You see http or https at the start of every website, but what does it actually mean? What's the difference, and which one should your website be using and why? Virtual Market Advantage will answer these questions and more to help you understand what is best for your website, http vs https, and how it can be set up. By knowing how to switch to HTTPS, you can make your website more secure and improve your SEO!
The Difference Between HTTP vs HTTPS
HTTP stands for “Hyper Text Transfer Protocol.” It is the underlying protocol used by the World Wide Web that defines how messages are formatted and transmitted. It also outlines which actions web servers and browsers should take in response to various commands. If you add the 's' to the end of the http, you are basically making it a secure transfer of command. This means that the transfer is encrypted by transport layer security.
So which one is best for your website? The better option will almost always be https, as it keeps your website more secure.
How Important is HTTPS?
Often if someone is going to enter personal information onto your website, they will look to see if it’s secure before doing so. This encryption is important and helps eliminate eavesdroppers from looking in on your site and getting that information.
Chrome and Firefox both explicitly mark websites that provide forms on pages without HTTPS as insecure. Not being HTTPS-secure also has an affect on your website's SEO rankings, and it has a serious impact on privacy in general.
Google recently announced that it will start marking forms on non-HTTPS pages as insecure as well. This is a great opportunity for you to take the plunge and get your website completely switched over to HTTPS. Better SEO rankings and more security for you and your customers? It’s a win-win!
How to Switch to HTTPS
Setting up this switch can be a little intimidating for an inexperienced user, as it takes several steps involving different parties and requires some knowledge of encryption and server configuration. This might sound complicated, but VMA will get you through it!
Doing the steps for HTTPS setup should be relatively easy, especially if your hosting provider supplies HTTPS certificates. If they do supply these, you will be able to perform everything you need to from your control panel quickly and easily.
Create a Private Key and a Certificate Signing Request (CSR):
- First you need to log in to your host's cPAnel.
- Scroll down to the 'security' section and click “SSL/TLS”.
- You are now in the SSL/TLS Manager home. Click 'Private Keys (KEY)' to create a new private key.
- This will redirect you to a page to generate, paste, or upload a new 'Private Key'. Select your key size (this will depend on your server provider) in the key size dropdown and click generate.
- Now the new private key will be generated, and you will get a confirmation screen.
- If you go back to the 'Private Keys' home, you will see your new key now listed.
- You will now need to go back to the “SSL/TLS Manager” home and click 'Certificate Signing Requests (CSR)' to create a new certificate request.
- You will now get the 'Generate Service Request' form. Select the created private key and fill in the fields answering all the questions correctly, paying special attention to the “Domains” section. This should exactly match the domain name that you are requesting the HTTPS certificate for. When you are finished, click the 'Generate' button.
- The new CSR will be generated, and you will get another confirmation screen.
- Go back to the Certificate Signing Request home, and you will now see your new CSR listed.
Obtaining a HTTPS Certificate
In order to get your website certified, you need to first purchase a HTTPS certificate credit of a chosen type from an HTTPS certificate provider. Once you have completed this process, you will have to provide the previously-acquired CSR, which will spend the purchased credit for your chosen domain. You will be asked to provide the whole CSR text.
If you would then like to have an EV (Extended Validation) or OV (Organization Validated) certificate, you will need to provide the legal entity that you are requesting the certificate for. The certificate registrar will verify your request and issue the signed HTTPS certificate. EV certificates provide the most trust while also having the strictest validation standards.
Your hosting provider or HTTPS registrar might have a different product and procedure, but the general methods should be similar.
It's also possible to sign a certificate yourself rather than have a signing authority do it. This is mainly good for testing purposes and not for your official validation online. You can always claim to be anything you would like, but as Google crawls your site, it will be more trusting if there is a third party signature on the security certificate.
Installing the HTTPS Certificate for Your Website
Don't forget to perform these final touches in order to ensure that your entire website is secure!
- Update your references in content. This can usually be done with a search and replace in the database.
- Update all references to internal links to use HTTPS or relative paths.
- Update references in templates and make sure references to scripts, images, links, and so on are either using HTTPS or relative paths.
- Update any tags. Most of the CMS systems will take care of this for you when you make the switch, but it never hurts to go in and check.
- Update any plugins/modules/add-ons/etc. Make sure nothing breaks and that nothing contains any insecure content.
- Update old redirects currently in place and force HTTPS with redirects as well. This will help with migration issues on your site, making sure it stays secure.
While these steps may sound complicated, they are fairly easy to follow, and most server and hosting providers will make it easy on you and provide further help should you need it. With most browsers now cracking down on insecure forms, it's best to make sure that your site is HTTPS secure as soon as possible. Not only for the security of the site and its visitors, but also for your own rankings in these browsers.
If you're interested in getting more involved behind the scenes of your website, you'll eventually want to learn a bit about coding. Here are the top 6 coding languages of 2017, and some reasons why you would want to choose to learn one over the other!