You may have visited websites with ‘http’ or ‘https’ at the beginning of the address bar in your web browser. The difference between the two is that https is a secure port. A secure https connection can be made once you have installed the SSL certificate on your website.
In this article, you will learn what SSL and HTTPS are and why you should use them.
What is HTTPS?
HTTPS is a secure HTTP protocol that uses SSL / TLS for encryption.
When connected to a website over HTTPS, the connection is secure and users can transfer sensitive data such as credit card information, login details and personal details in an encrypted format.
Simply put, this will not make the data readable by humans.
This protects users from hidden attacks, where attackers will steal user information that is transmitted to the website through a browser. If data is transmitted using standard HTTP protocols, the data becomes human-readable, which makes the connection vulnerable to attack.
Why do you need HTTPS and SSL?
In recent years, SSL and HTTPS have been adopted as standard protocols that make the Internet more secure.
Google Chrome launched an update to its browser in January 2017, where web pages containing data input fields for passwords and credit card information are marked as ‘not secure’ if the web page Presented over an insecure (HTTP) connection.
Since update 68 (released in July 2018) Google Chrome has marked the site as ‘not secure’ if the site is linked to an insecure port even if there are no input fields for sensitive information on the webpage. I am The same goes for other browsers like Mozilla FireFox, Safari and Microsoft Edge.
Chrome shows this message:
In Firefox:
And in Edge:
The ‘not secure’ message does not instill confidence in the users of your site. They will probably leave the website in a few seconds.
The following graph shows the statistics of a survey that Komodo sent to 350 American adults. They were asked what they would do if they saw this “unsafe” message on a website.
The majority said they would leave the website immediately and would not enter personal data on the website.
So it is not wise to install it. Now, we’re going through the process of moving your site to HTTPS.
Enabling an SSL on a domain name
At RabHost, we offer a free SSL certificate via Let’s Encrypt.
Free SSL certificates are ‘wildcards’, so will cover all subdomains under your domain name. This includes the name of the vanity host for your email service, such as mail.domain.com, so you can connect your email to secure ports within your mail client, such as Microsoft Outlook.
You can enable the Free SSL certificate from RabHost control panel > SSL/TLS.
From the ‘SSL / TLS’ page you will see the ‘Enable Free SSL’ option. The SSL certificate will be installed and activated on your website in 30 minutes.
Your domain will need to use our nameservers, as this is how we validate the SSL certificate. We also offer Simple SSL Certificates and Extended Validation SSL Certificates that can be purchased for your domain if you do not wish to use our nameservers.
Redirect your website from HTTP to HTTPS
Once you have installed or validated your SSL certificate, you will be able to connect to your website over HTTPS.
However, the default connection method will still be HTTP, so the next step is to make sure your default connection is HTTPS. There are various ways in which you can achieve this.
Using Force HTTPS
One of the features of the RabHost Control Panel is the ‘Force HTTPS’ option.
Turning it on will redirect all users to use HTTPS at the load balance level on our servers. Free SSL Certificate (RabHost Control Panel> Security> SSL / TLS) can be found here to enable.
How to do redirect to HTTPS manually
If you are unable to redirect using the above methods, you can create a redirect rule in your .htaccess file.
.htaccess file is a configuration file used to change the functionality of the Apache Web server without modifying the Apache configuration files.
Typically, you will find the .htaccess file in the root directory of your website or in the public_html folder.
Some hosting providers may hide the file as a precaution. If you do not see the .htaccess file, you may need to enable “Show hidden files”, but you can always create an .htaccess file if it does not already exist in your webspace.
Here is a test example of the Force HTTPS .htaccess principle that you can try. I tested them in the .htaccess file in the root directory of Webspace:
RewriteEngine On
RewriteCond %{HTTPS} !=off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
In the above, ‘RewriteCond% {HTTPS}! = Off’ checks to see if the connection is an insecure HTTP type and if it is, the next line is applied. This line ensures that all HTTP requests are redirected to HTTPS using 301 (permanent redirect).
Here’s another one. In it, make sure to change EXAMPLE.COM to your domain name. Will receive the following HTTP request and redirect it to HTTPS.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.EXAMPLE.COM/$1 [R=301,L,NE]
It uses a different method for the same results. ‘RewriteCond% {SERVER_PORT} 80’ checks whether the request is made on port 80 (which is the HTTP port) and if the condition is met then the next line is executed. This port will rewrite all connections from port 80 to 301 status over HTTPS.
Too many redirects?
If you include these rules in your .htaccess file when the content is already there, remember that you may encounter ‘too many redirect errors’. This is usually due to inconsistent 301 rules. If you are unsure of the cause of the dispute, we recommend seeking the help of a developer.
So, hopefully you have installed your SSL, and your redirects are in place. There are some easy things to do before you run out. But don’t worry: it’s all down here!
Now your site is more secure, for you and your users
Hopefully this article has provided you with some insight into the importance of installing and attaching a valid SSL certificate over HTTPS – and how to do it.
Even if your website is not accepting financial transactions or requesting sensitive data input, installing an SSL certificate can improve your rankings and allow your users to access your web site. Confidence can be gained by visiting the site.
Let us know if you have any questions below, or contact our friendly support team if you have any problems.
