Regarding website security, the first step to protecting yourself is setting up an SSL for your domain name. However, without technical knowledge, installing an SSL certificate is tricky. Don’t worry! In this ultimate guide, I’ll teach you everything about SSL certificates; what they are, why you need them, and where to buy them. Lastly, I’ll teach you everything you need to know about installing an SSL certificate.
What you’ll learn:
- What an SSL is and why you need one
- Where to purchase the most affordable and most secure SSL certificate
- How to install your new SSL certificate onto the domain name you want to protect
Everything About SSL Certificates
First up, everything about SSL certificates. Let’s talk about what they are, where to buy them, and why you need them.
What’s an SSL certificate?
When you’re online, you must trust the websites you visit to be who they say they are. You also trust that they will protect your identity. For example, when you give your credit card number to a website, you want to know that it’s going to the right place. That’s where an SSL certificate comes into play.
An SSL certificate is an encrypted code that helps verify a web server’s identity. It’s like a secret handshake between your computer and the server. When you connect with an SSL certificate, your browser recognizes it as valid and establishes a secure connection with the server. This handshake ensures that no one can intercept or tamper with any data sent back and forth between your computer and the server.
Why do you need an SSL certificate?
Your website is your business. It’s the first impression you make on your customers, and it’s the place where you can show off all the hard work that goes into making your brand what it is. You want to make sure that you’re protecting your website from hackers and other malicious actors so that only people who are meant to see it can do so—and so that your customers don’t get a big fat “not secure” warning in their browser when they visit your site!
An SSL certificate is like a guard that stands between all the information on your website, and everyone else on the internet—the guard’s job is to keep out anything that doesn’t belong.
Where do I buy an SSL certificate?
If you’re wondering, “where do I buy an SSL certificate,” you’ve come to the right place!
Firstly, you can look at your domain registrar’s website. If your Domain is registered with them, they will likely offer SSL certificates for purchase as an add-on service.
If you’re looking for a cheaper option than buying directly from your registrar, your next option is purchasing an SSL certificate through a company that sells them. The most reputable ones are SSLs.com, SSL Trust, and the SSL Store. I buy my SSLs from the SSL Store because their setup is the easiest.
SSL Store
The Different Types of SSL Certificates
Don’t know how to choose which SSL is right for you? I don’t blame you! With the immense number of options available, it’s super confusing. Luckily, I broke it down for you in a much easier-to-understand way.
There are two different ways to break down SSL certificates:
- Number of Domains to Secure
How many domains need to be protected? Do you have one single domain only? Or do you have a domain and a bunch of subdomains that need protecting? This is where single-domain, multi-domain, and wildcard SSL certificates come into play.
- Validation Level
There’s a validation process you must go through before receiving your SSL from the CA (Certificate Authority). This level of validation varies; remember that the higher the level of validation, the more authority your website will gain.
1. Number of Domains to Secure
The first thing to decide is the number of domains you need to be covered.
- If you have more than one domain name needing an SSL, you want to select a Multi-Domain certificate.
- If you have one domain name with subdomains and want one SSL certificate to cover them all, you want to purchase a Wildcard SSL.
- And last but not least, if you have more than one domain name and unlimited subdomains, you want to purchase a Multi-Domain Wildcard SSL.
Check out my chart below to visualize it.
2. Validation Level Required
When it comes to encryption, all SSL certificates offer the same. However, they do vary regarding validation level. Certificate authorities issue SSL certificates in three separate validation levels:
- Domain Validated (DV)
These are the most affordable SSL certificates available. They require the least extensive validation process. All you have to do to receive a domain-validated SSL is prove to the CA that you indeed own the domain name you wish to secure. These SSLs are best for small personal websites like blogs and portfolio websites. They offer secure protection but not a lot of trust indicators (like badges/seals).
- Organization Validated (OV)
These are SSLs made for the websites of businesses and other registered organizations. Organization Validated (OV) SSL certificates require more extensive validation than DV SSLs. But don’t worry! As long as your business is registered, it should only take a couple of days to be validated.
- Extended Validated (DV)
EV SSLs offer the highest level of trustworthiness to a website. They require the most intense validation process because the CA wants to ensure that all domains with an Extended Validated certificate are legitimate. A Georgia Tech study discovered that 99.99% of domains with an EV SSL are 99.99% likely to be free from phishing and abuse. These certificates are the best of the best regarding SSL certification.
Some popular EV SSLs:
- GeoTrust True BusinessID with EV
- GeoTrust True BusinessID with EV Multi-Domain
- GeoTrust True BusinessID EV (FLEX)
- Thawte SSL Web Server with EV
- Thawte SSL Web Server EV (FLEX)
- Comodo EV SSL
- Comodo EV Multi-Domain
- PositiveSSL EV
- PositiveSSL EV Multi-Domain
- EnterpriseSSL Pro with EV
- EnterpriseSSL Pro with EV Multi-Domain
- DigiCert Basic EV
- DigiCert Secure Site EV (FLEX)
- DigiCert Extended Validation SSL
- DigiCert EV Multi-Domain SSL
- DigiCert Secure Site EV SSL
Brands the SSL Store Has:
Installing an SSL: What to do leading up to installation
Finally, we’ve made it to the meat of the post! Installing an SSL certificate. There are a few things you’ll need to get started. I will proceed with the directions as if you’ve just purchased an SSL certificate from the SSL Store. They have every possible SSL you could ever want or need, and their level of support is unrivaled. After purchasing your SSL, we can proceed with the installation! Let’s get started.
Checklist for Installing an SSL Certificate:
- An SSL Certificate
- A domain name needing protection
- A computer with internet access
Step 1: Login into your dashboard
After purchasing an SSL certificate from the SSL Store, they’ll send you a confirmation email to the address you provide them with during checkout. Go ahead and navigate to that email to access the login link to your account.
Because I purchased a Comodo brand SSL certificate, this is the login page the SSL store sent me to. Depending on which brand SSL certificate you purchase, whatever brand you purchase may bring you to a different brand’s dashboard. However, they will all look fairly identical, and the setup process is the same.
Step 2: Generate Your SSL
In the confirmation email for your purchase, about halfway through will be a link that says “Generate Your SSL” (It will display the SSL you bought). Click on that link.
Alternatively, instead of grabbing the Generate link from your email, you can navigate to the My Account page and log in to your account. Click on the Incomplete Orders section of your account, and listed below will be the SSL you purchased. Under Action, click on Get Started.
Step 3: Answer the prompts
You’ll end up on a page that says Enter CSR at the top. The first thing it asks you is if this is a new SSL or a renewal. Select New if you’re getting a brand new SSL for this Domain and not just renewing an existing one.
Next, select your automated authentication method. As I discussed earlier, all domain-validated SSL certificates must go through the DCV or domain control validation process. DCV is an easy and automated way to prove that you own the Domain and install the SSL certificate. There are four different ways to do this.
Email Verification:
An email will be sent to one of the administrative emails for your account. These are as follows:
- admin@example.com
- administrator@example.com
- hostmaster@example.com
- postmaster@example.com
- webmaster@example.com
HTTP File Based:
You’ll be provided a TXT record that must be uploaded to your site’s root directory. You will select this option if you don’t currently have an SSL installed on your site.
HTTPS Filed Based:
This is the same as above. However, if you already have an SSL installed on your site and this purchase is for a renewal, you’ll want to select this option instead of the HTTP file-based option.
CNAME Record:
Depending on which brand SSL you purchase, you’ll need to upload a CNAME or a TXT record in your DNS records. Aside from the first email option, this is the next best option for verification.
And lastly, we need to generate a CSR and a private key. Go to www.csrgenerator.com. Fill out the information box, and under where it says “common name,” you type the domain name for which the SSL certificate is. You must include www. before the domain name to ensure the SSL will cover both versions of your domain name.
Don’t forget to copy and paste the CSR and private key into a word document or somewhere you can keep it safe! Also, keep it handy because we’ll need it when installing the SSL certificate via cPanel.
Alright, to quickly recap where we’re at: we’ve purchased our SSL certificate and begun the certification process, so the CA (Certificate Authority) will verify our certificate. Once they do that, we can install the SSL certificate.
Installing an SSL: Final Steps of the Installation Process
After you’ve chosen your method for verification and completed it, the CA will issue your certificate and notify you once they do so. After that, the last step is to install the SSL certificate.
1. Start on cPanel
Starting on cPanel, type SSLs into the search bar or scroll down towards the bottom and look for it under the Security section.
Click on SSL/TLS.
2. Manage SSLs
Once on the SSL/TLS page, you’ll see four different chunks of text on the right side that say Private Keys (Key), Certificate Signing Requests (CSR), Certificates (CRT), and Install and Manage SSL For Your Site (HTTPS).
Underneath the Install and Manage SSL For Your Site (HTTPS) option, it says Manage SSL sites.
Click on Manage SSL sites.
3. Entering the CSR and Private Key
After clicking on Manage SSL sites, it’ll take you to another screen that says Manage SSL Hosts at the top. Scroll down to the bottom to where it says Install an SSL Website.
Ignore the browse certificates button to browse already installed SSL certificates. (Since we’re installing ours now, clearly, it’s not already going to be available via the Browse Certificates button.) Underneath the button where it says Domain, go ahead, click the dropdown, and select the domain name you’re installing the SSL certificate for.
Now, retrieve the saved CSR and private key that you generated earlier. Copy and paste those into the Certificate (CRT) and Private Key (KEY) boxes. The third box that says Certificate Authority Bundle (CABUNDLE) should be blank.
Click the button that says Install Certificate, and BOOM! You’ve just officially installed an SSL certificate to your domain name.
Key Takeaways
We covered a lot of ground in this article! Let’s do a quick recap of everything that we’ve learned.
What we’ve learned:
- Installing an SSL certificate is the first step to protecting yourself is setting up an SSL for your domain name
- An SSL certificate is an encrypted code that helps verify a web server’s identity
- How to generate a CSR and private key for our SSL certificate
- Validation Process for our certificate
- Final installation process to install an SSL certificate via cPanel
