Buzz
Activating HTTPS automatically encrypts information to and from the server. This prevents potential attackers from stealing sensitive user data during internet access.
Visitors will feel more secure when they see the green padlock icon while accessing your website, understanding that the website has been issued a security certificate. The steps to create HTTPS for a website are simple and will enhance the safety of your website, attracting more visitors.
Simple Steps to Establish HTTPS for Your Website
Overview
The most significant advantage of SSL certificates is their easy installation. After completing the SSL setup, your next task is to guide users to use HTTPS instead of HTTP. If attempting to access the website by placing https:// before the URL, an error message will immediately appear. This is because the SSL certificate has not been installed. In this article, Mytour will guide you through the simple steps to create HTTPS for your website, including the installation and activation of SSL certificates.
Creating HTTPS for a Website is straightforward, involving 5 steps:
1. Set up a dedicated IP address for your server.
2. Acquire a certificate.
3. Activate the certificate.
4. Install the certificate.
5. Configure the website to use HTTPS.
Step 1: Set up a dedicated IP address for the server
For optimal security, a certificate requires your website to have a dedicated IP address. Many small web hosts add shared IP addresses, which multiple websites use at the same location. With a dedicated IP address, you can ensure that traffic from the IP address goes only to your website, not others.
If you're looking for an affordable web host with a dedicated IP address option, consider StableHost. At this time, StableHost's package is priced under $6 per month, but the cost will be even lower if you opt for a 1-year subscription.
If you don't have a dedicated IP address package, you can request your current server to upgrade your account to have a dedicated IP address. Of course, you will have to pay a fee, which can be either yearly or monthly.
Step 2: Purchase a certificate
The next step is to have something that proves you are the owner of the website, similar to a certificate for your website. To accomplish this, you will need to create an SSL certificate.
The certificate is simply a combination of letters and numbers that only your website knows, akin to a long password. When visitors access your website via HTTPS, the password will be checked, and if it matches, it will automatically verify that you are the owner of the website. It will encrypt everything, including the traffic on your website.
Technically, it's something you can create on your own (also known as a self-signed cert), but all major web browsers are checked by digital certificate providers (Certificate Authority - CA). They also have a copy of the long password that you can verify. To be recognized by digital certificate providers, you need to purchase a certificate for your website. You can explore the Top 10 SSL Certificate Providers to choose the best unit for your website.
GeoTrust QuickSSL is one of the top certificate providers, along with NameCheap, and several others. Currently, GeoTrust QuickSSL certificates are priced at $46 per year, accompanied by a website seal that you can place on your site to let users know it's a trusted website.
Step 3: Activate the certificate
Note: Check if your web host automatically activates certificates. Activating certificates can be complex, so it's best to wait 1 to 2 days for them to do it, if possible.
If self-activating the certificate, the next step is to create a CSR file. The simplest way to generate a CSR file is to do it in the web hosting control panel, such as WHM or cPanel. Access the SSL/TLS management section and choose Generate an SSL certificate and Signing Request. Fill in all the required information in the fields as shown below:
In the 'Host to make cert for' field, enter your domain, and the Contact email field can be left blank. After completing all the information, you will see a window like the one below displayed on the screen:
Copy the first block of text. You need to use this CSR to provide to the certificate issuing organization so they can establish your identity. Log in to your NameCheap account or any account where you purchased the certificate and activate that account.
Paste your CSR into the required fields. It will ask you for an approval email. This is the email address verifying your domain ownership, such as [email protected]
Step 4: Install the certificate
Note: Check if your web host has installed the certificate. Installing certificates can be complex, so it's best to wait 1 to 2 days for them to do it, if possible.
If self-installing the certificate, the steps are straightforward. Once you have the certificate in hand, all you need to do is paste it into the web hosting control panel. If using WHM.Cpanel, from the SSL/TLS menu, select Install an SSL Certificate.
Paste it into the first box and then click Submit. Now you can try accessing your website via https://www.domain.com.
Step 5: Configure the website to use HTTPS
If accessing your website has https:// in front of the URL, the page will load. This means you've successfully installed SSL and activated the HTTPS protocol, but your visitors aren't yet fully protected. Your task is to ensure that visitors access the website through HTTPS.
Note that HTTPS should only be enabled for e-commerce websites or pages dealing with transactions. Activating HTTPS on websites where users don't input sensitive information will waste encryption processing and slow down the experience. Identify target websites and follow one of the two methods below.
You can update all links to target websites using HTTPS links. In other words, if there are links to the shopping cart on the homepage, update those links to use secure links. This ensures that all links direct to sensitive URLs.
However, if you want to ensure users can only access specific secure pages regardless of the link, the best approach is to use a server-side approach to redirect users not on HTTPS.
To achieve this, you insert an additional code snippet at the top of the security page. Here is one of the PHP code snippets:
// Require https
if ($_SERVER['HTTPS'] != 'on') {
$url = 'https://'. $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
header('Location: $url');
exit;
}
Another server-side approach is using mod-rewrite. This doesn't require you to modify any website files but will involve editing the Apache configuration. Below is a mod-rewrite example:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(cart/|checkout/) https://%{HTTP_HOST}%{REQUEST_URI}
This ensures that if someone accesses the website through HTTP, they will be automatically redirected to HTTPS.
Tip
Understand that HTTPS doesn't mean the information on the server is entirely secure; it only secures the transfer of data from the visitor's computer to your server. Once sensitive data reaches your server, it is securely protected by encrypting the database, and more.
Some users only search for keywords on the page rather than in the browser. After installing SSL, you can add a padlock icon on your web pages to let them know it's a trusted site, in case they don't notice the URL bar.
Here, Mytour has guided you through the steps to create HTTPS for your website. A secure and reliable website is one with correctly installed security certificates. By implementing SSL certificates on your website, you can rest assured that visitors to your site are less likely to be attacked. In case you're unsure about the difference between HTTPS and SSL, you can refer to the article on distinguishing HTTP, HTTPS, and SSL here.
