How-To

TLS/SSL Encryption for Your Website

We’ve all logged onto websites with an https://… url. That little “s” in https designates that the connection is using TLS / SSL encryption, an added level of security when interacting with a website. The most common places to see this are on sites that collect personal information or payments, basically anything private that users wouldn’t want to escape into the world.

Secure Sockets Layer (SSL) and its cousin, Transport Layer Security (TLS), are open standards for providing secure www service (plus mail, FTP and telnet). Originally proposed by Netscape, SSL uses RSA public-key encryption for specific TCP/IP ports. SSL competes with Secure-HTTP (S-HTTP).

If you really want to get into the weeds and learn the ins and outs of TLS and SSL encryption, Wikipedia has a great article here.

If you need to transmit encrypted data between your site and your users and you do not already, consider using SSL encryption. Enabling SSL on your server is not as complex as it might seem. The first thing you need is an SSL certificate for your server. These certificates can be self-assigned, but your users’ browsers will not recognize them as secure and will warn the users when they navigate to your site.

Note: A good example of this is the warning you may have seen if you use the cPanel control panel to access your server. All cPanel servers come pre-configured with self-signed certificates. Self-signed SSL certificates are the cause of this warning.

To procure a signed (trusted) certificate, one must be purchased from a major authority (GeoTrust, Comodo, etc.) for the hostname of your server.

As an added benefit for ServInt customers, we offer both quick verification and full verification SSL certificates. We will assist you in installing any SSL certificate purchased through ServInt.

  1. Log into the customer portal.
  2. Under Products, click Manage [server name]
  3. Click on Order Addons and select + SSL Certificate.

Note: For those running multiple websites on one server, remember that you no longer unique IP addresses to install more than one SSL certificate. Servers running CentOS 6 with versions of cPanel 11.38 and higher support SNI (Server Name Indication). SNI indicates the hostname of the server the client is connecting to during the initial handshake process, which allows for users on shared servers to install SSL certificates without need of dedicated IP addresses.

Once the SSL certificate is installed in Apache, it is then simply a matter of coding your site’s links to load the appropriate pages using HTTPS. For example, if you are building a custom ecommerce solution, the link to “checkout” might be set to load the checkout page (requesting credit card info) as HTTPS.

Note: If you are using out-of-the-box ecommerce solutions such as Magento, they come preconfigured to use HTTPS assuming you have a certificate installed.

When SSL is installed on your server, users typing in your url manually can pull up any page of your server using SSL. But through your website design you can choose which pages must be loaded using SSL.

Photo by Yuri Samoilov

Find out more about ServInt solutions
VPS

Starting at $27

Comments
  1. dj, thanks for the questions. 1. the difference between quick and full verification has to do with how deep Geotrust goes in looking into the purchaser's identity. With a QuickSSL cert, as soon as you can verify the email, you have the cert. With any full verification certs, their True BusinessID line, there is a longer process of verification involved. (BTW- full verification will get you that green bar in your users' browsers when they navigate to your site.) A good place to read up on the different certificates available through Geotrust is here. 2. If you order a certificate through your customer portal, we will install it for you on your server (either full or quick). Unfortunately, we cannot install certificates that were not purchased through us because we do not control them. If you have any more specific questions, open up a ticket in the customer portal.
  2. Hello thanks for article, what is the difference between quick and full verification? do you set any of them, I mean, comodo and Geotrust? can you set it in case I've purchased it from a 3rd party? Thanks!
  • The New York Times
  • The Hill
  • Bloomberg
  • The Seattle Times
  • Computer World
  • Ars Technica
  • MSNBC