Blog

Moving Your Site to HTTPS

HTTPS (adding an S for “secure” to HTTP) is an internet communication protocol that protects your users’ connections to your website. Data sent using HTTPS is secured in that HTTPS provides 3 layers of protection:

  1. Encryption: while the user is browsing a website, nobody can see their conversations, track their activities in the website, or steal their information.
  2. Integrity: data cannot be tampered with as it travels from your website to the user’s computer and vice versa.
  3. Authentication: ensuring that your users are really communicating with your website. This layer of protection prevents man-in-the-middle attacks and stops attempts at attracting your users to connect to a fake site or to download falsified files.

While the purpose of enhancing security is certainly a very good reason to move your website to HTTPS, consider that this could also slightly improve your website’s ranking.

TL;DR – How to activate HTTPS on eQPress

If you already have generated an HTTPS certificate for your website, you can install it via the Deflect dashboard. By following the procedure to install your TLS certificate, your website will be accessible on HTTPS.

If you don’t have an HTTPS certificate yet, you can contact us through the Deflect dashboard or send us an email and we will generate it for you.

Keys and Certificates

For TLS (formerly SSL) to work, you need a private key and a public key. After the public key is signed by a certificate authority, your public key becomes your certificate. The private key and the certificate need to live on the server that your website is hosted on, so the web server software that sends your web pages to your visitors can also create the secure (TLS) connection to the browser to secure the link. If you know how, you are free to generate your keys and then send them to us through the Deflect dashboard. Otherwise, we are happy to generate the key pair for you.

Certificate Authority

To generate a free certificate signed by a certificate authority, the easiest way is to use Let’s Encrypt, a free, automated, and open certification authority run for the public’s benefit.

If you prefer to have your HTTPS certificate signed by a different certification authority, here’s a short list of services that will sign it for you:

RapidSSL
NameCheap

Analytics and Tracking

If you use analytics tools like Google Analytics, you will want to update the URL that you are tracking from HTTP to HTTPS. Make sure you do this both in analytics and Google Webmaster Tools.

Related Posts