SSL Certificate and cPanel
This web hosting tutorial describes what an SSL certificate is, why you need an SSL certificate on your website & how to install an SSL certificate in cPanel.
What is an SSL certificate?
As engineers, we often work with businesses to manage their infrastructure.
Part of this process is making sure that every aspect of the system that we manage is optimized and secured.
One the question we are often asked by customers running their website/application without any kind of encryption is, "so what does SSL certificate mean and why do I need it?".
This seem to be the right question to tackle as we try to understand how to install an SSL certificate in cPanel.
It all started with HTTP,
HTTP ... a protocol designed in the early 1990s defines how messages are formatted and transmitted and was built on top of TCP.
TCP (developed under the sponsorship of the Department of Defense and designed in the 1970s by two DARPA scientists Vint Cerfand Bob Kahn) stands for Transmission Control Protocol and it is the commonly used protocol on the Internet.
When you load a web page, your computer sends TCP packets to the web server’s address, asking it to send the web page to you.
A web server responds by sending a stream of TCP packets which your web browser stitches together to form the web page and display to you.
The recipient sends messages back to the sender saying it received the messages.
TCP guarantees the recipient will receive the packets in order by numbering them.
If the sender does not get a correct response, it will resend the packets to ensure the recipient received them.
But TCP wasn't really built with security mind as it was used by only a few institutions at the early stage of its existence.
The Whole Internet In 1973
Back then, the World Wide Web (known as the ARPANET) consisted of just 42 computer hosts connected to 36 nodes spread across the United States.
This means it was built to be used by those who trusted each other.
But as the internet grows and well ... it become what it is today, it was realized that there were a number of serious security flaws inherent in the protocol regardless of the correctness of any implementations.
So an intermediate layer called SSL was put between TCP and HTTP and this is commonly referred to as HTTPS.
SSL gets HTTP messages, encrypts them, sends them over TCP and decrypts them again at the other end.
HTTPS URLs begin with "https:// " and use port 443 by default, whereas HTTP URLs begin with "http:// " and use port 80 by default.
SSL digital certificates are used by client systems to make authenticated requests to a remote server.
It plays a key role during the SSL handshake and provide strong assurances of the requester's identity.
It also encrypts the data between the web server and a browser so that credit card transactions, social security numbers, legal documents and contracts, usernames, passwords, emails, etc that are being transmitted cannot be eavesdropped on by non-authorized parties.
Why do you need an SSL certificate?
Security & Protection
SSL session via HTTPS not only encrypts all message contents, including the HTTP headers and the request/response data, it also provides authentication.
Server must have a certificate signed by a well known certification authority (CA) that proves its identity.
Without authentication, encryption is useless as an attacker using what is called a man-in-the-middle (MITM) attack could trick you into thinking that his, is the server you want to connect to.
You often will see this when someone creates a fake webpage and once you visits it, the website will force-download something malicious (malware, virus, etc) onto your computer.
To be fully protected though, a website must be completely hosted over HTTPS, without having part of its contents loaded over HTTP.
So if you have only a certain page that contains sensitive information (such as a log-in page) of a website loaded over HTTPS, while the rest of the website loads over plain HTTP, the data being passed and the session is still exposed and will be vulnerable to attacks.
Better Google SEO Ranking
It is true that there are several factors that determine how much search engines love your website.
These will include your site speed, mobile-friendliness and others.
The faster your website, the more people will visit and the higher you’ll appear in search results.
That is why it is important to always host your website with a modern web host that have optimized its hosting platform for speed as Web Hosting Magic.
But Google recently updated its search engine ranking algorithm to include a preference for secure websites too.
This means that if you want to get a better search (SEO) rank position, you must also show that your website is secure by installing an SSL certificate on your website.
Brand Identity
Years back, only few web engineers truly appreciate the need for encryption.
More-so only few website owners actually recognize the need for such security or know about SSL certificates.
The world has changed a lot since those days as each new day brings with it another case of massive breach in both government and business sectors.
Online users are now wiser and more discerning to what kind of website they do business with.
Having an SSL certificate on your website helps you establish trust and online security for your website visitors and business.
Without an SSL certificate, 97% of users to your website will probably not do business with you.
PCI Compliance
In order to accept credit card information on your website, you must pass certain audits that show that you are complying with the Payment Card Industry (PCI) standards.
One of its requirements is the use of an SSL Certificate on your systems.
How To Get An SSL Certificate
Hosting with us means that you will get a free SSL certificate for each website or application.
Our systems installs an automatic SSL on your domains once your hosting account is ready and the domain's DNS properly configured.
If you want to purchase a private SSL for your e-commerce shop or corporate website, then head to SSL page.
How To install SSL certificate in cPanel.
Our systems installs an automatic SSL on your domains once your hosting account is ready and the domain's DNS properly configured.
You do not need to do anything else.
If you would want to purchase a private SSL/TLS certificate, please visit our SSL certificates page.
How does visitors know that my site has an SSL certificate?
Well, there always be these two first clues (the last two are optional):
- a padlock to the left of a URL.
- https URL prefix instead of http
- a green address bar (if it is an EV SSL certificate)
- a trust seal (if installed)