SSL Certification: What You Need to Do Now and Why
You've heard of Secure Sockets Layer before but perhaps it's not been all that prominent on your radar. Much of your focus has been on putting together the most user-friendly website that you can. A lot of attention was paid to developing quality content, using the right images and in general making sure the site is informative and easy to navigate.
While all those things are important, providing a secure site for your visitors matters. In fact, it's about to become more of a priority than ever. That's because Google is moving forward with rewarding websites that are SSL-certified with priority placement in search engine rankings. Specifically, as of January 2017 Google Chrome began to actively mark http sites as unsecured, a measure that was not taken before. The priority at present is to mark sites that collect financial data and are not SSL-certified as unsecured, but it's just a matter of time before the designation spreads to all http sites.
You can bet that since Google is refining search algorithms to reward sites that are SSL-certified, it's only a matter of time before the other major search engines follow suit. Now is the time to take action and get make sure every page on your site is certified.
Understanding Why SSL is Necessary
SSL is all about the establishment of an encrypted link between a browser and a web server. The purpose is to provide another layer of security that protects your site from hacking attacks while also protecting visitors to your site. In a nutshell, the connection is made and a session key is employed to encrypt all the data that flows through that connection. The connection to the web server is easy for users to detect, since it is noted with "https" rather than the old "http" many people readily recognize.
There's nothing new about this type of secure connection. It's been around for years and many sites already use it as a matter of course. So why the urgency for making the change now when everything has worked fine in the past? There are two reasons.
One has to do with the major push by Google and ultimately the other search engines to rank secure sites higher in search results. If you want to avoid being pushed to the bottom of the rankings, you'll make the switch. The other has to do with avoiding the problems generated by the latest hacking threats. Hackers are coming up with increasingly sophisticated methods of getting into your site, grabbing information, and doing whatever they want with it. Your current security measures need more help. SSL provides you with one more tool to keep your site secure and safe for use.
IT Professionals: How to Make Your Sites SSL-Certified
The process for switching from the present unsecured setup to a secure one is not as difficult as some thing. It basically will require three steps on your part. If you find any of them to be a little out of your area of expertise, seeking help from other professionals will allow you to complete the process. The three basic steps you will follow are: (a) create a certificate signing request, (b) purchase the SSL certificate, and (c) install the newly-purchased SSL certificate on the web server.
The easiest way to create the CSR is to make use of an open-source tool known as OpenSSL. If you use Linux, don't worry. You'll find OpenSSL is either already installed or the package can be obtained through Linux installers.
If you can't find it already installed, a quick installation command will correct the issue. The basic command to try is: yum install openssl openssl-devel
With the installation complete, you can move on to generating the RSA key These commands will establish the directory where you will store the key. Adapt these sample commands by substituting the directory name that is right for your setup:
With the directory now in place, you can run this command to generate the private key, once again substituting the directory name in the example:
openssl genrsa -out ~/domain.com.ssl/domain.com.key 2048
Now you are ready to create the actual CSR. Use this command using the domain name you've worked with so far:
openssl req -new -sha256 -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr
You'll be prompted to enter a series of data that aids in the creation. Remember the following characters cannot be used in the organization name or the organizational unit: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&
Verify your CSR by running this command:
openssl req -noout -text -in ~/domain.com.ssl/domain.com.csr
If the verification is positive, submit the CSR to one of several certificate authorities. The options include Verisign, Thawte and RapidSSL. You can also check with your colleagues to determine if there is a different authority you would prefer to use. You'll quickly have confirmation of the activation and purchase. Once you provide the data to your hosting provider, you'll be ready to move on to the final step.
Installing the certificate on your web server is the last round of the process. Start by copying the certificate contents. Remember to include the "begin certificate" and "end certificiate" lines in the copy. Check for accuracy and then save using domain.com.crt as the format for the name.
Copy the certificate and private key into the server directory where you plan on storing the certificate. The exact name you will provide depends on the type of server you are using. Check with the web server provider to determine what type of name to create. For example, you'll find that the process of naming the certificate will be a little different for an Apache web server versus using an Nginx web server.
After you finish with this step, restart your server and put it to the test. Use the browser to connect to the server and use the https URL that you created earlier. That lets the browser know you are looking for the secure site. When the page comes up in the browser results and you click on the main page, you should see the padlock indicated the SSL certificate is in place.
Your SSL Migration Plan and Search Engine Optimization
The change to a secure site will impact your SEO efforts. Don't worry the impact will be positive once the search engine population is completed. You will need to manage the process so the migration goes off without a hitch.
Your first task is to establish what is known as a 301 redirect from all of your http pages to the corresponding https pages. That can be done using the following commands, substituting your domain name in the appropriate spot:
http://example.com -> must 301 redirect to -> https://example.com
http://example.com/shop -> must 301 redirect to -> https://example.com/shop
You want to do the same thing with redirects from the non-WWW URLs to corresponding WWW URLs with the following commands:
https://www.example.com -> must 301 redirect to -> https://example.com
https://www.example.com/shop -> must 301 redirect to -> https://example.com/shop
You are done with this part once all of the URLs in canonical tags on every one of the website pages reflect the https. Don't forget that any URLs in hreflang tags on those pages must also be with https. The same is true for the inner links to all of your pages and the sitemap,xml.
Depending on how your site is set up and what links out to other sites you have in place, you may need to make sure the URLs in the Open Graph OG:URL tags and your Twitter Cards URL tags are all pointing to the https versions of the pages.
In robots.txt file specify the location of the sitemap by adding the following separate line:
The finishing touch is to set up new property in the Google Search Console. Set geo targeting and upload disavow file (if applicable) to the https property. Change the main URL in the Google Maps profile and then update all incoming backlinks to which you have access. Finally, change the URL to https in Google Analytics.
Remember that you do not have to manage these tasks on your own. In fact, you will find that things will go smoothly if you call in a professional who can help you understand how to conduct each segment of the migration, why each segment matters, and help you get a handle on how to manage the steps when and as you decide to add new pages to your website.
Along with saving time and minimizing the potential for errors, working with a pro to change install the SSL-certification and verify the results will help you develop a better grasp of how much protection this effort will provide. What you learn can be put to good use if you decide to develop some companion websites, landing pages, and even blogs that you want have place high in search engine results.
Don't delay another day. Make the necessary preparations and feel free to get help from an expert. In the long run, you'll protect your rankings and may even find that they are higher than ever.