Installing SSL Certificates: What could go wrong?

While the switch to SSL (secure socket layers), also referred to as HTTPS, has so far been advisory from the likes of Google, it is likely to become mandatory in the very near future. If you have already made the switch to HTTPS-based websites this will already have had a positive impact on your rankings. The position of your website on the search engines is very often down to relatively small margins. Installing an SSL certificate should be high on your agenda if you have not already done so.

We will now take a look at the step-by-step process of installing SSL certificates and consider what could go wrong.

How do SSL Certificates work?

Rogue websites and hackers have to a certain extent undermined the reputation and trust of e-commerce websites. The introduction of an SSL certificate works in a very simple manner and is best described as an identity password. When you acquire an SSL certificate off a Certificate Authority (CA) they will retain a copy of the password. The password is also present in the certificate files you load onto your server. When various browsers access your site, the browser software will compare the certificate file on your server to the information held with the Certificate Authority. If both passwords match, this will confirm the visitor is accessing the correct website.

Using SSL certificates and HTTPS ensures that confidential data, whether this is passwords, credit card details, etc, will be encrypted. Therefore offering a greater degree of protection compared to HTTP websites. As stated by Google, your website will also benefit from improved rankings thanks to the trusted SSL certificate. A simple SSL checker program will automatically review the website you access, creating the relevant warnings where applicable.

Installing an SSL certificate

The process of installing an SSL certificate and switching to HTTPS protocol is fairly simple. Many web hosting companies will offer SSL certificate installation as part of their overall package. However, for reference the process is as follows:-

Review your hosting IP address

In a perfect world your websites should all have individual IP addresses as opposed to shared IP addresses. If you have shared IP addresses then, some of your traffic could be redirected away from the intended target. There is also a chance that in this environment even a valid SSL certificate could create a warning flag with the search engines.

Buying an SSL certificate

The next step is to acquire an SSL certificate which is unique issued by a trusted CA. Products such as the Comodo Positive SSL and Comodo EV SSL certificates are very popular. The EV SSL certificates are a hybrid of the traditional SSL certificates requiring extended validation and often prompting visual confirmation on browser searches. The Certificate Authority, in this case Comodo, will update their records to show your certificate information. When your website is accessed via a browser, a warning sign will show if there are discrepancies between the information held with the Certificate Authority and the certificate files on your server.

Activating/installing your SSL certificate

After acquiring an SSL certificate this will need to be activated and installed which is a fairly straightforward process. Most web hosts will complete this step for you. Still, self-activation and self-installation is fairly simple via your web hosting control panel. While it is possible to acquire SSL certificates on a stand-alone basis the vast majority will come as part of a hosting package. Where possible it is advisable to allow your web host to manage the whole SSL certificate process. This ensures that your websites are validated and trusted by search engines, which strengthens the reputation of the hosting company and individual websites.

Switching to HTTPS

The last stage of the process involves switching your site from the HTTP protocol to the HTTPS protocol. You should be aware that SSL certificates encrypt confidential data transfers but do not automatically secure your website. You should still undertake traditional security measures such as utilising firewalls, regularly changing passwords and reviewing your web hosting error report on a regular basis.

The best way to ensure your site is to introduce code snippets or mod-rewrites to redirect traffic to the HTTPS pages. It is essential that all traffic is redirected to the HTTPS protocol otherwise this could compromise the overall security.


Common issues when installing SSL certificates

You should be aware of a number of common issues you might experience when installing SSL certificates. They may create a false flag on search engines/browsers which can have an impact on your rankings and traffic.

Approval verification method

When acquiring an SSL certificate you will have the option to verify via an approved email address, URL or DNS records. Once you have chosen your preferred method this cannot be changed. As a consequence, it may prove impossible to activate your SSL certificate if you have selected the wrong approval method.

Missing private key

In order to maintain the highest level of security  host the certificate signing request and private key on the same server. If this error occurs then your website will not be validated and will not be able to utilise the HTTPS protocol.

Key duplication

As you would expect, a certificate signing request and private key are unique and therefore can only be used once. When generating a new certificate signing request you will also need to generate a new private key.

Incorrect SSL certificate binding instructions

There are various instructions relating to different servers and you may experience SSL certificate binding problems when using the incorrect instructions. Issues with binding are likely to flag your website as insecure which can again be detrimental to traffic and business.

Self-signed certificates

It is possible to create SSL certificates that CAs do not sign. These are self-sign certs, which the website owner signs and uploads to the site. As we move towards the HTTPS protocol standard, the use of self-signed certificates is likely to generate an “untrusted” flag.

Name mismatch

One of the more common warning flags pops up when the domain title on the certificate does not match the domain name provided by the server during the checking process. This occurs when using non-public websites, not covering the www name variation and hosting with a shared IP address.

Items from an insecure source

There is no point in securing your website using the HTTPS protocol and then embed an array of images, videos, JavaScript, etc from unsecure HTTP sources. As a consequence, this will lead to a flag highlighting unsecure source code. You will still view the unsecured code but it will be served under the HTTP protocol which is less secure.