Wednesday, November 19, 2014

Obtaining SSL (https) for my site

I mentioned in the other post that I was experimenting some third party software to sell my chocolate rather than using my own written code.  As I am experimenting with these tools, I realized that I will be needing SSL certificate for my website.

I am not using SSL certificate on my site right now because I simply use PayPal button which navigates the customers from my non-secure information-only html/php site to secure PayPal page. Customers tend to like this configuration as a lot of people trust the name of PayPal.  All the secure information such as credit card number are entered on PayPal site. So my hosting didn't need SSL.

Now with the new fancy tools, the customers have to enter their information on my site itself, and not PayPal any more. So, the site itself has to be secured in order to use these tools.  They will still be using PayPal to pay for the transaction, but shipping address and other information are entered on my site and not on PayPal.

So I decided to get proper SSL certificate.  Here are brief summary steps I have taken to do this.  It is not intended for technical reference at all; I am writing this so that you can understand what kind of effort and steps are needed to do this.  This whole steps took me about a week all together from beginning to the end.



1. After searching around for different options, I decided to go with SSLs.com.  They seemed to be the most economical yet dependable and have good reviews.  I entered my information and paid for the certificate.

2. Then I had to contact my hosting company to help me with the certification.  (By the way, I thank them for their great support throughout the process.)  

3. For the certificate, I require to have static IP address.  I had to pay extra to my hosting company to obtain static IP address as my site was not using static IP address before.

4. The hosting company also had to generate a text code called CSR from the server where my site is hosted.  CSR is to me just a bunch of random characters.  Here is a screenshot of the portion of it. (btw, characters in the below image are different than actual one for security reason)


5. I had to go back to SSLs.com where I bought the certificate and enter the CSR code I got in the earlier step.  I had to provide other information such as address etc.

6. I got confirmation email which I had to process to verify and approve the certificate as an administrator.

7. SSLs.com now sends me another bunch of jumbled code called CRT. I had to give that to my hosting company.

8. Once it is done, the site doesn't look right.  It turn out that some contents are referenced with hardcoded http which the browser didn't display. So I had to fix that and some settings...

9. In case when user goes to http, user should be navigated to https site.  This is the configuration of how to do it on Apache. https://www.sslshopper.com/apache-redirect-http-to-https.html


10. Yeah! my site is now https://www.guidea.com/Shiroikoibito/
If I think about it, it's a lot of steps and money to have one extra character on my website address, no? : )

It was a bit of hassle, but everything is working well now and the site is finally secured!

No comments:

Post a Comment