account

  • Yes

SSL Shopper has a great guide for transferring certificates from, and to, a variety of web hosting environments.

How Will my Readers and Customers Know my Website is Secure

Websites that have an Extended Validation (EV) SSL certificate will show proof of identity right in the address bar.

SSL Certificate with Extended Validation (EV)

While Organization Validation (OV) SSL Certificates do not turn the address bar green, they do display Organization information in the address bar to show the more thorough vetting of the OV certificate has taken place.

If your address bar only shows the word “Secured”, with no organization information, it is because the certificate only has Domain Validation (DV).

I Need Help with my SSL Certificate

There is a lot out there that we can learn about SSL certificates. That’s obvious just by scanning over this article. If you find yourself freaking out and not knowing what to do, that’s OK. I get it. This geeky stuff can be really scary, especially when words like security or hacker come up.

If you need a helping hand, I would be more than happy to assist in any way I can. Just drop me a line in the comments or contact me. Even if you just need a few questions answered to help you make the right choice about an SSL certificate for your website.

Conclusion

If you’ve found this article helpful, overwhelming, useful, or useless, I would really appreciate you telling me in the comments. All this information is too important for people like us to just glaze over and ignore – so help me make this resource the best we can by giving me your feedback in the comments!


a Rafflecopter giveaway

Come back every day to earn more points and become the giveaway winner!

28 thoughts on “SSL Certificate Ultimate Guide to Secure Your Blog or Website

  1. This is such a great post. I’ve been meaning to update to https:// and just haven’t bitten the bullet yet. Bookmarking for later. Thank-you so much!

    1. And now you have someplace you can go to get all your SSL Certificate questions answered. If you think of any that I didn’t address in this post, let me know! I’d be happy to help!

      Thanks for stopping by!
      Chris

  2. Awesome post, Chris.

    Well detailed enough! As someone who would love to give my blog SSL certificate in order to boost rankings and give my readers a sense of security, I found this post really helpful!

    No wonder you were featured on the Blogging Newbs group. You rock, man!

    1. Hey Emmanuel!

      Thank you for the compliment, it means a lot! The drawing at the bottom of this post would be perfect for your blog ($116 value, for only $29!!). Don’t forget to enter the drawing! Or you can subscribe to my blog so you won’t miss upcoming sales on SSL certificates.

      ~Chris

  3. I’ve never exactly paid much attention to SSL until now. Thanks for the very educational post about it. I had no idea that it was vital when you’re maintaining a website. It’s definitely a must to learn about this.

  4. I wonder if the specific sign on the address of a website is a sign of how secure or not a website is? Thank you for good detailed information you’ve shared on this post. It’s indeed enlightening me.

    1. Rose, that is exactly right! Website’s with Extended Validation (EV) certificate have the green address bar with their organization name in the green bar (I have a picture of what that looks like in this post).

      Glad you learned something!
      ~Chris

    1. Glad you could become informed. I would encourage you to participate in the giveaway at the bottom of this article – 75% off is a HUGE savings on an SSL certificate!

      ~Chris

  5. Interesting read, Chris. I’ve just installed Let’s Encrypt SSL on my site.

    Now I realise there’s a hierarchy of SSL. Will definitely bookmark this post for future reference.

    Do you know if you can install more than one certificate on a site?

  6. Hey Claire! Glad you learned something, I had no idea either until I started researching it.

    No, you cannot have multiple certificates on a single URL.

    But you can use a single SSL certificate for all the subdomains if you get one that supports Subject Area Name (SAN) or Wildcard.

    Let me know if you have any other questions. Thanks for dropping by!

    ~Chris

  7. GOOD POINT OF SECURITY YOU KNOW, I HAVE NEVER REALLY THOUGHT OF THIS, WILL MAKE SURE TO GO AHEAD AND ACTIVATE MINE ASAP. THANKS FOR THE HEADS UP PAL..

    1. Thanks, Keith. You’re right, cyber security is becoming more and more of a big deal as cyber crime becomes more sophisticated. Unfortunately, bloggers like us are an easier target for the bad guys. That’s what makes this so important for us!

      Thanks for stopping by!
      ~Chris

  8. Due to the arrival of internet, numerous opportunities have come up on the global marketplace and consequently the corporations doing on-line enterprise is mushrooming. However, the clients are nevertheless no longer able to make the maximum of this opportunity, as they’re involved about the safety of the transactions that take place over the internet. To clear up this hassle, the corporations can take the assist of ssl certificate. To recognise that you are coping with the proper man or woman or the right organization, you’ll should load his/her root certificate at the browser you are using the certificate will have information about owner such as name and email address and usage of certificate and its validity.

    This technology is being utilized by hundreds of thousands of companies to relax the online transactions for the ease in their clients. The websites need an SSL certificate to generate hyperlinks for SSL. A SSL certificates allows you to set up your credentials while doing enterprise or different online transactions at the net. You can gift a SSL certificate electronically to prove your identity or your right to get admission to record or offerings on-line. SSL certificates bind an identity to a pair of electronic keys that can be used to encrypt and signal digital information. A SSL certificates makes it feasible to affirm someone’s claim that they have the right to apply a given key, supporting to prevent humans from the use of phony keys to impersonate different customers. Used at the side of encryption, SSL certificates offer a more entire protection solution, assuring the identification of all parties concerned in a transaction

    “Get more information on SSL certificates from The SSL Store ™ India”

Leave a Reply to Keith Haney Cancel reply

Your email address will not be published. Required fields are marked *