What is an SSL Certificate?
An SSL Certificate (Secure Socket Layer) is a digital certificate that ensures website traffic between your server and the user’s web browser is always secure. With an SSL certificate in place all connections are encrypted. You may have heard of TLS (Transport Layer Security) and SSL being used interchangeable; TLS is a more up to date approach with how it goes about accomplishing the task of encrypting connections.
Importance of an SSL Certificate
Why do you need an SSL Certificate?
There are many benefits to owning and installing an SSL Certificate on your website domain.
Ensures Information is kept Secure
An SSL Certificate helps to secure information that is entered into your website by users, such as:
- Login Credentials (passwords)
- Personal Information such as address, phone number or date of birth
- Legal Documents
- Proprietary information
- Credit Card transactions
The SSL Certificate ensures that only the intended recipients of the data, the browser or server, can access the information as it is encrypted using something called public key cryptography.
Helps you comply with PCI/DSS Requirements
If you accept online payments onto your website, then your website must be PCI compliant. Having an SSL certificate installed is one of the 12 primary requirements, so it is essential that your website is secured using one.
Improves Customers’ Trust
Enabling users to browse and use your website safely and securely means that customers feel comfortable using your website. Customers who see a warning sign that a site is not secure may result in losing customers to your site. A secure website will also lead to a higher conversion rate with new customers as they will feel protected online and reassured by your commitment to keeping their online experience secure.
Search Engine Optimisation
Google has recently made changes to the way its search engine prioritises search results and this means that websites secured using HTTPS are rewarded with being listed higher in search results.
Different Types of Certificates
There are different types of Certificate that are used for different purposes, the encryption level is the same for all three, what differs is the verification process needed to obtain each certificate.
Standard – Domain Validation (DV) this is used for blogs and personal websites
Organization Validation (OV) this is used for business and non-profit organisations
Extended Validation (EV) this is used for eCommerce websites
How to check whether your website is secure
1 Step 1
Look at the URL of your website. If it has a small padlock symbol on the left-hand side, before the rest of the URL, then your website is secure.
2 Step 2
Another way to tell is that the full address of your website begins ‘HTTPS’ instead of simply ‘HTTP,’ which stands for ‘HyperText Transfer Protocol (Secure).’
You may also receive a notification if the website you have entered is not secure, this does not mean that the website is dangerous, but you should certainly think before entering confidential information onto a non-secure website.
How to Renew/Purchase an SSL Certificate
The process for a renewal and a brand new certificate is very similar, however it is important to keep your certificates well organised, so you should delete any old certificates or store them in separate folders to avoid confusion. Microsoft Azure provide a very simple way for you to store and host your certificates.
1 Step one
Create Certificate Request
1:1: Open Internet Information Services Manager (IIS) on your local machine and go to ‘Server Certificates’.
1.2: If you are renewing a certificate, you should delete the current certificate from this list. Then you need to select ‘Create Certificate Request…’ located on the right side of the menu.
1.3: Enter the details needed:
- The Common name of the domain, which usually starts ‘www…’
- The Organisation should be whomever owns the domain
- The Unit, which should be ‘Technology’
- The Location
1.4: You then should ensure that the Crypt Service Provider is set to RSA and the length is at minimum 2048 bits.
The length must be 2048 bits because if it is any shorter it will be easier to break the encryption using brute force techniques, but if it is longer then the loading times are affected.
1.5: You should save the contents of this request in a new folder, somewhere you remember as you will need this location later in the process with the file titled ‘csr.txt’.
2 Step two
2.1: You should then head to a Certificate Vendor’s website; you may choose whichever you prefer.
2.2: Go to the section to purchase new certificates and ensure that you are purchasing a certificate that lasts a year.
This is because many browsers will reject certificates that last longer than 14 months to avoid stale certificates, so it is important to check the length of the certificate you purchase.
2.3: You should then enter the contact details, which should be yourself or a member of the technical team as you will need access to this email address later in the process.
2.4: You will then need to paste the content from the ‘csr.text’ file into the section that requires it.
You can then verify that the information has been correctly pulled from this file, such as email, common name and location.
2.5: There are often three different verification methods:
A: by email
B: by placing a file on your website
C: by DNS verification - I‑Finity uses DNS Verification so that is what we will detail in this process
2.6: You will then complete the payment part of the process, finalising the details and ensuring payment.
3 Step three
3:1: On the following section, you will be shown a Domain Verification Code, this is often in highlighted or coloured text for emphasis. You should copy this code as it will be needed later in the process. You should then head to whichever website or application hosts your certificates.
3.2: Then head to whichever website or application hosts your certificates.
3:3: You should find and delete your current TXT/SPF document for the domain you are renewing, or if this is the first time you are purchasing a certificate for this domain, you will create a new TXT/SPF document:
a: with the host name as the common name, you originally entered
b: the destination being the copied domain verification code from the previous step
3.4: You can then check your email inbox, to see if an email has arrived which will contain the verification link.
4 Step four
Completing the Request
4:1: You will now have received the certificate in your email inbox, in the message body there will be a start and end marker with your certificate contents between these markers. Copy the text between the markers (including them) as you will be using this later.
4:2: In the folder you have been using throughout this process on your local machine, create a new document title ‘cert.cer’ and paste the contents of the email into it.
4:3: After you save the file, you can check the contents, by double clicking on it in the file explorer window.
4:4: You can then return to IIS and choose a complete certificate request selecting the document cert.cer that you have just created as the response and the same friendly, common name as before.
5 Step five
Export to Azure
5:1: In IIS go to Certificate > Export the select the folder you have been working from, saving the file as ‘cert.pfx’
a: we use the pfx document type as it is used to contain certificates and private key information, the document type is protected cryptographically using passwords to keep privacy and integrity intact.
5:2: You should then go to your Azure Instance and select the App Service
5:3: Once there you should select the instance for which you have just purchased a certificate
5:4: Then go to the private key tab, select ‘Upload Certificate’ and choose the newly created cert.pfx document
5:5: You should then go to the bindings tab and change the thumbprint so that it contains the newly created certificate, when swapping certificates, you should also delete the older one for ease of use.