Who needs an SSL certificate?
If you are going to be accepting or processing secure information from your website, such as credit card payments online, or other sensitive information, you will need an SSL certificate. SSL stands for Secure Socket Layer. Data shared between users’ computers and the server are encrypted for safety.
There are different grades of SSL certificates. Price ranges from very little money, to hundreds of dollars per year. The more sensitive your information, the more you’ll probably need to spend on an SSL certificate.
Important: Most applications can get by with certificates costing less than $100 per year. If you are accepting Credit Card payments directly from the server, you will need to contact your bank or credit card payment gateway to determine their requirements. Some are quite strict.
Your server needs to have capability for secure connections. This is probably nothing to worry about because most do.
Dedicated IP Address
You will need a dedicated (unique) IP address. If you are on shared hosting plan, you will need to ask your hosting company for a dedicated IP address. SSL certificates cannot be installed on a shared IP unless the certificate is shared. That is not a common scenario at all.
Some hosting companies will move you to a dedicated IP address for free. Others charge a (usually) tiny monthly fee for a dedicated IP address.
What you will need to buy the certificate
You will need to generate a Certificate Signing Request (CSR). If you’ve never had an SSL certificate on your site, you may have to generate a “Key” first. These are both done from your server’s control panel.
SSL Certificate Purchase and Installation
- Log on to your server.
- Generate the key if there is not one already. For SEO purposes, you will want to be consistent. The industry standard is to include the “www.” with the domain name.
- Once the key is generated, then you will need to generate the CSR. Be sure to select the proper key if you have more than one to choose from (The one with the “www.” most likely) . Enter the information that the server asks for (Country, city, state, etc.) and the server will display a page with the new CSR on it, or email the CSR to you. Keep that page up, or copy and paste the CSR into a plain text document such as Notepad (Regular word processors such as Microsoft Word may mess it up) A CSR Looks like: —–BEGIN CERTIFICATE REQUEST—– *** There will be several lines of random-looking characters here. *** —–END CERTIFICATE REQUEST—– Be sure to include all the dashes before and after the “begin certificate request” and “end certificate request” when copying the CSR
- When you buy an SSL certificate, there will be some way to configure the certificate. They will all be a little different, but instructions should be available from the vendor. You will need to paste the CSR into one field, and contact information in as many as three places. You will need to input the owner of the certificate, name, address, email address, etc. For most vendors, the same applies to the technical contact and the billing contact. (These may all be the same person)
- Once you submit the CSR and contact information, you will need to select an email address for the approval. The certificate signing authority will send an email to the address you choose to approve the transaction.
- Once the officer approves the certificate, the requester will be sent an email containing the certificate (and possibly a “CA Bundle”). The certificate will look much like the CSR but will be larger. Be sure to include all characters from “Begin Certificate” through (including) the dashes after “end certificate”. A certificate will look something like: —–BEGIN CERTIFICATE—– *** There will be several lines of random-looking characters here. *** —–END CERTIFICATE—–
- There are usually two ways to install the certificate. Some servers will require you to paste the certificate (and CA Bundle if applicable) into a field on the server. Some will allow you to upload the certificate from a text file or email on your computer. The server will then install the certificate.
If you’ve done everything correctly, it should install without problems. If you receive errors or warnings, you may have to contact your server administrator for help.