I describe how to enable HTTPS on your website by showing exactly how I did it for my Security Elements website (https://www.SecurityElements.com). Please let me know if you have any questions!
I decided to enable HTTPS for my website to capture the process for my book: Website Security for Small Businesses. Plus, the SEO benefit!
I went with NameCheap because they have good certificates (Comodo) and they are pretty darn cheap. I paid $9.00 for the “PositiveSSL” certificate, which is the most basic option.
I created a private key which is used in the HTTPS process. I did this on the Hostmonster Cpanel, which is very user-friendly for webmasters wanting to set up HTTPS.
I also needed to generate a certificate signing request (CSR) which is necessary before activating your certificate. I also did this on the Hostmonster Cpanel.
I went back to NameCheap and activated my certificate.
Once I got the activated certificate from NameCheap, I went back to Hostmonster and uploaded it.
At this point, the key and .CRT files needed to be installed on my webserver. Rather than try to figure out how to do that myself, I opened up a chat session with Hostmonster tech support and they had me set up within 10 minutes.
I went back to my SecurityElements.com website and tried to confirm that HTTPS was working, but I saw that there was a little exclamation point on my padlock. When I clicked on it, I got a message that all the content on my site might not be secure. I opened my site in Chrome and typed CTRL+SHIFT+J to pull up the “Developer Tools” to begin troubleshooting. I saw that I had many images hardcoded to the old “HTTP” version of my website which was causing a “mixed content” problem because everything was supposed to be HTTPS. I recoded those links to just use the relative paths. After about 10 minutes of troubleshooting, everything was fixed.
Happy day! I confirmed that HTTPS was working on SecurityElements.com.
I went to the Qualys SSL Labs site (https://www.ssllabs.com/ssltest/) and tested SecurityElements.com. I got an “A” overall rating!
I added a few lines to my .htaccess file so anyone typing SecurityElements.com into their browser will be redirected to https://www.securityelements.com.
I went to Google Webmaster Tools and added both https://securityelements.com and https://www.securityelements.com. I set https://www.securityelements.com as the preferred domain in the site settings options.
Please let me know if you have any questions! Ask your questions here: https://wp.me/p5EVbI-31