{"id":27051,"date":"2017-10-26T17:01:03","date_gmt":"2017-10-26T22:01:03","guid":{"rendered":"https:\/\/staging.audiotheme.com\/?p=27051"},"modified":"2022-11-25T14:15:27","modified_gmt":"2022-11-25T20:15:27","slug":"ssl-certificates","status":"publish","type":"post","link":"https:\/\/staging.audiotheme.com\/blog\/ssl-certificates\/","title":{"rendered":"A Primer on SSL Certificates"},"content":{"rendered":"
You may have heard the news that Google Chrome will soon mark more websites with SSL certificates as \u201cnot-secure.\u201d The change comes in Chrome version 62, due out sometime this month. Until now, Chrome has only shown the \u201cNot Secure\u201d warning on sites that request passwords or credit card information without an SSL certificate.<\/div>\n

Of course, unencrypted connections should never be used to send sensitive data. With the rollout of Chrome version 62 however, the browser will begin labeling websites with any<\/strong> user input fields as \u201cNot Secure.\u201d This includes common text input fields, like contact forms, comment forms, and email subscription forms.<\/p>\n

These changes are coming because Google wants to warn users about sending unencrypted messages over the web, even if they don\u2019t contain sensitive information. If you aren\u2019t using a contact form, accepting comments, or collecting newsletter signups on your site, you may not need to worry — yet. Google has confirmed that they will eventually mark all regular HTTP pages as \u201cnot secure.\u201d Ultimately, only HTTPS sites will be considered secure. Other major browsers are expected to follow Google’s example.<\/p>\n

In this post we\u2019ll cover exactly what an SSL certificate is, how it works, and why you may want to consider installing one on your site.<\/p>\n

<\/p>\n

What are SSL and HTTPS?<\/h2>\n

As you surf the web, you probably notice that the address for some sites begin with an HTTP prefix that looks like this:<\/p>\n

http:\/\/example.com<\/code><\/pre>\n
Others begin with the HTTPS prefix:<\/p>\n
https:\/\/example.com<\/code><\/pre>\n
HTTP stands for Hyper Text Transfer Protocol. This is the connection a user\u2019s computer uses to access a website. HTTPS stands for Hyper Text Transfer Protocol Secure. This means the connection used by a user\u2019s machine to access data on a website is encrypted. The encryption is usually handled by Secure Sockets Layer (SSL) or Transport Layer Security (TLS). To keep things simple, we’ll refer to both types of technology as SSL in this article. SSL is the actual means of securing the data while \u201cin transit\u201d between the site and the user.<\/p>\n
Googling how these certificates work turns up a ton of info. To simplify, an SSL connection requires two keys. One is public and one is private. A website visitor’s browser will use the public key to communicate with the server (website). The information being passed from a user to the server will travel as an encrypted message. The server uses the private key to decode the data when it arrives. If the content is intercepted along the way, it’s encrypted and worthless, providing another layer of security.<\/p>\n
\"Site
An example of a Secure website with an SSL certificate installed.<\/figcaption><\/figure>\n
Why haven\u2019t more sites started using SSL?<\/h2>\n
Until recently, SSL certificates were thought to only be necessary for sensitive information like credit card numbers and passwords. For this reason, they\u2019ve mostly been ignored and some pretty major sites still do not have SSL certificates installed.<\/p>\n
Personally, I believe most people misunderstand what an SSL certificate is and how easy it is to purchase and install one. The cost has decreased dramatically over the last few years as well. I remember seeing basic SSL certificates ranging from $40 all the way over $100 for one domain.<\/p>\n
Luckily, things have recently changed. SSL certificates are easier to install and much more affordable than ever before.<\/p>\n
The different kinds (and costs) of SSL certificates<\/h2>\n
If you\u2019ve even looked into adding an SSL certificate and visited your host\u2019s website, it\u2019s easy to get overwhelmed. Here\u2019s a look at some of the options available from popular hosts:<\/p>\n
\"GoDaddy
GoDaddy\u2019s SSL Certificate Selection.<\/figcaption><\/figure>\n
\"SiteGround
SiteGround\u2019s SSL Certificate Selection.<\/figcaption><\/figure>\n
SSL certificates can also be purchased from third party providers, then installed on your hosting environment. Basic certificates allow for a certificate to be installed on a single domain. A wildcard certificate allows you to install one certificate that covers all subdomains (such as https:\/\/demo.audiotheme.com<\/a>). Though the technology is the same, several of the more expensive certificates come with warranties. They range into tens of thousands of dollars of coverage. Be sure to read the fine print on these kinds of warranties though. They often only cover fraudulent charges to the end user that are the fault of \u201cimproper validation\u201d on behalf of the certificate.<\/p>\n
Benefits to having an SSL<\/h2>\n
There are a couple of benefits to having an SSL certificate installed. Obviously, the trusted green padlock puts users at ease. You may see more conversions than before, as a user is more likely to interact and provide data on a secure site. Less obvious though, is that in 2014, Google stated that HTTPS is used as a ranking signal<\/a>. This means your secure site will be favored more than it would as an HTTP site. Additionally, something that may not be obvious is that when information is intercepted from a site without an SSL certificate, it can actually be changed and then passed on to the intended destination. This means that while the information may make it from the user to the server, it actually has a chance of being changed along the way. Encryption prevents that.<\/p>\n
Free SSL Certificates<\/h2>\n
As alluded to before, SSL certificates are becoming cheaper and more accessible. Recently, one organization in particular has been making a name for themselves as a leading provider of free SSL certificates.<\/p>\n
Let\u2019s Encrypt<\/a> is a free program headed up by the Internet Security Research Group<\/a>. They also have the support and sponsorship of some major companies, including Mozilla, Cisco, Facebook, and Sucuri. Their goal is to make the web a safer place for internet users. One of the great things about Let\u2019s Encrypt certificates is that many web hosts have partnered<\/a> with them to allow SSL certificates to be installed with one click. Among this list are SiteGround and BlueHost.<\/p>\n
If you are hosted by a different company, go ahead and ask if they support Let’s Encrypt. They may be able to install the certificate for you.<\/p>\n
As a heads up, the Let’s Encrypt certificates are only good for 90 days at a time, so you’ll have to remember to renew them. That is, unless your host automatically does this for you, like SiteGround does.<\/p>\n
What about sites that are already established as HTTP?<\/h2>\n
Installing an SSL certificate before you start building a new site is easy, but what if your site is already established? If you\u2019re using WordPress, you may run into an issue where the settings of your site under Settings \u2192 General<\/em> still have the HTTP prefix. This can cause some issues in terms of how users access your site regularly. Even if you have an SSL certificate, if the site is accessed over HTTP, the encryption is not active. You’ll also want to keep an eye out for “mixed media”. Images and other files that are still loaded over HTTP instead of HTTPS will cause a mixed media issue. If you\u2019re still getting a “Not Secure” message after installing SSL certificate and the HTTPS prefix is displaying, mixed media is probably the culprit.<\/p>\n
\"Really<\/a>
\nThere is a one-click plugin that resolves most mixed media issues, and can make the conversion of an HTTP site to HTTPS pretty simple. Really Simple SSL<\/a> will change your site options and resolve most media paths with one click. There are some exceptions though. For example, if you\u2019ve added a path to a media file via CSS, the plugin will not always find it. Simply updating that URL to include the HTTPS prefix should resolve the problem. You should be able to search the site’s source code, or use Google\u2019s Developer Tools to pinpoint instances of mixed media.<\/p>\n
Things to look out for<\/h2>\n
As a heads up \u2014 CloudFlare sites have been known to create infinite redirect issues when SSL certificates are activated. So, if you\u2019re using CloudFlare, do some extra homework before you change your site settings. And as always, make a backup before making any changes.<\/p>\n
If you use Google Analytics and Search Console to track your traffic, you\u2019ll want to make sure you add the HTTPS variants to the web properties to ensure you\u2019re getting all of your insights.<\/p>\n
Wrapping Up<\/h2>\n
HTTPS is a step towards a safer and more secure web. You’ll likely be called out with the release of Chrome version 62 if your site isn’t encrypted. Luckily, in the last few years the costs have declined and the installation process has become much easier. We\u2019ve covered some of the basics in this article and a free SSL provider trusted by some big name companies. Your host should be able to provide you with more information on the types of certificates they offer, as well as how to install them on your hosting environment.<\/p>\n","protected":false},"excerpt":{"rendered":"
You may have heard the news that Google Chrome will soon mark more websites with SSL certificates as \u201cnot-secure.\u201d The change comes in Chrome version 62, due out sometime this month. Until now, Chrome has only shown the \u201cNot Secure\u201d warning on sites that request passwords or credit card information without an SSL certificate. Of … Read More<\/a><\/p>\n","protected":false},"author":941,"featured_media":27073,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-27051","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-chatter","8":"entry"},"_links":{"self":[{"href":"https:\/\/staging.audiotheme.com\/api\/wp\/v2\/posts\/27051","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/staging.audiotheme.com\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging.audiotheme.com\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging.audiotheme.com\/api\/wp\/v2\/users\/941"}],"replies":[{"embeddable":true,"href":"https:\/\/staging.audiotheme.com\/api\/wp\/v2\/comments?post=27051"}],"version-history":[{"count":15,"href":"https:\/\/staging.audiotheme.com\/api\/wp\/v2\/posts\/27051\/revisions"}],"predecessor-version":[{"id":27403,"href":"https:\/\/staging.audiotheme.com\/api\/wp\/v2\/posts\/27051\/revisions\/27403"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging.audiotheme.com\/api\/wp\/v2\/media\/27073"}],"wp:attachment":[{"href":"https:\/\/staging.audiotheme.com\/api\/wp\/v2\/media?parent=27051"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging.audiotheme.com\/api\/wp\/v2\/categories?post=27051"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging.audiotheme.com\/api\/wp\/v2\/tags?post=27051"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}