Switching a website to SSL

It was once accepted that only websites handling financial data (such as customer credit card details) would need to implement security and get the padlock in the visitor's address bar - but not any longer. The padlock indicates that the website owner's credentials have been verified by a trusted third party, and it also means that nobody can eavesdrop on the data flowing between website and visitor.

So, how do we make our website secure? Here are the steps I took:

  • Order an SSL certificate
  • Generate a Certificate Signing Request (CSR)
  • Install the SSL certificate on the web server, and configure your website to use it (eg, on the Apache server, using a new VirtualHost)
  • Check for references to HTTP-specific resources in your code and in your CMS; change them to domain-agnositic or HTTPS
  • Register the HTTPS version of your website with Google Webmaster Tools
  • In Google Analytics (if you use it) specify that HTTPS is the preferred protocol for your domain
  • Modify any monitors that you use (eg, Pingdom, New Relic)
  • Check your SSL configuration, eg, on ssltest.com

Resources that I found useful:

At Google, Secure your site with HTTPS.

At moz.com, The Big List of SEO Tips and Tricks for Using HTTPS on Your Website

At Yoast.com, Moving your website to https / SSL: tips & tricks

At 123-reg, Generate a CSR: Apache (Open SSL)

At AlphaSSL.com, Install Root Certificate in Apache

At CentOS, Setting up an SSL secured Webserver with CentOS


It's quiet in here...Add your comment