How to apply a SSL certificate to your website: get the HTTPS

Security is a critical factor when you are collecting sensitive information such as email and password on your website. Enabling HTTPS is one way of achieving such an objective through the implementation of SSL (Secure Socket Layer). The SSL certificate guarantees the encryption of information going to and from the primary server.

Get Your Dedicated IP Address

SSL certificates will provide you with the best security if your website operates under its dedicated IP address. You should disregard the smaller web hosting plans that promote a platform for shared IP addresses as you do not want other multiple websites to use the same location as yours.

A dedicated IP address will ensure that only your website is benefiting from the web traffic. My recommendation for a reliable and affordable dedicated IP host is StableHost. Their $6/month subscription even goes cheaper when you choose the yearly subscription. Their customer support and service performance are exceptional. Moreover, you could just save yourself the hustle and request your current web host to perform your IP upgrade to a dedicated IP address.

Generate Your CSR

Each of the SSL certificates requires a Certificate Signing Request (CSR). The information under CSR uniquely identifies and protects your website. If you are a customer at and using the windows server hosting environment, you can easily generate your CSR through the use of a very handy SSL Manager Tool that is already in place. The mode of generating the CSR differs with the server environment, but it is a pretty much straight forward procedure whose result is often the CSR, downloaded and saved as a text file.

The Knowledge Base contains an in-depth walkthrough on how to generate CSR for most web servers.

Buy Your SSL Certificate

The next step involves purchasing an SSL certificate which acts like some sort of ID card so as to prove that your website is indeed your website. The SSL certificate entails a paragraph of letters and numbers only known to your website. It is simply a security check password. If a web user uses HTTPS to visit your site, that password is checked for a match before automatically verifying the identity of your website. Thus the content flowing to and from your site is encrypted.

You can create your ‘self-signed cert’ version, but the Certificates Authorities (CAs) are a popular reference point for most browsers. They never fail to have a copy of that long password and thus will only vouch for you if you purchased your certificate through them.

Where to buy your certificates? Try NameCheap and go for their GeoTrust QuickSSL option. Moreover, you will get a site seal that will securely earn your customers’ trust.

Activate The Certificate

Note that the technicality of this step requires that you check with your web host first to see if they can carry it out for you before proceeding. However, if you are familiar with the technical walkthroughs, then you will need to firstly generate a CSR. The task is easy to achieve if you can access your web hosting control panel like the cPanel or WHM.

Once on the SSL/TLS admin area, use the option “Generate an SSL Certificate and Signing Request” and fill out the fields the screen will display.

Your domain name should be on the “How to make cert for an area”. The contact email field can be blank. What follows next will be a display of text blocks.

The first text block is what you need to copy as it is the ‘CSR’ to issue the SSL cert issuer so as to establish your identity. Login to the site from which you bought your certificate, i.e., NameCheap and activate it. Paste the text block (CRS) you copied together with any other relevant field. Your approver email will also come in handy, and once you follow the remaining steps, you should receive your certificate as a .crt file.

Install The Certificate

With your cert in hand, just paste it on the control panel of your web host. If you are operating under the WHM.CPanel, navigate to the SSL/TLS menu and click on the “install an SSL Certificate” option. Paste it into the first text box and then submit. You are now secure to use HTTPS access to your site.

Check Your HTTPS Website

Try accessing your website through HTTPS, if it loads then you have SSL installed and HTTPS protocol enabled successfully. But you need to be certain that the visitors are accessing the site via HTTPS. However, HTTPS protection should only apply to a few pages where sensitive data is submitted like login or cart checkout, or else it would just be a waste of encryption processing. All you need to do is update the target pages’ links to use HTTPS. You can also use the server-side approach to redirect the users to specific pages. Like in PHP

// Require https

if ($_SERVER[‘HTTPS’] != “on”) {

$url = “https://”. $_SERVER[‘SERVER_NAME’] . $_SERVER[‘REQUEST_URI’];

header(“Location: $url”);



Or through the mod-rewrite cheat sheet

Do I need an SSL for my Website?

A Secure Sockets Layer or SSL certificate is simply a methodology designed and implemented to enable online businesse to communicate and interact with their customers through the sharing of information, buying products or services, and browsing on a secure internet platform. The SSL certificate creates a safety net for such kind of internet activities.

You will need an SSL certificate if…

You Accept Payments Online

If your business website allows and supportscredit card payments from customers, then you are definitely in need of an SSL certificate installed on your site. The SSL certificate will encrypt the private credit card information of your customers so as to shield it from unauthorized access that may result from malware or hackers.

However, its applicabilitydoes not have to beon every page of the site as the SSL can alsoonly apply to the checkout or store pages,for example. However, if the customers are paying via services like Paypal as an exclusive payment module, then an SSL certificate is not needed as your clients will not be directly making a payment to your site but through a third party payment system that will handle all the security precautions.

Want to Protect User Password Logins

If you are the administrator of a membership site that is either free or paid, then acquiring an SSL certificate can be a good idea. The members of your site will be submitting confidential information like passwords, names, and email addresses that are most likely duplicated credentials for other membership sites. Thus, without an SSL certificate, you are risking a potential security breachthat may lead to a member’s personal information not being protected.

Want to Secure all your Web forms

If the visitors of your site tend to submit photos, documents, and other personal information through the forms on your website, the acquiring an SSL certificate should not even be a consideration as the user information security should be your site’s priority. Regardless of whether you do x offer subscriptions, memberships or even sell products, there is surprisingly a lot of information collected on the internet in regards to random site visitors.

Without the implementation of an SSL certificate, the interception of some formof input data and certainmail types is easily achievable. Moreover, most customers or visitors to your site will be on the lookout to see whether your site is SSL certified now that we are in a digital era and almost everyone is informed about how x internet security works. Therefore, you should not take the risk of losing your business just because you failed to prioritize the security of your customers or site visitors.


Depending on your hosting provider, many will cater for the inclusion of a shared SSL certificate so as to save you from the hustle of purchasing your own. The SSL security extends to masking sensitive information like the users’ login details. However, using a shared SSL will not include the display of your website of the organization to the end users and may result in a warning.

Conclusively, if your website is a small blog that collects just pictures, then an SSL is not mandatory. However, if customers transact on your site with private information or through login forms, then an SSL should be your priority. SSL FAQ or compare SSL should cater for all your SSL purchase related questions.

Public Key Infrastrucure (PKI): Why do you need it

A public key infrastructure or PKI is simply a comprehensive system whose functional requirements mandate it to offer digital signature and public-key encryption services. The PKI primary role is to deal with the management of keys and certificates of an organization. Thus, through such a management criterion, the resulting networking environment of the organization in question is established and maintained as trustworthy. Therefore, a wide range of applications makes use of the PK enabled services relating to encryptions and digital signatures.

Elements of a Public Key Infrastructure

A typical PKI is comprisedof standards, policies, hardware, and software. The keys and digital certificates in question are managed by the stated four elements that facilitate their creation, administration, distribution, and revocation. The heart of PKI are the digital certificates as they confirm and bind the certificate’s identity on a public key within the same certificate. Therefore, the key elements to be found on typical PKI should include:

The Certificate Authority (CA)

The Certificate Authorityis recognized as a trusted party and its role xis to facilitate the provision of services that will assist in the authentication of entity identities like that of individuals and computers.

The Registration Authority

It is also recognized as the subordinate Certificate Authority (CA). Under the certification of a root CA, it has the mandate of issuing certificates applicable to specific usage scenarios under a root permit.

The Certificate Database

It handles the storage of certificate requests, and also the issuance and revocation of the same certificates.

The Certificate Store

Since it resides on a local machine, it thus qualifies as a suitable place where issued certificates and private keys are stored.

Trust in PKI

Trust in the PKI context has a much deeper meaning than the general usage of the phrase implies. An SSL certificate gives the assurance that the end users on a web interface are interacting with the correct server; however, such levels of assurances tend to be limited. For instance, the DV certificates exclude the organization identity assurance which is not the case when dealing with the EV certificates as the Certificate Authorities (CA) in PKI can easily discern the criminal intent of a potential applicant during the certificate’s application. Therefore, the trust in PKI simply implies to the permitted validation of a certificate by a CA on the users’ trust store.

Why do you need a PKI?

In order for a trustworthy networking environment to stand, the maintenance and establishment strategies of a PKI must prevail through its provision of key and certificate management services. Such transparency and easiness is what you need in your business environment. Thus the permissions, encryption, certificate validation, digital receipts, and digital signatures management services provided by PKI will enable you or your organization to x:

  • Use thesecure storage of the organization’s CA’s private key.
  • Oversee theissuance of the relevant digital certificates to the related devices, applications, and users.
  • Leverage the certificate authentication process xto verify and determine the user or device identity in question.
  • The verification of an application or user certificate through the published Certificate Revocation Lists (CRLS) in order todetermine if the issuing CA still trusts it.
  • The maintenance of the private key histories belonging to various users in an auditable database to serve as a recovery purposed plan.

Everything about Multi Domain (UCC) SSL Certificate

A Multi Domain (UCC) SSL Certificate relates to an SSL (Secure Sockets Layer) certificate which is applicable for securing multiple host names and domain names through a single domain name. The security of UCC is primarily geared towards a single domain name in addition to 99 other SANs (Subject Alternative Names) on a single certificate.

What is a Multi Domain (UCC) SSL Certificate?

X We can define a Multi Domain (UCC) SSL Certificate as a type of certificate that employs the use of SANs (Subject Alternative Names) for the purpose of securing multiple host names. The certificate’s SAN field can accommodate different domain names thus stretching its functional applicability to the included domain names. As an example, a single Multi Domain (UCC) SSL certificate will cater for:


The development of the Multi Domain (UCC) SSL Certificates is primarily applicable to programs relating to Skype, Lync, or Exchange for Business environments or Servers where there is a need for securing multiple cross-platform domain name.

Why do You Need a UCC SSL Certificate?

If you acquire a UCC SSL Certificate, you will benefit from the following key factors:

  • Full control of the Subject Alternative Name (SAN).
  • Cost effective certificate management processes that are easy to control.
  • A 128/256 bit encryption that is 99.9% trustworthy and applicable to most clients, servers, and browsers.
  • The acquisition of unlimited domains that you can move/change with no fee re-issuance policy required.
  • Access to an official Microsoft UCC vendor
  • Design preference applicable to OCS environments and MS Exchange.

The applicability of UCCs is ideal for:

  • Microsoft Live Communications Server
  • Microsoft Exchange Server 2010
  • Microsoft Exchange Server 2007

The compatibility of UCCs is ideally applicable to shared hosting. However, the “Issued To” information relating to the site’s certificate and seal will only avail the registered primary domain name. Moreover, the listing of the secondary hosting accounts you own is also viable in the certificate. Thus, the type of certificate is not recommended if you do not have the preference of all your sites appearing ‘connected.’ However, if the preference works for you, you are good to go.

However, if you are thinking of upgrading a UCC so as to have the inclusion of more names it is solely impossible due to an unavoidable technicality involving its purchase. For instance, if your purchase of the UCC accommodated up to five domain names, you cannot add another domain name unless you purchase a new certificate.

Thus, the use of SANs by the Multi Domain (UCC) SSL Certificates has the capability of securing 250 sub-domains, websites, and domains all under a single Certificate. Additionally, the SSL Certificates are inclusive of a website security bundle, unlimited server licensing, and unlimited reissues hence prone to malware detection so as to protect your site from being mentioned by any website blacklister.         

Everything about Multi Level Subdomain Wildcard SSL Certificate

If your personal websites or the one you are currently working on has several subdomain levels, then your first instinctive step should be to ensure that they are all secured under SSL (Secure Sockets Layer). But first, you need to determine the correct SSL certificate strategy that will work for you.

Frequent Asked Questions on Multi Level Wildcard SSL Certificate

Let us, for instance, assume that you want to secure:

  • and any combination of x

How many levels of Subdomain does a single wildcard cater for?

Notably, only one ‘level’ of Subdomain is covered by the wildcard certificate by RFC 2818.

How do you implement a wildcard in a multilevel Subdomain?

Firstly, the wildcard character * contained in names applicable to domain names is a considerable match to a component of the same domain name ( or the component fragment of the same domain name ( As an example, * will be a direct match for only, and also m*.com will be a direct match for only.

What is the surety that in using the subdomains the end users will directly validate the legitimate ownership of the subdomains displayed to be yours while on the client side or on a browser?

In theory,

A * will be an exact match for only a single level. Therefore, * is not a match for However, if you want to find a match for *, you can implement an algorithm that accommodates the use of several * to accompany a name. Hence if the implementation of all the SSL faithfully follows the RFC 2818 standard, then the only thing you will need are three certificates to cater for the names:

  • *
  • *.*

Moreover, if the implementations abide by the RFC 2818 standard and the X.509 intricacies, then you can successful implement an SSL through a single certificate that will cater for the above three listed strings under a Subject Alt Name extension. If you want to be more practical in creating your example SSL certificates, then you should give the OpenSSL command-line tool a try. It is a very practical open source project to help sharpen up on your practical approach.   


Types of SSL Certificates: Which is the right one for you?

Types of SSL Certificates

The ownership of an SSL certificate depends on trust rather than the key size and the functionality in play. Currently, the three types of SSL certificates available are under a 3-leveled layer of user trust catering for the SSL/TLS negotiations.

Domain Validated Certificate (DV)

The checkup of such certificates is against a domain registry. The certificates lack an identifying organizational information and thus it is not advisable to make them viable for commercial purposes. Regarding price, you can cheaply acquire the certificate, but if its sole purpose is to be applicable on a public website, then it is a high-risk certificate. Its comparison is to the websites with zero star ratings.

Organization Validated Certificate (OV)

The stated type of certificate is trusted. Real agents strictly authenticate such type of organizations against government-hosted business registry databases. The validation process may involve the exchange of some documents or make direct contact with the personnel in question as a proof mechanism to the right of use. Therefore, legitimate business information is contained in OV certificates.
Thus, if the website in question is facing the public or it’s commercial-based, then the requirement of such a standard type certificate is necessary. They are usually equipped with all the necessary information required to validate any organization as a result of their conformity to the X.509 RFC standards.

Extend Validation Certificate (EV)

These certificates not only cater for security but also trust like Symantec Extended Validation Certificates. Most world leading organizations employ its functionality after the realization that switching from the OV to the EV certificate has a direct impact on the improvement of customer confidence and increase in online transactions.
x SSL certificates rekindle the trust of online transactions through the mandate of the website operators to be vetted through the Certificate Authority (CA) so as to acquire an SSL certificate. However, the introduction of the ‘domain-validation-only’ SSL certificates as a move by the CAs to counter commercial pressures, minimal verification is in turn implemented as a performance measure of the certificate’s details.
The user interface of most browsers does not give a clear differentiating parameter between the low-validation certificates and the rigorously vetted ones. Since a padlock icon is usually a user identifier icon of a successfully owned and validated website, successful SSL connections are not a guarantee that the same users will know whether the owned website is validated or not. The result is the use of phishing websites by fraudsters who employ SSL to alter perceived credibility of websites.

How do I Choose the Right One for Me?

How about we picture a scenario that best describes the concept? Let us say that you want to purchase a Smartphone on an online store and that you have encountered three offers from different sellers on the Smartphone brand that you want

1st Offer

You get your Smartphone at a reduced $250 with no comments and zero star rating on the selected product.

2nd Offer

You get your Smartphone at a moderate $375 with half the comments praising the product and its service delivery and the remaining half negating everything.

3rd Offer

You get your Smartphone at an expensive $400 with positive comments like ‘excellent service’ and five-star ratings.
Thus, the seller that is most likely to adhere to the delivery schedule is the one offering the Smartphone at $400 due to the positive comment from the previous buyers. Such a comment or rating creates a conscious or a subconscious decision in the mind of the buyer. Thus, ‘Trust’ is the basis of the decision authenticated by real people.
Therefore an alternate purchase from the 1st and the 2nd offer will mostly be fundamentally based upon price and luck.

The Right SSL Certificate Based on Performance and Security

The DV certificate relates to the 1st Offer as it is not popularly trusted and thus recommended to be only applicable in sectors not concerned with security, like protected internal systems. The certificate lacks the word ‘trust’ such that if a DV certificate website gains visitors, they would be unable to employ the certificate so as to validate if the site’s business is legitimate. An example of such an application would be on blog sites.
The OV certificate relates to the 2nd offer where a user only wants to be partially informed about the organization website that he/she is visiting on a network. The user is x comfortable with the partial measures of security in place and thus the full authenticity of the site is not a priority. An example of such an application would be on social sites.
Finally, EV certificates relates to the 3rd offer since they reassure users of the performance of secured websites. The Guidelines for Extended Validation defines the EV certificates issuing criteria in addition to a much stricter vetting process for the OV certificates. They are therefore suitable for e-commerce related site projects. The strict authentication process of EV certificates not only improves the user confidence and trust but also in distinguishing a secured site from a non-secured one. It is evidently done through a visible green bar triggered on modern browsers.
The combination of the green bar, Symantec/Norton seal, and the trusted Symantec strict validation procedures provides consumers with the highest degree of trust. Therefore, if a site is EV enabled, it is almost impossible to phish or impersonate it. Moreover, even if its content is duplicated, it is still impossible to trigger the Green Bar without the validity of a trusted EV certificate.

Owning a Certificate

Notably, it should be clear enough by now that before you even consider requesting for an SSL certificate, your first move as a security administrator should be to carry out some analytical homework on the matter and answer the following questions:
Do I need it for public or internal use?
What are the methodology and user base required?
What server software and operating system are in play?
What will be its impact and on what systems?
Is there a security policy requirement?

Browser Support for EV Green Bar

The browsers that support the green bar include Opera 9.5+, Safari 3.2+, Firefox 3+, Internet Explorer 7.0+, and Google Chrome. Another EV certificate advantage over DV or OV certificate is about its detailed information concerning the organization in question.

What is the difference between a 128 and 256 bit SSL Certificate

The AES (Advanced Encryption Standard) under the standard sized keys (128, 192, and 256 bits) specify the establishment of electronic data encryption. However, since the 256-bit version turns out to be slower than the 128-bit version, then the 256-bit version automates as the most secure key hence the primary differentiating factor between the two SSL certificates.

What is a Bit?

In computing terms, a bit is the smallest unit of representation of data in a computer.

128 bit Vs 256 bit SSL Certificate

The differentiating factor between the two encryptions depends on the negotiated cipher suit that governs the specific connection. They are defined under TLS (Transport Layer Security). As a random example, TLS_RSA_WITH_AES_128_CBC_SHA will be applicable to a 128-bit key whereas TLS_DHE_RSA_WITH_AES_256_CBC_SHA will be applicable to a 256-bit key.

For instance, during a random connection in a network, the browser uses the security protocols of SSL (Secure Socket Layer) to determine the ciphers suit supported by it and the server. The cipher support is entirely depended on both the server and the client/browser configurations. The connection has no relation to the installed server or its certificate.

Thus an initiated connection from the client/browser sends a hello message to the server with a list of supported cipher suites. The server in return picks the most ideal or strongest common cipher suite it supports and responds accordingly. It is mostly between 40, 56, 128 or 256 bit. The cipher in return creates a symmetrical session key that can either encrypt or decrypt information at any instance.

Applicably, the key encrypts the data between itself and the server thus, the significance of the 128 or 256-bit cipher strength is revealed here. An asymmetrical key pair of 1024 or 2048 bit certificate is issued with a private key. Out of the key pair, one encrypts data coupled with your certificate and public key as the other decrypts data coupled with the stored private key on the server.

After a successful creation of the browser’s symmetrical session key, the server certificate is then applicable in the encryption of the session key which is then sent to the server where it is decrypted with a private key matching the certificate. The technique ensures that both the server and the browser make applicable use of the symmetrical session key to encrypt each other rather than the browser being the only entity encrypted on the server side.

There is no direct relation between the cipher strength of the certificate and the session key. However, a site with a 512-bit certificate will not be allowed by the browser to generate a session key greater than 56 bits.

Why Choose a 128 bit SSL Certificate

If time is a factor to you, then the SSL certificate works best as the encryption and decryption duration is reduced since it generates smaller session keys.

Why Choose a 256 bit SSL Certificate

If reliability in terms of security is the key factor that you are after, then the 256 bit SSL Certificate guarantees its delivery as a result of its longer durations in encryption and decryption of data as it generates bigger session keys

Everything about EV Wildcard SSL certificate

What is an EV wildcard SSL certificate?

An Extended Validation Certificate (EV) is a certificate used for HTTPS websites and software that proves the legal entity controlling the website or software package. Obtaining an EV certificate requires verification of the requesting entity’s identity by a certificate authority.

EV certificates use the same encryption as organization validated certificates and domain validated certificates: the increase in security is due to the identity validation process, which is indicated on the certificate by the policy identifier.

Most browsers’ user interfaces did not clearly differentiate between low-validation certificates and those that have undergone more rigorous vetting. Since any successful SSL/TLS connection causes the padlock icon to appear, users are not likely to be aware of whether the website owner has been validated or not. As a result, fraudsters (including phishing websites) use TLS to add perceived credibility to their websites.

Users of modern browsers can always check the identity of certificate owners by examining the details of the issued certificate which always indicates the certificate owner information such as the name of the organization and its location.

EV certificates are validated against both the Baseline Requirements and the Extended Validation requirements, which place additional requirements on how authorities vet companies. These include manual checks of all the domain names requested by the applicant, checks against official government sources, checks against independent information sources, and phone calls to the company to confirm the position of the applicant. If the certificate is accepted, the government-registered serial number of the business, as well as the physical address, are stored in the EV certificate

Who needs the EV certificate?

It is mostly used by small and large businesses as a mark of a reliable website. Businesses have gone to a digital level, and most of their information is put out on websites, and that is why they need to be issued with an EV certificate.


Everything about WHMCS SSL Certificate

About WHCMCS SSL certificate

Securing your WHMCS installation with a SSL could not be easier. Once both WHMCS and the SSL are installed, you can navigate to the WHMCS Admin Area and complete the setup in seconds.

Web browsers give visual cues, such as a lock icon or a green bar, to let visitors know when their connection is secured. This means that they will trust your website and be more likely to buy. You will not only receive a ranking benefit and potentially improve organic search, but you can also add a trust seal during the checkout process and on your website to give buyers confidence.  

WHMCS is encrypted using Ioncube to protect the source code. These days most servers/web hosts have Ioncube support compiled into the PHP build by default, so you don’t need to do anything extra for it. Installing WHMCS is very simple.

Steps to installing WHMCS

  1. Unzip the contents of the zip file to a folder on your computer
  2. Rename the file to configuration.php
  3. Upload the entire whmcs folder to your website – if you experience problems, try uploading in binary mode
  4. Next, you can rename the folder to whatever you like (billing, clients, etc.)
  5. Now visit the installation script at to run the installer process – if you get an Ioncube related error message, see the installation Ioncube steps above
  6. Follow the instructions on screen to install which will involve setting file permissions as listed below, entering your license key and setting up your primary admin account

Who needs the WHMCS SSL Certificate?

It is mostly used by small and large businesses as a mark of a trustworthy website. Businesses have gone to a digital level, and most of their information is put out on websites, and that is why they need to be issued with a WHMCS SSL Certificate.

Everything about Positive SSL Certificate

About Positive SSL certificate

A Positive SSL is the most popular and inexpensive SSL Certificate introduced by the most trusted CA Comodo. It’s a domain validated SSL that can be issued by just verifying domain ownership. It’s the ideal entry level solution.

The certificate is designed to encrypt website for low volume online transactions. A Comodo Positive SSL does not require a complicated validation and can be issued within 10 minutes. Positive SSL secures your website domain name and helps to protect user’s information, which is transmitted over the internet.

Positive SSL is low-cost SSL Security Solution and best for entry-level, small and mid-sizes websites where they are dealing with low volume online transactions. Positive SSL Certificate is a Domain Validated (DV) SSL Certificate, comes with 256-bit encryption and trusted by all web browser with 99.9% compatibility.

The main benefit of Positive SSL is it gets issued within minutes, and the user does not need to spend large amounts of money. It comes up with strongest 2048-bit signature, and 256-bit long encryption length with SHA-2 secured hash algorithm.

Technical Specifications and Features of Comodo Positive SSL Certificate

  • Offers 256-bit strong encryption
  • 2048-Bit Signature
  • Domain Validated SSL Certificate
  • Quick Issuance within minutes
  • 99.9% Browser and OS Compatibility
  • Free Comodo Static Site Seal
  • Unlimited Server License
  • Unlimited Reissuance

Who uses the positive SSL certificate

It is mostly used by start-ups who want their websites to be recognized as legit. Nowadays, competition has gone a notch higher, and due to the high traffic on the Internet, businesses have to ensure that they are recognized. Websites using this certificate will be given a seal which will show that they can be trusted. It is also not very expensive thus appropriate for startups that need to manage little capital and still be able to cut their niche amongst the competition.