Vision Internet limited. The source for web hosting, UK domain names and web design

SSL Hosting

Prices Domain Names Web Hosting Design Support Contact Home

Secure Sockets Layer (SSL) is a security protocol used between a web server and browser to establish an encrypted data link. The trust between the browser and the server depends upon the browser's ability to trust the SSL certificate. It does this by checking where the certificate was issued. If the SSL certificate is issued by a Certificate Authority (CA) that is known and trusted by the browser, the browser extends that trust to the web site secured by the SSL certificate.

Google is now giving a minor ranking boost to SSL sites. They wish to encourage all site owners to switch from HTTP to HTTPS in an effort to make the Internet more secure.

How it works

Our Pro-SSL hosting package

We provide a dedicated IP address with a 256-bit GeoTrust (QuickSSL or RapidSSL) certificate installed on our professional level hosting package. The SSL certificate request is validated against the domain name using an automated process by the Certificate Authority (CA) rather than using physical documentation making these certificates cheaper to install. There's no difference in the level of encryption between this certificate and those used by the leading banks and they're also recognised by over 99% of all browsers.

Notes: RapidSSL is a GeoTrust brand. GeoTrust was founded by a few key people within Equifax Secure Inc and in 2001, GeoTrust aquired Equifax Secure. In 2006, Verisign aquired GeoTrust.

Free Let's Encrypt™ SSL certificates

Many of our hosting packages now include free SSL certificates from Let's Encrypt™. These certificates allow data to be encrypted in the same way as the leading brands but as these are not installed on dedicated IP addresses. Because of this, they require SNI (Server Name Indication) to be enabled and therefore are not suitable for all payment gateways or other facilities which may communicate with your site. Although most browsers support SNI, there are a few noteable exceptions as follows...

If you're using your site for e-commerce of any form, we recommend our Pro-SSL hosting package.

Using SSL

To check or use SSL on your site, simply type https:// in front of your www address rather than http://

To redirect your visitors to the secure HTTPS version of your site, you need to modify the .htaccess file within your public_html folder. If the file doesn't already exist, you will need to create this. Use the following code in your .htaccess file to automatically redirect visitors to the HTTPS version of your site:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If you have an existing .htaccess file, do not duplicate RewriteEngine On and make sure that the additional lines beginning with RewriteCond immediately follow the existing RewriteEngine On.

When switching over to SSL, you will also need to ensure that all internal links on your site are also using HTTPS addresses. You should check your site carefully and check for any browser warnings. For external links, it's best to adjust the most important ones to the new HTTPS address.

If you're using a free 'Let's Encrypt™ SSL certificate' with a payment gateway such as WorldPay, you will need to make sure that the callback script does not use encryption. This defeats the main object of using SSL which is why we recommend using our Pro-SSL hosting instead. To do this, substitute the name of your own callback script in the following code and add this to the .htaccess file:

RewriteEngine On
RewriteCond %{REQUEST_URI} !/CALLBACK-ADDRESS\.PHP
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

WordPress sites

If you're using WordPress, we would recommend that you add a plugin called Really Simple SSL as this will automatically detect all your settings and convert your site to SSL. If you're in the process of setting up WordPress, go to Settings » General and make sure that the site uses the HTTPS address in both your WordPress and site URL address fields.

To easily enable (and enforce) WordPress administration over SSL, the constant FORCE_SSL_ADMIN should be set to true in your site's wp-config.php file to force all logins and all admin sessions to happen over SSL: define('FORCE_SSL_ADMIN', true);
If you've already added redirection (as above), this will already be taken care of.

 

 

 


Prices | Domains | Web Hosting | Design | Support | Terms & Conditions | Privacy Policy | Contact
Copyright © 2017 Vision Internet Limited.