WooCommerce and SSL

What is SSL and HTTPS?

SSL (Secure Socket Layer) is a protocol used on the web for:

  • Encrypting website data so data sent from the browser to the server and vice versa is protected
  • Authenticating your website so visitors know your identity has been verified HTTPS just means HTTP with SSL.

Why would you want SSL?

  • You are accepting or transmitting sensitive data, such as user details and billing information, and need to keep them safe
  • You want to secure logins and signups on your site
  • You need to comply with privacy and security requirements
  • You want users to trust your site

Installing an SSL on my server for the first time

  1. In order to buy an SLL, you first want to issue a CSR from your hosting provider. For example, if you host at hostgator, you can do so by completin this form. Please note, that the address and organization information needs to match your WHOIS information for the domain for which you would like the SSL installed on.
  2. After completing the form, a CSR and a RSA Private Key will be generated and will be sent by email. Do not delete this email. Keep it cause you will need the RSA Private Key for next year SLL renewal.
  3. Now, you need to buy an SSL certificate. Many providers sell certificates, all ranging in price; your hosting provider may also sell certificates. You can buy affordable SSL certificates for less than $10/year, for example at NameCheap or StartSSL.
  4. Give the CSR to the SSL issuer.
  5. The issuer will email you the SSL certificate along with the SSL CA Certificate (Trusted Authority / “CA Bundle”).
  6. Go to this online Certificate Key Matcher and check that your Certificate and Private Key match. Make sure that you copy them directly from the emails, so that you don’t lose the correct format. In the certificate box you enter the SSL certificate along with the SSL CA Certificate from step 5. In the private key box you enter the private key from step 2.
  7. If the certificates match, you will get a message “The certificate and private key match!” and you can go to step 8. If not, repeat step 7.
  8. Now, go to your hosting provider and ask them to install the SSL on the server. At hostgator, you can do by completing this form. Hostgator will charge you 10$ to install it for you.
  9. Wait until the installation is complete (usually a few hours).
  10. A great resource for testing if your website is properly configured for HTTPS is Qualys SSL Labs. Enter your domain, and click submit. This checks if SSL is configured on your site and also grades the web server configuration and tells you what should be changed to be more secure. Typically these changes need to be handled by your web host.

Renewing an SLL

If you want to renew your SLL, the process is much simpler. You don’t have to generate a CSR, because the SLL issuer will generate the SLL according to the already issued CSR. It is adviced that you do this procedure a week before your SLL expires to avoid any problems or downtime. Here are the steps:

  1. Find the email from your hosting provider from previous year with the RSA Private key.
  2. Go to your SLL issuer and renew your SLL certificate.
  3. Continue with steps 5-10 from the previous list.