What is SSL and how to install an SSL Certificate?

What is SSL?

Many websites contain abundant information for different reasons, that is very sensitive and requires website security. The most common information includes when a visitor registers for a new account, updates account information or when a payment is made. The hand-off of sensitive information from the browser (the front-end of a website) to the web server (the back-end for processing and storage) takes place is what a Secure Socket Layer (SSL) is designed to protect. Hackers can very easily intercept all of the data passing between your browser and the server without SSL, therefore SSL is required for website security. Also, search engines such as Google prefer sites with SSL and will increase their search engine rating.

It used to be that you needed to pay for a secure certificate and a dedicated IP address in order to secure your site. However, more and more web hosts are providing free secure certificates for all their clients where you don’t need to go through the trouble and expense of purchasing a hosting plan with a dedicated IP address, purchasing a certificate, and installing it. These free certificates serves the purpose of securing transactions and increasing your search engine ranking, however there are two purposes they don’t serve. One is that a paid certificate requires proving your business is an actual entity, guaranteeing to site visitors that you are for real. Second, paid certificates offer transaction insurance, so that if a hacker is able to break the encryption and steal credit card numbers, your customer will be reimbursed.

SSL Certificate

Meaning:

SSL (Secure Sockets Layer) is a standard website security protocol for establishing encrypted links between a web server and a browser in an online communication.

SSL technology is used to ensure that all data transmitted between the web server and browser remains encrypted.

SSL Certificate:

SSL certificates have a key pair: a public and a private key. These keys work together to establish an encrypted connection. When logging in or signing up the Public Key used on the frontend browser will encrypt your data and send it over to the web server backend. In order to decipher the encrypted data you send from the browser, the web server holds a Private Key that can decrypt it.

To get a certificate, you must create a Certificate Signing Request (CSR) on your server.The CSR data file that you send to the Certificate Authority  (CA) contains the public key. The CA uses the CSR data file to create a data structure to match your private key. The CA can never see the private key. 

After the certificate has been activated and issued to you by the Certificate Authority, you can proceed with installing the certificate.

How to install an SSL Certificate?

Every server type has different ways of installing a secure certificate. Typically you can ask your web host to install a certificate for you. Here is how it is done on Windows servers:

To install your newly acquired SSL certificate you need to first copy the file somewhere on the server and then abide by the following steps:

1. Click on Start Menu, go to Administrative Tools, then click on Internet Information Services (IIS) Manager.

2. Click on the name of the server in the Connections column on the left. Double-click on Server Certificates.

3. In the Actions column on the right, click on Complete Certificate Request.

4. Click the button with the three dots and select the server certificate that you received from the certificate authority. If the certificate is not available in a .cer file extension, select to view all types. Enter a name that you want so you can keep a track of the certificate on this server. Click OK.

5. Now, you will see your newly installed certificate in the list. If you receive an error like “request or private key cannot be found”, make sure you are using the correct certificate and that you are installing it to the same server on which you generated the CSR. Ensuring these two things, you may just need to create a new Certificate Request and either reissue or replace the certificate. Contact your certificate authority if you face problems with this.

About the Author