SSL

  1. What is SSL? #

    SSL (Secure Socket Layer), is a server-side service that encrypts data that is input through a web page. It is commonly used in conjunction with online forms and shopping carts to secure the transmission of sensitive data, such as credit card information.

  2. How do you use SSL with a domain? #

    By default, SSL is disabled, but it is available upon request. In order to use SSL you will need an SSL certificate. If you want us to enable SSL for your site, just let us know by submitting a support ticket through our Help Desk.

    In order to call out your SSL files or directories, you’ll need to make sure that the URL you use starts with https:// instead of http://.

    When SSL is enabled, all web traffic for the domain will be encrypted. This could have a small negative effect on the website’s performance. One option would be to setup hosting for a subdomain and only use that for SSL.

  3. How do you install a SSL certificate? #

    To setup your own SSL certificate, enter a support ticket through our Help Desk and include the following information for your SSL Certificate:

    1. full domain name
    2. name of the organization
    3. name of the organization unit, ie. company department or section
    4. city
    5. state or province
    6. country

    Once you have provided us with that information, we will generate a CSR for your domain, which you will then use when purchasing your SSL certificate. Choose a SSL certificate provider and follow the instructions on their website on how to purchase a SSL certificate. If they ask you for the type of web server we are using, select Apache + OpenSSL.

    Once you have been issued your new SSL certificate, update your Help Desk ticket with the text of the certificate and we will install the certificate on your domain.

  4. Do you recommend any SSL certificate providers? #

    Servertastic is a great resource for inexpensive, trusted SSL certificates.

  5. What is the difference between SHA256 and SHA-256-FULL-CHAIN? #

    During a SSL/TLS certificate order you may see the option to select SHA256 or SHA256-FULL-CHAIN for the hashing algorithm.

    SHA256
    This will issue a certificate signed using SHA256 and chained to a SHA256 intermediate. The Intermediate will then chain to a SHA1 root certificate. Having a SHA1 root certificate has no impact on the security of the certificate. This is because root certificates are used for identity purposes and not for encryption.

    We recommend selecting this option for maximum compatibility with older browsers.

    SHA256-FULL-CHAIN
    This will issue a certificate where all certificates in the chain, including the root, use a SHA-256 hashing algorithm. Eventually overtime all certificates will migrate to a SHA-256 root certificate. Anyone inspecting your certificate will see that it is a full SHA256 chain.

    The SHA256 root certificate is present in all modern browsers. However users of older browsers may not be able to access websites using SHA256-FULL-CHAIN.

  6. Is there a way to force all traffic to redirect to SSL? #

    You can redirect all traffic for your domain, or traffic for a particular directory to use SSL. To do this for the whole domain add the following to your .htaccess file, replacing example.com with your domain name:


    RewriteEngine On
    RewriteBase /
    RewriteCond %{ENV:HTTPS} !on [NC]
    RewriteRule ^(.*)$ https://example.com/$1 [R,L]

    To do this for a particular folder you can add this, substituting in your domain and directory name:


    RewriteEngine On
    RewriteBase /
    RewriteCond %{ENV:HTTPS} !on [NC]
    RewriteRule ^directory/(.*)$ https://example.com/directory/$1 [R,L]