SSL Security

What is an SSL certificate?

Watch the video tutorial or continue reading for written step-by-step instructions:

SSL, or Secure Sockets Layer, is an encryption service that prevents hackers from eavesdropping on sensitive information sent between computers. If you want to sell anything on your site or create a secure login for your visitors, you will need to protect your website so that credit card numbers, email addresses, and other valuable information isn't stolen. SSL encryption is sold by companies called Certificate Authorities (CA). Certificate Authorities issue certificates that assure visitors that their information will be protected, and that the website is not a scam. Don't give sensitive information to sites that don't have an SSL certificate!

You can check the security status of a website by looking for the icon to the left of the web address:

A symbol with a circled letter “i” and/or the words “Not secure” means that the site has not been secured.

A gray lock symbol means that the sit has been secured with an SSL.

The green lock symbol means that the site has been secured and the company has been verified, meaning that the company is not a scam. For example, PayPal applied and paid for an SSL certificate. PayPal was then verified by the Certificate Authority as a legitimate business that won't scam its online customers.

The only time that an SSL is needed is when information is transferred, such as with online purchases, log ins, or surveys.

Even if you are using an outside payment method or shopping cart such as PayPal to handle transactions on your website, you may still need SSL security. Consider what information may still be exposed; any information that is entered directly onto your website and not in an offsite shopping cart (login information, credit card numbers, and mailing addresses) could be exposed and compromised.

Securing Your Site

To secure your site, you will need to install an SSL certificate. The first step is to create a key.

Create a Key

A key will decrypt information that has been encrypted by an SSL certificate. To create a key, click on the “SSL/TLS” application on the BYU Domains Dashboard.

Click the link under “Private Keys (KEY).”

You can come back any time to view and edit your keys on this page. To create a new key, enter a short description of your key under “Generate a New Private Key” and then click “Generate.”

Your Key will be displayed on the next page.

Generate Certificate Signing Request (CSR)

Now that you have a key, you can generate a Certificate Signing Request (CSR). You can send this request to a Certificate Authority to receive an SSL to protect your site.

Return to the SSL/TLS application page.

Click the link under “Certificate Signing Requests (CSR).”

On this page, you can view and edit your CSR's. To create a new CSR, fill in the information requested on the page. In the “Key*” drop-down list, select your new key. If you don't have a company name or company division write “N/A”, or your domain name. You can also visit WHOis.net to see your site information. Once all your information has been entered, click “Generate”.

The next page will show your CSR information. You will need to copy the information in the box entitled “Encoded Certificate Signing Request:”. When you apply for an SSL certificate from a Certificate Authority, they will request this information.

Choose an SSL Certificate Authority

A third party Certificate Authority can encrypt and protect your site. A certificate will assure users that their information won't be stolen and that your site isn't a scam. When choosing an SSL Certificate Authority, there are many options. Here are just ten:

SSL Provider Price per Year Warranty Use
StartSSLFree$10,000This is a great SSL for test purposes, or to encrypt just a little bit of personal information. It is not powerful enough to be used for e-commerce or to secure site login. Moreover, because it is a free service, the StartSSL site can be difficult to manage, and the SSL may be difficult to install or have glitches.
Namecheap$9$10,000Namecheap resells certificates; their certificates give you the validation of a name brand, but the encryption is not as secure as a new certificate. If you just need to protect a simple login or app, this is the right fit.
Positive SSL$50$10,000This is perfect for small-scale e-commerce. It would be ideal for a site that sells just one thing, such as a membership.
GoDaddy$70$10,000This is a good price for a small e-commerce site, and works best when used in conjunction with the rest of GoDaddy's site-building products.
Network Solutions$70$10,000This is a standard certificate that is a good option for a low-sales e-commerce site
Comodo$80$100,000Comodo is a market standard that provides you with everything you need for a great price. This certificate is meant for lower-volume sales or logins.
GeoTrust$150$500,000This certificate has great protection and will facilitate the protection of moderate-volumes sales
DigiCert$175$1,000,000DigiCert has a great warranty and will let you handle do higher-volume sales.
Symantec$400$1,500,000Symantec is the most popular certificate in the market; it is the most trusted and most widely recognized by customers. The warranty is very high and will allow your site to handle high-volume sales and secure logins.

Generally, the more you pay for a certificate, the more secure your site will be. More expensive certificates such as Symantec and DigiCert are also more widely recognized by customers and users as being secure.

The warranties listed on the certificates generally apply to the customers. The warranty covers damage caused in situations where information is stolen because the encryption was hacked (a highly unlikely event for functioning encryption service). The certificates come in contracts of 1-3 years and can be renewed.

The prices in this list are only the starting prices of the most basic models available from each of the brands. Buying a more expensive model (prices not listed here) will give your web address bar a green lock or green security bar. To give you a high-security SSL certificate, the Certificate Authority would go through a more rigorous process to ensure that you are a real person and that your business is legitimate. For example, you could be contacted personally via phone to verify your personal information.

Other certificates called Wildcard certificates, protect not only your site (domain.com), but any sub-domains that may be included in your site (shopping.domain.com, login.domain.com, buy.domain.com, bacon.domain.com). These certificates are about quadruple the price of regular certificates.

To receive an SSL certificate from one of these Certificate Authorities, simply click on the desired company icon and follow the instructions on their websites to pay for and download a certificate. Depending on the certificate, it may take a few days for it to be validated once you have applied.

Create a Self-Signed Certificate

To temporarily protect your site wile you are waiting for your certificate to be authorized, you can create a self-signed certificate. Note that this is only a temporary solution; users cannot be assured of the security of a self-signed certificate. Your website may still appear as insecure to users until you receive a valid certificate from a Certificate Authority.

1. On your BYU Dashboard, click on “SSL/TLS”.

2. Click the link under “Certificates (CTR).”

3. Scroll down to “Generate a New Certificate” and fill in the information. In the “Key*” drop-down, select your new key or generate a new one. If you don't have a company name or company division, write “N/A” or your domain name. You can also visit WHOis.net to see your site information. Once all your information has been entered, click “Generate”.

The next screen will list your new certificate's information. By clicking “Installer,” you can install the certificate. Click here far installation instructions.

Upload a New Certificate

Once you have received your official certificate from Certificate Authority, you can upload it to your site.

1. Go to “SSL/TLS” on your dashboard.

2. Click on the link under “Certificates (CRT).”

3. a. if the Certificate Authority sent you a file, click “Browse” to locate the file and then by click “Upload Certificate.”

3b If the CA sent you a long block of text, paste the text into the box entitled “Paste the certificate into the following text box:”. Then click “Save Certificate.”

Your certificate has been uploaded and is now saved to your panel; however, it has not been activated yet. To do this, you need to install the certificate to your site.

Install a Certificate

1. Go to “SSL/TLS” BYU Domains on your dashboard.

2. Click on “Manage SSL sites.”

3. Click on the “Browse Certificates” button.

4. Select the certificate you wish to use and then click “Use Certificate.”

5. Click “Install Certificate.”

Redirecting Your Website

Once you have installed an SSL certificate, you may notice that your website still does not have a lock symbol. This is because your site needs to be redirected to its new secure address: “https://www.domain.com.” HTTPS stands for “Hyper-Text Transfer Protocol Secure,” and now that you have an SSL certficate installed, that extra “s” means that your site is considered secure.

To redirect your site, first go to the File Manager application on your Dashboard.

In File Manager, go to the folder named “public_html”. and look for a file named “.htaccess”. If you can't find this file, go into your settings, make sure that the box “Show Hidden Files” is checked, and click “Save”.

Once you've found the file “.htaccess”, click on “Code Editor” in the tools panel.

The code of this file will be displayed in a new window. You're going to be replacing the code here. Be very careful when rewriting code. If a dash or a period is out of place, the code may break and cease to function. Broken code will cause malfunctions in your website. You will be replacing the code on lines 5-10, starting with “RewriteEngine On” and ending with “Rewrite Rule . ?index php.”

Copy this text:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

Highlight the text on lines 5-10 in your code editor and replace it with the text above. Now be sure to replace the two places in the code that say “yourdomain” with the name of your real domain. The purpose of this edit is to force anyone trying to access your website to be redirected to your website's secure url: its https address. Be very careful to replace only “yourdomain” and no additional slashes or periods. If not done correctly, the code will not work. Remember to save your changes.

Congratulations, your website now has an SSL certificate! You can now secure your website visitors' information from unwanted eavesdropping.