“Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as ‘not secure’”– Google blog, Feb 8, 2018
It is 2020 and it’s been two years since Google Chrome has stated strongly that websites need to adopt HTTPS encryption. Wondering why this high need to Update your site to use https? Well, the job of HTTPS or Hypertext Transfer Protocol Secure is to protect the data confidentiality and integrity between your website and the user’s device. In short, it’s for the security of your website as well as your user’s device. (No doubt Google gives importance to HTTPS, User Always comes first!)
The Data which is sent using HTTPS is secured through three-layered protection in form of – (i) Encryption i.e. it encrypts the data being exchanged; (ii) Authentication i.e. it allows for clear communication between the users and the website so that there is protection between the middle attacks; and (iii) Data Integrity i.e. it prevents any modification or corruption (intentionally or unintentionally) during the data transfer without detection.
These security measures are of utmost importance because –
Every day on average, about30,000 new websites face hacking; and hackers attack after about every 39 seconds.
So, if you were questioning the need for HTTPS and security, these figures should convince you. Do note that this protection or security is given via the TLS i.e. Transport Layer Security protocol the TLS was previously referred to as Secure Socket Layer (SSL), and hence TLS and SSL terms are used interchangeably.
To put it without confusing you, HTTPS provides security to the data, and it does so using the SSL certificate or TLS certificate. And now that you understand the importance of having HTTPS on your website domain, let’s see how you can use HTTPS on your domain by following the following 5 simple steps.
How To Use HTTPS On Your Domain By Following The Following 5 Steps:
- Get A Dedicated IP Address:
When you are finding a hosting provider for your website, find one which provides you an IP address that belongs only to your website i.e. which is a dedicated IP address. Because, if your IP is shared with other multiple websites, and you all use the same location the security can be easily compromised. And if you have a shared IP, you can upgrade to a dedicated IP providing host.
- Get An SSL Certificate:
To use HTTPS on your domain, you’ll require an SSL certificate. This certificate will be like identification of your website –proof that your website is in truth your website. It is simply put, a paragraph of numbers and letters known only to your website. Thus, you can create the certificate yourselves, however, as the browsers tend to check your certificate with well known ‘Certificate Authorities’ i.e. CA’s, it is better to purchase a certificate from the CA’s. Thus, they can vouch for you. Also, there are some organizations which provide free SSL Certificate. This will let you Make your website https for free. However, the free version will have limited validity, maintenance, domain association, and personalization facilities, etc. For example, while paid certificates can be valid for 1-2 years, the free SSL Certificates are valid only up to some 90 days. Also, free certificates apply to only a single domain, on the other hand, paid SSL Certificates can be associated with multiple domains.
- Get Your Certificate Activated:
Now that you have your SSL/TLS Certificate, you need to generate a CSR for it. You can do this using your Web Hosting control panel. For this, you should to the admin area of SSL and select ‘Generate an SSL Certificate and Signing Request”. After that fill in the fields given in the panel screen to proceed. The screen which appears after that will have some text paragraphs, of which, you should copy the first block. This will be the paragraph/ ‘CSR’ which will be the identifier of your website. You should submit this CSR to your Certificate issuer. For that, you should log in to your account from where you got your certificate, where you paste the CSR and add in other fields. You’ll receive your certificate as a .crt file at your email address. P.S. your web host may also do this for you.
- Get Your Certificate Installed:
Once activated the certificate, go to your Web host control panel, choose the ‘Install an SSL Certificate’ option under SSL/TLS menu. Into the first box there, paste your Certificate and submit. And voila! you are done. You can now try and access your HTTPS site. Do note, that like the previous step, this step may also be done by your web host. You need to confirm this with them accordingly.
- Get Your Site Updated To Use HTTPS:
After installing the certificate, you can see your site load if you go to e.g.: https://nameofyoursite.com. This indicates that you have enabled the HTTPS protocol. however, what you need now is to make sure that your site visitors too are accessing your site through HTTPS. Remember that not all of your pages need to be secured. There will be a few pages such as your login page or your cart, your checkout page, etc. where sensitive data will be submitted. You need to enable HTTPS on such pages. So, prepare a list of all such sensitive pages and their URLs. Then, update all the links which point out these sensitive pages. Also, make use of the server-side approach and add redirects for those users which are not using HTTPS.
And that’s it! You now have HTTPS on your domain. P.S. Do note that HTTPS doesn’t exactly secure your server, but rather secures the transfer of data from the user’s device to your website. Thus, it is important for the security of sensitive data of your users. Hope these steps were easy to understand. Follow them and secure your website and its users device!