In the online world, change is the only constant, and once again, change is being forced. As if strict standards of code for HTML and CSS languages hadn’t caused a few billable hours, and then increased mobile and tablet use forced one to either rebuild entire web sites to be ‘responsive’ with HTML5 code or face the option of losing traffic and visitors. The ante has been upped once again.
Recently, Google has raised the stakes by demanding that every web site and server have an SSL security certificate installed on your web server. If you do not have a security certificate installed, Google Chrome web browser users will see a great big red banner displayed across their screen proclaiming ‘This WEB SITE IS NOT SECURE’. With Google Chrome browser being used by over 40 percent of computer users, this could have a huge impact on web sites and web visitor traffic. According to Hubspot, 85 percent of web site users will stop browsing a web site if it’s NOT secure, so you can well imagine how this will affect your web site visitors.
How to tell if your web site IS secure and has an SSL security certificate installed:
Simply type ‘HTTPS://yourdomainnameorwebsitenamehere.com’
If your website comes up and it is secure, the URL will start out with HTTPS, the S means ‘Secure’ and a little padlock will also display in your browser bar, which also indicates the web site is secure. If you don’t get the padlock and S in the URL showing, you need a security certificate.
So, what exactly IS a SSL security certificate? Well, SSL is the abbreviations for Secure Sockets Layer (SSL). According to SSL.com,’ SSL is the standard security technology for establishing an encrypted link between a web server and a browser. This encrypted link ensures that all data passed between the web server and browser remains private.’
Why the concern for privacy? Well, many dry cleaners have forms on their web site where they collect personal contact information such as name, addresses and phone numbers. Many dry cleaners that offer charge accounts or route pickup and delivery services also request a credit card number as part of a form to sign up for service, and you DEFINITELY want such highly personal and financial information to be securely transferred, this is why banks and credit card companies insist on higher levels of security.
An SSL security certificate is issued by third part providers for varying fees and varying levels of encryption. Currently, the minimum standard of encryption recommended is 256 bits, and can cost anywhere from as low as 9 dollars per year, to a couple hundred dollars per year. You could go with a higher bit rate of encryption, but 256 bits is currently minimum requirement for banks and credit card companies for their PCI compliance policies. There is even a FREE SSL service, but it requires renewing every 90 days, so it’s a trade-off of time value of money versus how much work do you want to do renewing your free SSL every 90 days.
When you purchase an SSL, you may be asked to provide proof of ownership of your domain name or proof that you control your domain name. This is not that difficult. Many third party SSL certificate companies simply ask you to add a small txt record into your domain name records through your domain name service provider. Once you have demonstrated proof of ownership or control, and paid your fees, you will receive a file filled with what appears to be random upper case, lower case letters and numbers. This long array of letters and numbers starts with: ——BEGIN CERTIFICATE—- and ends with —— END CERTIFICATE——-This file, despite being very strange looking, makes perfect sense to your web server. And those random looking numbers and letters is the code that works with public and private keys that form the secure system for secure communications.
Installing an SSL isn’t for the faint of heart. You need to first fill out some forms with the SSL third party provider. You need to log into your web server account, and find the area where you can administer/install security certificates on your web server hosting your web site. There are processes for generating certificate signing requests , generating private and public keys, and the process of uploading the certificate itself (CRT file). This is rather geeky work, so your web guy, or your web hosting technicians may be better to do the job for you, even if it costs you a few bucks, it’s worth avoiding the headache.
You may also be required by your web hosting company, or your third party certificate authority, to have a dedicated IP address assigned to your domain name/web hosting account. A dedicated IP is unique to your web space and web site alone, so all e-mail and web traffic to and from a web site can be tracked back to just your web site which increases the accountability of your web site to the general public. A dedicated IP is available for a monthly lease rate as low as 2 dollars to 6 dollars per month, or a flat annual fee, depending on your hosting companies’ fees.
If you took my advice and had your web guy or hosting company install your security certificate for you, you might want to get just a little more work done while they are under the hood. Since you went to the extra expense of having a security certificate installed, you may as well have your web site set up so EVERY page shows HTTPS or secure. Your web guy or server tech can update your web site code to redirect ALL web browser requests to the HTTPS (secured) links by default, this way every page will be secure and encrypted. Simply ask your web guy or server tech to amend the .htaccess file appropriately.
Once your site is secured, you can rest assured you are meeting current standards, and your customers will see that their information is safe. Really, it’s a small price to pay for a safer and more reliable internet.