How to enable HTTPS on your server

How to enable HTTPS on your server

5 steps to lockdown

If you’re transferring any sensitive data of any kind, you should ensure you’re keeping it secure. One of the most effective ways of protecting data is to enable HTTPS — also known as SSL (secure socket layers) — to encrypt data transferring to and from your server.

This encryption is incredibly secure and makes it near impossible for hackers to intercept the transmission and access your user’s personal information.

Consumers are becoming more aware of the importance of secure data transfer, and they often look for the green lock that appears in their browser on HTTPS-enabled websites. Let’s look at how you can enable HTTPS and get that green lock for your own site.

How to enable HTTPS on your server

Host with a dedicated IP address.

Buy an SSL certificate.

Request the SSL certificate.

Install the certificate.

Update your site to enable HTTPS.

Ready to dive into each step? Let’s go!

1. Host with a dedicated IP address

The first step is to ensure that you’re hosting with a dedicated IP address. Fortunately, if you’re hosting with GoDaddy — even on shared hosting — you don’t need to purchase a dedicated IP address because it comes free with your SSL certificate.

However, if you’re hosting with another provider, you must ensure that you’re using a hosting plan that gives you a dedicated IP. In many cases, this requires you upgrade to a VPS or dedicated server. Alternatively, you can transfer to GoDaddy and use any plan.

2. Buy an SSL certificate

Once you have a dedicated IP address, purchase your SSL certificate. This acts as a form of identification for your website.

The SSL certificate is simply a string of numbers and letters that you install on your server. When people visit your site through the HTTPS address, the password is checked, verifying that your website is what it says.

The certificate is used to encrypt all data that flows to and from the server where the certificate is installed.

This SSL certificate must be purchased from a trusted retailer that is a Certificate Authority (CA).

They store a copy of the certificate password in your database, and that’s cross-referenced by incoming web traffic to ensure that your web address is connected to the correct server.

3. Request the SSL certificate

Next, you’ll need to activate your credit to redeem the certificate. To do this, log in to your GoDaddy account, and then click SSL Certificates. Next to the SSL certificate credit you want to activate, click Set Up.

Refresh the page to see a New Certificate. If you don’t see it, wait a few minutes and try again.

Once you see a New Certificate, next to it click Manage. Depending on where you’re hosting your certificate, either choose the domain hosted in your account, if the certificate is with GoDaddy, or select Provide a CSR if it’s hosted with another company.

If you’re using a UCC Certification, enter any Subject Alternate Names that you wish to use, and then click Add.

If you have a Standard Issuance Certificate, click Request Certificate. Otherwise, click Next, and then complete the required information on the next page. This information is needed so that GoDaddy can verify that you control the common name associated with the certificate.

Once you’ve submitted this information, it takes between one and seven days to validate and verify your certificate request. During this time you might be asked for further information.

4. Install the certificate

Fortunately, this is one of the final steps — and the easiest. You should have downloaded the certificate from your provider, and now you need to install it onto your server.

If your website is hosted with GoDaddy, you can install it through your cPanel. Look for the button under SSL/TLS that allows you to Install an SSL Certificate.

Now, you only need to paste the certificate into the box, and then submit the form.

5. Update your site to enable HTTPS

Allow the website a few moments to update, and then ensure visiting the HTTPS:// version of your website is possible. If the website loads, congratulations are in order, you’ve successfully installed your SSL certificate to enable HTTPS.

However, there’s one step left to ensure visitors are sent to your secure website.

You must re-direct users from HTTP to HTTPS on the relevant pages where secure information will be submitted. This also means that you’ll likely need to change the links to those pages to ensure that they are HTTPS rather than HTTP.

Of course, you could also consider redirecting your entire website from HTTP to HTTPS, but this will waste encryption processing power on pages where no information is submitted. It’s likely that your provider has imposed a data limit on your encryption and passing over it can be extremely expensive.

With that in mind, it’s accepted that HTTPS should be required only on pages where users are submitting or receiving sensitive information.

If you do wish to ensure that people visiting specific pages will be redirected to HTTPS rather than HTTP, it’s best to force this on the server-side. You can use the following piece of code at the top of your page. It’s in PHP, but you could also use another language:

// Require httpsif ($_SERVER[‘HTTPS’] != “on”) {$url = “https://”. $_SERVER[‘SERVER_NAME’] . $_SERVER[‘REQUEST_URI’];header(“Location: $url”);exit;}

Alternatively, you can also force a redirection through your .htaccess file. The following code is an example that would redirect any user looking at their cart or the checkout page to the HTTPS version if they are not already on it:

RewriteEngine OnRewriteCond %{HTTPS} offRewriteRule ^(cart/|checkout/) https://%{HTTP_HOST}%{REQUEST_URI}

That’s all there is to it. If you have any issues with installing a certification into your GoDaddy account, then please contact the support team. They can assist you further.