Enable SSL

How Do I Get SSL?

You may already have an SSL certificate installed. You can tell when a page is secure in most browsers when the closed lock symbol is present in the URL bar:

Squarespace, Wix, Weebly, Duda, and WithoutCode websites plans typically include SSL with a website purchase. If you are using one of these websites, you may not need to take action other than to verify that SSL is turned on. Reach out to their support if you need assistance enabling SSL.

If you are using WordPress, or another type of website not listed above, you will need to work with your Host and SSL provider to get directions on the best way to purchase and install one. Note that your host may allow you to simply purchase and install a certificate through their site; that’s usually the most simple route.

If that option isn’t available to you, there are a few steps to getting SSL working on your website. Below are some general directions, but we do recommend you check with your host and SSL provider to ensure you have the latest information before proceeding.

Purchase a SSL certificate from a SSL certificate vendor, such as GoDaddy, Thawte, Digicert, GeoTrust, VeriSign and more. Purchasing the certificate is just the first step to actually obtaining the certificate.

1. Request – obtain a Certificate Signing Request (CSR) from your website hosting service, that you will need to submit to the place where you purchased the SSL certificate. The CSR will contain information about the domain you are requesting the SSL certificate from, so make sure the domain is correct – “www.test.com” and “test.com” are different domains. The process for obtaining the CSR will vary depending on your hosting service, so please check with your website host.
2. Verification – after you submit the CSR, the SSL certificate vendor will need to verify that you are in fact the owner of the domain. This may involve sending a confirmation email to the domain registrant, or adding a file to your website or adding a record to your domain DNS. If you opted for an “Extended Validation” certificate, it will also involve performing a verification of your company or organization. This process varies depending on the SSL certificate vendor and type of certificate.
3. Install – once verification is complete, the vendor will issue your SSL certificate. You can then install the certificate on your website server. Certificates may also be formatted a few different ways, depending on the type of server it is to be installed on. This process will depend on your website host.
4. Activate – after your SSL certificate is installed, you still need to “force” your website visitors to connect via SSL to your website. You may notice that when you connect to a secure website the URL starts with “HTTPS://”, while with a regular website it starts with “HTTP://”. Most website server systems will allow your website visitors to connect either with “HTTP://” or “HTTPS://”, it is up to your Content Manage System (WordPress, Weebly, SquareSpace, etc) to force the connection to be over “HTTPS://” only. For WordPress, some themes (such as our themes) have built-in SSL support, otherwise there are also a number of plugins that do this, such as:
   • WordPress Force HTTPS – forces the entire site to be SSL
   • WordPress HTTPS – select only specific pages to be SSL Certain themes may have hard-coded resources that load over HTTP (any one component that does not load by SSL renders the entire page non secure), in which case you may need to have the theme developer fix any such issues.

You can learn more about SSL and why you need it here.