The Chillidog Software Blog

The ramblings of a developer

Lock your doggy doors, Google prefers SSL sites

Google has made a big announcement recently that will soon affect everyone's SEO strategy. There are, however, some things to keep in mind:

  1. At the moment, this affects very few queries. In fact, this it is currently fewer than 1%
  2. This is not considered a very strong signal for SEO. Good content is still, by far, King

Let's take this time, however, and get your site ready for the future!

SSL Certificates and you

SSL certificates come in all shapes and sizes. Don't, however, be tricked in over paying! At Chillidog Hosting we offer two options for a very good reason. These are the only two you could possibly need! In general, here is what you should look for when purchasing a certificate:

  1. 256bit encryption. This is the modern standard for new certificates.
  2. If it protects www. and non-www. versions of your site. For instance, http://chillidogsoftware.com vs. http://www.chillidogsoftware.com

Keep in mind, basic certificates only protect a single domain. For instance, if you wanted to protect a blog URL such as blog.chillidogsoftware.com and www.chillidogsoftware.com, then you may need two certificates!

Do I need a Wildcard certificate?

Probably not. You only need a Wildcard certificate if you need to protect your domain and all sub-domains. Wildcard certificates are considerably more expensive than basic or standard SSL certificates. The only feature they have over basic certificates is that they can protect your site and all sub-domains. There is no additional security benefit from a Wildcard SSL certificate.

Getting RapidWeaver ready for SSL

To get RapidWeaver ready for SSL, all you need to do is add https:// to your Web Address in your Site Setup. After Republishing All Files in RapidWeaver, your URLs and resources will be referenced via HTTPS.

Specifying a HTTPS URL in RapidWeaver's site setup

Hosting requirements

Your hosting company must allow you to supply and install your own SSL certificate. Some companies may require that you purchase a dedicated IP which may have additional fees. Please contact your hosting company about this. Chillidog Hosting does not charge any additional fees to install and use SSL.

A note about SNI

I wouldn't be doing my job if I didn't mention SNI. SNI simply allows you to use SSL on a shared IPv4 address. This is great for users because it avoids having to obtain a dedicated IP and saves you money! Be aware, however, that not all browsers and operating systems support SNI! SNI is not supported in:

  • Windows XP
  • Mac OS versions less than 10.5.7
  • Internet Explorer version 7 or less
  • Safari v3 or less

As you can see, the list of browsers and operating system is pretty old! Thankfully, the usage of these browsers are declining pretty rapidly.

Hosting setup

Let's walk you through how to set up SSL. These screenshots are specific to Chillidog Hosting, however, others may find their host to be similar. Please contact your hosting company if you have any questions. Let's start in the control panel SSL/TLS manager.

SSL and TLS manager

The SSL process will have us "walk" down this list of items. We will start at the top by generating the Public/Private keys and work our way down to the installation of our shiny new SSL certificate!

SSL and TLS manager components

Generate Keys

We are going to start by generating the public and private keys. Simply enter a meaningful description and hit 'Generate'.

Generate the public and private keys

Generate Certificate Signing Request (CSR)

Next, we are going to generate a Certificate Signing Request. There are additional details required for the signing request including, name, city, country, and email. Required fields will be marked accordingly. Please note, do not include http:// in the domain's URL.

Generating a CSR for a domain

Once you generate the CSR, simply copy the entire request. For now, should save this in a text editor such as TextWrangler or BBEdit. The CSR will be used to configure the certificate.

Copying the Certificate Signing Request

Purchasing a certificate

Now we're ready to go purchase a SSL certificate for our site. SSL Certificate prices vary. Currently, SSL Certificates at Chillidog Hosting start at $14.95/yr.

Purchasing a standard SSL certificate at Chillidog Hosting

Viewing certificate details

After completing checkout, the certificate will appear within your 'Services' menu. From the Services page, we will 'View Details' on the certificate.

View SSL Certificate details

Configuring a certificate

Since our certificate hasn't been configured, let's do this now.

Configure the certificate

In order to configure the certificate, we need to provide the CSR and server type. Chillidog uses WHM/cPanel as shown but please contact your hosting company for the proper settings here!

Entering in CSR generated in previous steps and selecting the server type for the SSL Certificate

Choosing an approval email

This brings us to a very important portion of the configuration process. The SSL certificate must be approved by the domain owner. The emails generated here consist of typical system admin and domain admin email addresses. The admin email is taken from the domain's WHOIS record. If you have privacy protection enabled, this email address may not forward properly! You must make sure that one email addresses are valid. An easy way to test if these addresses work is to send yourself a test message and see if it bounces!

Choosing an admin email to approve the certificate

There are two options at Chillidog Hosting:

  1. You can create a mailbox at your email provider. For instance, Chillidog Hosting users can create an email account within their control panel for [email protected] for this process. Once this process is complete, the email may be deleted or
  2. You can utilize a 'Catch All' mailbox. Mailboxes which don't exist, can be delivered or forwarded to a default account. Please see the 'Default address' section within the control panel

Default email address settings

Please remember, once you hit continue, you can not change the approval email address. Please be sure to test and verify that the email address you selected works!

Installing a certificate

Once your certificate is approved, it will be emailed to you as a zip file. Inside the zip file, you'll find a yourdomain_com.crt. This is your certificate! Let's jump back to SSL/TLS Manager in the control panel and install it.

In the Certificates (CRT) section, we'll simply upload (or paste) in our .crt file and hit 'Save'.

Pasting our .crt file into the control panel

Activating your certficate

The final step to getting your certificate set up is to activate it. Under the 'Install and Manage SSL for your site (HTTPS)' simply choose your domain from the drop down list and select 'Autofill by Domain' and 'Install' at the bottom of the page.

Auto-filling and installing the SSL certificate

That's it. Please keep in mind that it may take about 10 minutes for Apache to restart and the SSL version of your site to begin working. This may seem long and tedius, but, with this guide, it's just a few simple hoops to jump through and you'll be on your way.

Republish all files

Now is a great time to 'Republish all files' in RapidWeaver with the aforementioned HTTPS URL scheme.

Republish all files in RapidWeaver

.htaccess changes (optional)

If you'd like to force all traffic on your site to use HTTPS instead of HTTP, please add the following code to your .htaccess file. Please note that you must change yourdomain.com to your actual domain name.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R,L]

Help! My site doesn't show a 'lock icon!

A page is not considered secure unless all resources on the page are served over a secure connection. That's means that any Javascript or CSS file included on your page may break SSL on your site. To make matters worse, these files can come from a Stack or even the RapidWeaver theme itself! An easy way to identify what is being referenced via HTTP is to use a Web Inspector and search your page for http://. Here is an example of the using the Chrome Web Inspector to search Chillidog Software:

Searching the page source for 'http://'

In summary, there is no need to panic. This currently is not impacting very many sites or users. In the future, Google may decide to rank sites higher that use SSL. Setting up SSL on your site now means that you're ahead of the game. I do admit, however, it isn't currently the easiest process but it is fairly streamlined. If there are additional questions, just let me know!

Your top dog, Greg