SSL Installation: In A Nutshell

As a whole always tries to provide the most up to date security advice to our clients, so today we are going to discuss some of the duties that content owners and publishers have in order to properly store and transmit their customer’s data. It has been proven that if a customer believes that their data is safe then they will be more inclined to shop and spend online. In order for industry standard s to improve it is important that website protection is “vendor-neutral, easy to implement, and globally accessible.” Every website owner should integrate the best security practices into the web design and implementation and this includes the use of SSL.

The Two Biggest Myths of SSL.

Many companies choose not to always have their SSL on because of the common misunderstanding that SSL is relatively expensive and can increase the overhead of the website. On a website that has a high volume of traffic the common misunderstanding is that always having your SSL on will increase the computational load because encryption requirements. However researchers at Google performed extensive research and found that for their high-volume sites, there was for additional hard-ware to implement SSL that was always on.

The second Myth of always having your SSL on is the substantial decrease of your network’s performance. Because of the complexity of the SSL handshake the network will experience latency “especially over long distances, or in areas where network bandwidth is limited, as well as on sites where users initiate a lot of very short SSL/TLS sessions. However, network performance can be managed by proper planning and by following the rules and regulations set forth by Google’s SPYD (An experimental Protocol for a Faster Web) program.

How To Properly Install Your SSL Certificate.

All sites built from 2014 on should always use HTTPS protocol as a default, “and always redirect HTTP connection requests immediately to HTTPS, especially for web forms.” And for the designers that choose not to integrate before production, even though it may be a little bit more expensive to implement after production, the cost will be relatively minor. Below is a check list for the proper steps to enable SSL.

1.       Install an SSL certificate from a Trusted Certificate Authority. Here is a link to the most trusted SSL Certificate Brands.

2.       Configure your Server to enforce a minimum key strength of 128/256-bits by using a 2048-bit key length.

3.       Double check and make sure that you installed the full certificate chain, including the intermediate to Root CA

4.       Disable access via Port 80 during the test phase.

5.       Set the Secure Flag for all session cookies.

6.       Check all your pages for non-secure connections back to the site.

7.       Avoid mixed content on your pages, and do some Manuel testing to find any remaining places where content is accessed via port 80.

8.       When all the port 80 accesses have been closed off, you can re-open port 80 and have it always redirect to port 443.


Final Thoughts

Following the protocol above will hopefully give you the guidelines you need to successfully install your SSL certificate. Nevertheless it is important to make sure that all hyperlinks that are used on your site are coming from a secure source. If the hyperlinks are not coming from a secure source it should be standard protocol to block them completely unless approved by compliance. I would recommend this protocol because any major browser will warn the user, and more importantly it is an insecure coding practice that is going to be addressed in the upcoming browser updates. If you take the advice above your company will not be the only one, major players in the industry including Twitter, Facebook, Microsoft, and Symantec have all been advocating the use of SSL. For more information about SSL certificates please visit If you have any questions about the certificate authorities (GeoTrust, Thawte, DigiCert Etc.) or what certificate will best fit your site (Single Domain, Wildcard, Multi-Domain Etc.) feel free to call us at 1855-SSLGURU.

Source: Wikipedia/Icannwiki/IBM/Chromium/SSLGURU

Posted in secmash feed