2017, the year to secure your sites with a SSL certificate • Infomaniak

Beginning in January 2017, the Chrome browser will present sites which are not SSL encrypted as “not secure” [1]. WordPress is announcing that certain functionalities of the CMS will gradually come to need a hosting which supports the HTTPS protocol[2]. The move to SSL is a growing trend, so it is strongly recommended that you install a free SSL certificate on your site before the end of the year in order not to alarm your visitors. This article explains what a SSL certificate is, how it works, and how you can install one for free on your site.

google-chrome-ssl — Starting in January 2017, the words “not secure” will be visible in the Chrome address bar on non-SSL encrypted sites.

What is SSL?

SSL (Secure Sockets Layers) is a technology which allows you to encrypt data transmitted between a website and the connected surfer’s web browser. Millions of websites already use this technology to protect online transactions with their customers. If you have already visited a site using “https://” (notice the “s” after “http://”) and you have seen a small padlock appear in the address bar of your web browser, that means you have already visited a site which uses a SSL certificate.

demo-ssl — The URL address of the sites secured by a SSL certificate start with https and a green padlock is displayed in the browser address bar.

How a SSL certificate works

When you go to a SSL-encrypted website, the web server hosting the site receives your request and submits a response to you which attempts to establish a secure connection between your web browser and the site’s web browser. Your web browser then checks that the SSL certificate has not expired, has been issued by a trusted authority and is being used for the correct website.

If the SSL certificate is authenticated, the data then transferred between the web server and the web browser is encrypted and a chain is displayed in the browser address bar.
If the SSL certificate is not authenticated, your web browser displays a security warning.

Google is not the only entity to push for a more secure internet. The foundation Let’s Encrypt, supported by Mozilla and Infomaniak, offers free HTTPS certificates and tools which help website editors to implement the secure protocol; to date, almost 10 million sites are certified by Let’s Encrypt. We are now going to see how to move a website from http:// to https://.

Installing a SSL certificate on a website

1. Install a SSL certificate on your site

As a partner of Let’s Encrypt, Infomaniak lets you install a free SSL certificate in just a few clicks on the site of your choice. If needed, this guide will help you to install your SSL certificate.

activer-certificat-ssl-infomaniak — Our admin console allows you to install a free SSL certificate in a few clicks.

Once the SSL certificate is installed, the site in question will be accessible at https and http. It is therefore still necessary to redirect your site traffic to https in order to ensure that all your visitors get to the secure version of your site.

2. Redirect your site traffic to the https version

Please follow this guide. It explains how to easily redirect a site’s visitors to its https version with current CMS (WordPress, Joomla, PrestaShop, etc.).

We have also designed a guide which brings together the frequent errors you may find after enabling a SSL certificate.

If needed, you also have the option of launching a call for tenders (without commitment and for free) for a professional to take care of the changes to be made to your site for you.

[1] Source: security.googleblog.com
[2] Source: wordpress.org/news