This is a great question. One that I am frequently asked. Especially now that Facebook requires a secured socket Layers – SSL Also, a client who uses an affiliate system hosted on her own domain was a bit concerned about the requirement for affiliates to enter their social security numbers of Employee Identification Number. She wanted to make her potential affiliates feel safe about entering the information. She knew that sites that began with https:// are *usually* secured. She wanted to know how to get that. Entering https:// on her own site gives an error.
When a web page is hosted on a server enabled with the SSL (Secure Socket Layer) protocol via a security certificate, content sent between a user’s browser and the server hosting the secure web page is encrypted, and no one can intercept confidential information such as credit card numbers, Social Security numbers or any other information you type into your browser.
All web hosting companies offer security certificates in most of their hosting plans, either a shared SLL certificate, where all sites on a single shared server are sharing a certificate, or a private SSL certificate, available to websites with a unique IP (web address). For Facebook page admins, the shared SSL is a low-cost and workable choice.
To get https:// on your server you will need:
- A static, dedicated IP address (not the same as dedicated web host although dedicated hosting comes with an IP). You can usually purchase this as an add on from your web host. You’ll probably pay a few dollara more every month to have a special IP number just for you to use. I use Hostgator for this
- A Secure Sockets Layer certificate or better known as SSL certificate. You can purchase this from your web host – many do provide this service. It is a yearly fee and cost anything from $80 a year to thousands a year.
Once you have the two above, your web host can install it for you. I don’t recommend installing it yourself. I’ve done it and it can get confusing. The web host can and should get you set up and running within a day or two. I recommend HostGator who are fabulous in helping you out with this.
To use your brand new secure URL simply point the page you want to ‘secure’ to the https version. For example, if your regular URL is:
http://mydomain.com/order.html
Then just link to:
https://mydomain.com/order.html
If the certificate is installed properly you will see the lock on your browser. If you are using WordPress you might also want to ‘force’ those specific page URLs to https so that people don’t get on the unsecured URL unintentionally. If you have anything on that page – Images, linked files etc remember to use https so the browser will not complain that some items on the page are not secure.
You have to keep in mind that the https does not mean this information, once on your server, is secure. The https only protects the transfer of the information from the user’s computer to your server. Once on your server it is your responsibility to take steps to keep that data safe.
I f you have any questions about HTTPS please contact me