02 Aug SSL Certificate Basics
If you’ve just installed an SSL certificate on your site, and you haven’t properly secured your site afterwards, it’s not going to help you one little bit
Hi folks. Paul here. A very quick video I wanted to do on SSL certificates and helping you to understand that just because you may have purchased an SSL certificate, if it hasn’t been installed correctly on your site or if your site hasn’t been secured correctly, it’s still not secure, and it’s not going to help you one little bit.
Now I’m on a website at the moment called whynopadlock.com. You can just Google it. Why no padlock? Because sometimes after people purchase an SSL certificate and then they go and install it through the cPanel, which is quite easy to do, it still doesn’t come up as secure on their website. There’s a lot more to it than just that. So you can’t have just anybody who really isn’t up to speed on this type of thing doing it.
Here’s my best suggestion. If you have an SSL certificate, go and just Google whynopadlock.com and put in, as you can see I’ve done up here for mine, https://, all the Ws and then your website.com, and it will scan and it will let you know if the items of your website are also secure. You can see here in this example that mine passes quite fine.
Here’s the thing. That’s not always the case. I thought I’d record this video today after doing this on a client’s site and I discovered a number of insecure items. Now this is not just on the home page, this was on all pages. Now for client privacy I have blurred out this section just here, but now I can see that this has been done, and no, we didn’t do it. We will now go back and fix this up.
There’s another problem also though, and that is just the redirect from the http:// to the https. That also needs to be done.
See when it comes to purchasing an SSL certificate, there are more than just one type. There are different levels of security, and then there are more than just one thing that you need to do to secure your site.
And one of the things that I’m going to want to talk you about in coming months is securing and setting up an SSL certificate and deciding: Do you need a standard SSL certificate, or do you need a wildcard SSL certificate? What I’ve set up for clients whom I’m also hosting for is a simple process where you can come and make the purchase, and then we just simply take care of everything else. But it really depends on what you need.
Now let me just answer one question before I finish up this video. Pricing. What kind of costs are involved? Well, there are some very cheap SSLs out there, absolutely. You want to go and grab those and do it yourself and if you know how to do it, great. But the shared SSLs that generally compile that cheaper, what I’d call I guess a Class 1 SSL certificate, I’d never put that on my own site and I didn’t. I wanted what I would call a Class 2. It’s non-shared. It’s just for me. It’s designed and set up for my server. It’s designed and set up for my domain name. Okay. It covers all the bases. Actually, I have a wildcard certificate which also covers all of my subdomains as well.
Now there is another level yet again beyond, I guess for a name in my own words Class 3, really only needed for the corporates and so on, and that difference is often seen, if I can just move my screen here a little bit, up the top here, left corner, you can see that we have the secure https. This is the Level 2 or mid-range, same as what I sell on my site for people whom I’m hosting for on my VPS server.
The Level 3, you would have seen this. You’ll see the company and the business information up here as well. It’s a whole new ball game altogether.
So this just gives you an idea of some of the options when it comes to SSL certificates. For you, when I contact you, and we’ll be doing this soon, I’d be good to talk, find out so you understand what’s required and of course move on from there. But it is important now that we get all our clients onto the SSL secure https. It protects the data transfer between the browser and the server. It has nothing to do with hack protection and things like that. It’s about data transfer usually through your forms and so on.
Look, if you’ve got some questions, hit Reply on this and come back to me, and we’ll follow up from there. If not, I will talk to you soon and be in touch. Thanks. Bye-bye.