Before your website can turn visitors into loyal readers, leads, or customers, it has to look professional, secure, and credible. With this goal in mind, one of the best ways to ensure your website is secure is to obtain an SSL (Secure Sockets Layer) certificate.
An SSL certificate is a piece of code on your web server that creates an encrypted connection, which keeps any data submitted by your website users safe and secure. In fact, if you don’t have an SSL certificate, popular web browsers will alert people who visit your website that the website is not secure.
In this article, we’ll discuss how to acquire an SSL certificate, keeping everything as simple and as jargon-free as possible – promise!
SSL certificates are issued by an entity known as a Certificate Authority (CA). The process of acquiring an SSL certificate can be really easy, especially if you’re prepared in advance with the right information required by the CA. This information includes:
A Unique IP Address
Based on how SSL protocol works, each certificate you want to obtain will require a separate IP address. Otherwise, people using certain older devices and web browsers will not be able to use your website. You can use this tool to find out your website’s IP address.
An Accurate WHOIS Record
When you request an SSL certificate for a domain, the certificate authority will need to verify that you own the domain name. To do that, it will check the domain’s WHOIS record.
You can use a domain lookup tool to check your WHOIS record. If the information you find is obsolete, make sure to update it!
If you are requesting a high-assurance certificate, the certificate authority may check government databases to validate your business. In addition, the CA may also ask you to provide the government registration document associated with your business.
There are many different types of SSL certificates, and they can be categorized based on:
- Validation level: Domain Validation, Organization Validation, and Extended Validation
- Secured Domains: Single Domain, Wildcard, and Multi-Domain
Let’s look at a brief overview of each type:
Domain Validation: This is the cheapest and lowest level of validation, which just makes sure that your company has control over the domain. It’s best suited for small businesses that generally don’t exchange any information with users.
Organization Validation: This is the medium level of validation. It checks not only domain ownership, but also details of the organization, such as name and location. This level is ideal for business websites with forms and lead-capturing features.
Extended Validation: This is the most expensive and thorough level of validation. As well as domain ownership and organization details, it verifies the company’s physical location and legal existence. It’s a good fit for websites that handle sensitive information, such as financial transactions.
Single Domain: Provides protection for a single subdomain. An SSL certificate purchased for johndoe.com, for instance, cannot be used for subdomains, such as blog.johndoe.com
Wildcard: Offers protection for unlimited subdomains of a single domain. For example, an SSL certificate purchased for johndoe.com can be applied to any subdomains, such as blog.johndoe.com or shop.johndoe.com.
Multi-Domain: Provides protection for up to 100 domains with a single SSL certificate. An SSL certificate purchased for johndoe.com, for example, can be applied to other domains, such as janedoe.com.
A Certificate Authority (CA) is an entity that issues SSL certificates. There are dozens of50 CAs operating around the world, but only a few of them own the majority of the global SSL market share. These bigger players include GoDaddy and GlobalSign.
Image Source: About SSL
You want to pick a reputable CA that can provide the type of SSL certificate you need, while also aligning with your budget and business objectives.
Acertificate signing request(CSR) is a file to be generated on your web server before you request an SSL certificate from a CA. The CA will then use the information in this file to issue your SSL certificate.
The process of generating a CSR depends on the web server and hosting that your website is using. We’d recommend contacting your web host to find out if they have instructions in their knowledge base about generating a CSR.
Now that you’ve generated a CSR, the next step is to head over to the website of the CA you picked, and purchase the type of SSL certificate you’ll need.
After completing the checkout process, the CA will ask you to submit the CSR file you generated in the previous step.
Depending on the type of SSL certificate you purchase, the CA can take anywhere between a couple hours and a few days to validate your details, and issue your site’s SSL certificate.
For example, obtaining a domain validation certificate typically takes a couple of minutes, while an extended validation can take a few days.
Once the CA has processed your SSL certificate request, it will send you an email allowing you to access your SSL certificate. Alternatively, you can download it from the user account you created when purchasing the certificate.
The process of installing an SSL certificate depends on the OS (operating system) of the web server on which your site is hosted. Contact your web host for more info about this, or check if it has provided any online instructions on how to install your SSL certificate.
- Go to your Bluehost control panel
- Navigate to My Sites > Manage Site
3. Under the Security tab, toggle on the SSL certificate switch
That’s all it takes! Once you’ve turned on the SSL switch, it can take a few hours to activate, so don’t worry if it doesn’t happen instantly.
As we discussed, obtaining an SSL certificate involves the following steps:
- Ensure you have the correct website information
- Decide the type of SSL certificate you need
- Choose a Certificate Authority (CA)
- Generate a Certificate Signing Request (CSR)
- Submit the CSR to a Certificate Authority (CA)
- Await validation by the CA
- Install your SSL certificate
An SSL certificate goes a long way towards providing a great user experience, boosting SEO, and helping your business align with industry standards. So go ahead and put these steps into action – and good luck!