Secure Your WordPress With An SSL Certificate | How To…

how to install an SSL Certificate

If you are building your own website, I cannot stress enough how important this step is. Before we go through the steps to get our SSL Certificate I want to go over some info with you.

Netscape began using Secure Socket Layer (SSL) in 1994 as a means of sending sensitive data over the web.

Before the introduction of SSL it was difficult to ensure privacy over the web in online transactions & data collection via online forms. There was a general distrust of the ability to conduct online transactions and a fear that an individual’s credit card & other personal information could be picked up by a third party and used for unauthorized purchases.

What makes SSL unique is an encryption technique that sends credit card and other personal data through the web. This encryption technique makes the information totally useless to anyone who does not have decoding abilities. If a third party were to intercept the information it would be useless to them.

The use of SSL Digital Certificates also provides a unique level of trust because a certificate verifies the users’ authenticity. This is an important step in instilling trust in potential customers. Many savvy internet users will avoid websites entirely if they do not use SSL.

Without the proper use of SSL, information such as credit card numbers, third parties with less than positive motivations could obtain passwords and personal identification numbers.

A 128-bit key that is harder to break and typically protects personal account information than the 40-bit key. If your name and address is all that is being protected a 40-bit key may be used; the higher bit the key, the greater level of encryption. Most financial institutions only use 128-but keys for the security of their client’s data.

As an online marketer, you will likely be asking your visitors for personal data. Don’t be surprised if your potential customer determines their willingness to do business with you based on the security of your website. Many customers will look for the SSL symbol and will move along if they don’t find it. SSL use can also be recognized by a green padlock symbol in the address bar of your browser window. If the symbol is unlocked then SSL is not in use on the site.

SSL should be enacted on pages requiring a password or might contain personal data most clients would like to keep private. Some sites will place SSL on some pages and forget other pages that are equally as sensitive. For the sake of your personal experience with e commerce, you should implement SSL protocol.

Now that we have covered the basics of what an SSL is, let’s go buy one & get it set up!

You can purchase your SSL via HostYak by going to http://www.hostyak.com/products/ssl

The package you need is a Standard SSL. This is going to run you $39.99/year. We will get back to HostYak in a little bit.

In order to activate this, we are going to get inside of our InMotion cPanel & under the “Security” panel you need to click on “SSL/TLS”.

The first thing we are going to do is to delete all current SSLs that may come with your hosting.

You will see 4 sections. Private Keys, Certificate Signing Requests(This also is referred to as CSR, Certificates & Install and Manage SSL for your site (HTTPS)

Start by clicking on “Manage SSL sites.” under the fourth option.

Under the “Manage Installed SSL Websites” section if you see a certificate you will want to click on “Uninstall”

manage installed ssl certificates

Once you finish that you need to scroll to the bottom of the page and click on Return to SSL Manager or you can click on the cPanel at the top and go back to the SSL/TLS section again.

The next thing you are going to need to do is to click on “Generate, view, or delete SSL certificate signing requests.”

On this page you will need to fill in your information.

Do not worry about the Key section you can skip over that. (Just in case it should say Generate a new 2,048 bit key.)

In the domains section you need to put your domain like this → testedurl.com

Enter your city, state, country, company, email, passphrase(this should be something you can remember – think of this as another password) & a description then click on Generate.

Once you get that you will have your “Encoded Certificate Signing Request

generate certificate signing request

You need to copy the entire thing and past in into a notepad or somewhere where you can keep it and know it’s secure:

—–BEGIN CERTIFICATE REQUEST—–
Copy All Of The Crazy Stuff Here Too
—–End CERTIFICATE REQUEST—–

Be sure to ONLY COPY ENCODED CERTIFICATE SIGNING REQUEST

Ok, now we need to go back to HostYak. Once you login, you will want to make sure you are on the “My Products” page. Under SSL Certificates, click on “Set up” for the SSL you want to install. (If you only have one then you should only have one.)

That is where you will need to paste your CSR from InMotion. Be sure to agree to the terms and conditions then click on “Request Certificate” This process can take between 10-15 minutes. (It’s time for a break! :P)

Now that we’ve given it some time to issue the certificate if you should see a screen that has a massive download button.

download ssl certificate

If you click on Download, it will download the certificate that we need to install on InMotion. All you need to do on the next page is to set the server to Apache.

You then will need to “Unzip” the file. (If you are on a PC I recommend using 7-Zip. I’ve used it for a few months and love it. PS. It is FREE!) (If you are on a mac you should be able to double click on the zip file to unzip it.)

When you unzip the file it will have a file that is a .crt inside of the folder. We are going to use this file next so be sure to have it in a location you can find on your computer.

Now, if you go back in your InMotion cPanel and go back to the SSL/TLS section you need to click on “Generate, view, upload, or delete SSL certificates.” under “Certificates (CRT)”

The next thing that we’re going to is delete the “- Self Signed -”certificates that are on your server. This is easy, all you need to do (if you have a “- Self Signed -” certificate) is click on delete. It will take you to another page asking if you are sure … click delete again.

If you go back to the SSL Certificates (CRT) page you will need to click on “Choose File” and then fill out your description and click on Upload Certificate.

installing a HostYak SSL Certificate

Once you do that you should get a success message:

The certificate for the domain “yourwebsitename.com” has been saved.

Moving forward everything that you do with your website should be done via https://

If you don’t know what that means and you are just following along, don’t worry. Just keep following the steps and you will be fine.

***If you find that you are not getting the green padlock showing that your website is secure, you may want to use WhyNoPadlock.com to see what the issue is.