![\"The](\"https:\/\/dev.languedoc121tech.fr\/wp-content\/uploads\/2018\/07\/SSL-HTTPS-Secure-Connection-Message.jpg\")
<\/a><\/p>\nLikewise, if you click on the exclamation mark (on an unsecured site) you get this less reassuring message:<\/p>\n
SSL stands for Secure Socket Layer and is a security protocol that uses a certificate chain between the server that hosts your site and a third-party who is authorised to issue certificates to verify that you are who you say you are online. When you have set up your SSL certificate and followed the steps on your server to verify the certificate, your site’s URL changes from http:\/\/yoursitename.com to\u00a0https:\/\/yoursitename.com – and the address shown in Chrome is displayed with the green padlock and is prefixed with Secure |, as shown above.<\/p>\n I had clients ask me whether this was an essential task and for a while I said that it should be on the to-do list but wasn’t something they needed to rush towards, given the nature of their websites. For anyone trading online, selling products, exchanging personal or sensitive date, the change has been more pressing and really, if that’s the purposes of your site, you should have done this by now. But if you’re not asking clients for their personal information via the web, why the need to change?<\/p>\n There are two main reasons for doing this now. First, as of today, the new version of the Chrome browser marks sites that do not have an SSL certificate as “Not Secure”. Essentially nothing has changed: the site is no less secure today than it was yesterday. The point really is that it’s not as secure as sites that do have an SSL certificate. As more and more sites make this change and we come to expect to see the word “Secure” up there in the address bar, there’s an element of reassurance, of professionalism, to a site that secure over one that isn’t. The second reason is that it can also help with identifying bogus sites and tells your customers that the site they’re on is the real deal. There are some common scams that rely on users not really understanding that the site they’re on is a convincing copy of the real one, and then the scammers use that fake front-end to abuse the trust you’ve placed in the company you think you’re dealing with in order to persuade you to hand over personal details that can then be used to access your bank accounts or cards. So there are definitely benefits to you as a consumer to only interacting with sites (especially for financial transactions) with SSL certificated sites. As a business, it means your customers can come to your site and be assured that they’re not on a copy site, and that it really is you that they’re dealing with, and that any data they send will not be falling into the wrong hands.<\/p>\n The steps to create an SSL certificate and install it on your site are given below.<\/p>\n Once you’ve installed the certificate there are three more steps:<\/p>\n With the optional fourth step of updating your Google Webaster Console.<\/p>\n As you can see, before adding the security certificate, my site’s URL looks like this:<\/p>\n By the time we’ve worked through these steps it will look like this:<\/p>\n The instructions here assume you’re using a relatively current version of CPanel to administer your site. If you’re using a site builder like Wix or SquareSpace you’ll need to check their site-specific instructions. To help you out I’ve put some links to the most common platforms at the bottom of this page. If you’re not sure about this get in touch.<\/em><\/p>\n 1.<\/strong> Login to CPanel and scroll to the the Security<\/strong> section. 2.<\/strong> Click on SSL<\/strong> and then Install and Manage SSL for your site (HTTPS)<\/strong>.<\/p>\n 3.<\/strong> Click on Certificate Details<\/strong>.<\/p>\n 4.<\/strong> Scroll down and click on Install an SSL Website<\/strong>.<\/p>\n 5.<\/strong> Select your domain from the drop down and click Autofill by Domain<\/strong>.<\/p>\n You then get a message showing that the certificate field below is completed. That’s it!<\/span><\/p>\n When I did it I got a warning in Chrome that it was a self-signed certificate (as in one assigned by the same host as my server.)\u00a0 <\/span>Kaspersky decided to chip in too:<\/span><\/p>\n This means that it has not been verified by a third-party and could, therefore, be a fake! Of course, I know it’s not but what about my customers? L<\/span>et’s install it properly and verify the details. That will get rid of the warnings.<\/p>\n 6.<\/strong> This time click Let\u2019s Encrypt SSL<\/strong>\u00a0in CPanel.\u00a0<\/span><\/p>\n You can see from the list that I have an SSL certificate assigned to the site but that it is not installed.<\/p>\n 7.<\/strong> Click Reinstall<\/strong>. You can see that the listing changes to show that the security certificate has been installed.<\/p>\n Great. That’s the first part done.\u00a0Now if you go to your browser and click refresh on your web page you should see the site listed as Secure.<\/p>\n On WordPress, which is what I use for my site, it’s really easy to do this.<\/p>\n 1.<\/strong> Login to your Admin panel (yoursite.com\/wp-admin), then click on Settings<\/strong> and General<\/strong>.<\/p>\n Scroll to the bottom of the page and click Save Changes<\/strong>.<\/p>\n<\/li>\n<\/ol>\n That’s WordPress done.<\/p>\n If your site has been online for a while you will (hopefully) have other sites linking to you, links from social media, etc. Without a redirect in place the the browser will just assume any pages or posts with the web address starting HTTP have disappeared, which is very bad for your SEO and very bad for your business generally! Setting what’s called a “301 redirect” will ensure that anyone coming to your site from an old link will find your new HTTPS-addressed page. You do this by accessing your site’s htaccess file.<\/p>\n 1.<\/strong> Access the server and navigate to your site\u2019s files. You can either do this with FTP or directly via CPanel.<\/span><\/p>\n 2.<\/strong>\u00a0Create a local copy of your site’s\u00a0htaccess<\/em> file.<\/p>\n 3.<\/strong> Add the following code at the top of the file:<\/p>\n 4.<\/strong> In the code above, change yoursite.com<\/em> to the name of your site. My htaccess<\/em> file now looks like this:<\/p>\n You can use any text editor, such as Notepad (installed with Windows) or something more sophisticated, like Notepad++ (freeware).<\/span><\/p>\n 5.<\/strong> Save and copy the updated file back to your server.<\/p>\n That’s it: the redirect is in place.\u00a0If you click on an old link to\u00a0your site, say from a Facebook post, and it should find the right page.<\/p>\n This is another non-essential step, but it’s nice to verify it’s all working so I recommend you visit the SSL Labs page to check your certificate. Click on the link below,\u00a0enter your site\u2019s URL and click Submit<\/strong>. All being well you\u2019ll see the certificate details listed on the page below.\u00a0<\/span><\/p>\n https:\/\/www.ssllabs.com\/ssltest\/index.html<\/span><\/a><\/p>\n Now for one more step, which you can skip if you’re not using Google Webmaster Tools.<\/p>\n It’s worth having all versions of your website’s address registered in Google Webmaster because Google likes verified sites – and we all want Google to like our sites!\u00a0If you haven\u2019t already set up your site with Google Webmaster, now is the time to do it.\u00a0<\/span><\/p>\n 1.<\/strong> Sign in to your Google Webmaster<\/a>\u00a0account. You can see that there are already register versions of my site with and without the “www” – but nothing yet for HTTPS.<\/p>\n 2.<\/strong> Click ADD A PROPERTY<\/strong>.<\/p>\n 3.<\/strong> Enter your site\u2019s details, then click Add<\/strong>.<\/p>\n 4.<\/strong> Select the Alternate Methods<\/strong> tab and choose your method. I like the HTML file upload<\/strong> method, which involves downloading a file and putting in the \/public_html file on your site\u2019s server.\u00a0If you\u2019ve been through the verification process with other non-HTTPS versions of your site, you don\u2019t need to copy the file again.<\/span><\/p>\n 5.<\/strong> When the file is on your server, click I am Not a Robot<\/strong> and then Verify<\/strong>.<\/p>\n After you click Verify you\u2019ll get a message confirming that your ownership of the site has been verified. Et voila!<\/em><\/span><\/p>\n 6.<\/strong> Now do the same for the HTPPS version of your site but minus the “www” in the site address. For example, your site can be accessed using the URL <\/span>www.languedoc121tech.fr<\/span><\/a> or just languedoc121tech.fr so both need to be registered with the Search Console.<\/span><\/p>\n 7.<\/strong>\u00a0Next, click on Search Console<\/strong> to go back to the overview page (which lists all the domains you\u2019ve registered using the Google Webmaster account) and check the listing. Mine looks like this, with HTTP and HTTPS versions for the variations of the domain name (with and without “www”).<\/span><\/p>\n That\u2019s it: you\u2019re done!<\/span><\/p>\n So there you have it. It’s a little bit of work, a little bit techy places, but not a major job and doesn’t cost a thing if you do it yourself.\u00a0If a web developer tries to bill you for\u00a0multiple hours or suggesting you pay for your SSL certificate, then you would be better to find another developer! Or you can contact me, of course.<\/p>\n If you do decide to do this yourself, please leave a comment below. Likewise, if you get stuck or have any problems.<\/p>\n [su_divider]<\/p>\n Here are links to SSL installation instructions for some popular website builders.<\/p>\n [ls_content_block id=”343″]<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" Introduction Google announced last year that they were prioritising sites that had a verified SSL Certificate over those that didn’t. This meant, in SEO terms, that those who made the move or who were already set up that way had a slight SEO advantage (all things being equal, which of course they never are.) They…<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"kt_blocks_editor_width":"","_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_vp_format_video_url":"","_vp_image_focal_point":[]},"categories":[43,4,49],"tags":[42,47,48],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"vp_sm":false,"vp_md":false,"vp_lg":false,"vp_xl":false,"vp_sm_popup":false,"vp_md_popup":false,"vp_xl_popup":false,"1536x1536":false,"2048x2048":false,"page-title-image":false},"uagb_author_info":{"display_name":"Admin","author_link":"https:\/\/dev.languedoc121tech.fr\/?author=2"},"uagb_comment_info":61,"uagb_excerpt":"Introduction Google announced last year that they were prioritising sites that had a verified SSL Certificate over those that didn’t. This meant, in SEO terms, that those who made the move or who were already set up that way had a slight SEO advantage (all things being equal, which of course they never are.) They...","_links":{"self":[{"href":"https:\/\/dev.languedoc121tech.fr\/index.php?rest_route=\/wp\/v2\/posts\/487"}],"collection":[{"href":"https:\/\/dev.languedoc121tech.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dev.languedoc121tech.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dev.languedoc121tech.fr\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dev.languedoc121tech.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=487"}],"version-history":[{"count":0,"href":"https:\/\/dev.languedoc121tech.fr\/index.php?rest_route=\/wp\/v2\/posts\/487\/revisions"}],"wp:attachment":[{"href":"https:\/\/dev.languedoc121tech.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dev.languedoc121tech.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=487"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dev.languedoc121tech.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<\/a><\/p>\nWhat is SSL?<\/h2>\n
Do I need an SSL certificate for my site?<\/h2>\n
How do I make the change to HTTPS on my site?<\/h2>\n
\n
<\/a><\/p>\n<\/a><\/p>\n
\n
\nStep 1: Create and Install your SSL Certificate<\/strong><\/h3>\n
<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\nStep 2: Change Site Links<\/h3>\n
<\/a><\/p>\n\n
Step 3: Redirect Search Engines to your HTTPS Site<\/strong><\/h3>\n
RewriteEngine on\nRewriteCond %{HTTP_HOST} ^yoursite.com [NC,OR]<\/span>\nRewriteCond %{HTTP_HOST} ^www.yoursite.com [NC]<\/span>\nRewriteRule ^(.*)$ https:\/\/www.yoursite.com\/$1 [L,R=301,NC]<\/span><\/pre>\nRewriteEngine on<\/span>\nRewriteCond %{HTTP_HOST} ^languedoc121tech.fr [NC,OR]<\/span>\nRewriteCond %{HTTP_HOST} ^wwwlanguedoc121tech.fr [NC]\n<\/span>RewriteRule ^(.*)$ https:\/\/www.languedoc121tech.fr\/$1 [L,R=301,NC]<\/span><\/pre>\nStep 4. Check on your SSL Certificate<\/h3>\n
Step 5: Add your HTTPS site to Google Webmaster<\/strong><\/h3>\n
<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\nConclusion<\/h2>\n
Useful Links<\/h2>\n
SquareSpace<\/h3>\n
\n
Wix<\/h3>\n
\n
Weebly<\/h3>\n
\n