Getting SSL on Your Website
If you’re ready to get SSL security for your web site, the first step you need to take is selecting a provider. There are many SSL companies to choose from, but remember that it’s always best to choose a credible third-party SSL certificate provider that follows strict security guidelines.
When you work with trusted third-party SSL provider, you will be asked to confirm your business identity before the certificate is issued. Different providers may have different requirements, but many SSL companies ask for articles of incorporation, licenses, and other business documents. For example, GeoTrust requires companies to complete a certificate application and will confirm that your company is registered with a local, state, or national authority by viewing and verifying copies of registration documents. GeoTrust will also verify that the company has the right to use the domain name submitted in its application by checking with the domain name registrar. To make this process easier for customers, GeoTrust performs these checks by researching public databases. Customers are only asked to supply documentation directly if the company information cannot be verified through public sources.
During the purchase process, you will also need to generate a certificate signing request (or CSR) from your web server to the CA. A CSR is a small bit of code that initiates a request for a new SSL certificate and provides essential information enabling the CA to deliver a certificate matched to that server. The process for generating a certificate signing request is very straightforward and simple instructions are available from either GeoTrust or your server manufacturer. GeoTrust publishes information on how to get a CSR from various servers on their web site under Support.
Depending on what type of SSL certificate you’ve purchased, it can take anywhere from a few minutes to a few days for the CA to issue your certificate. Certificates that offer stronger security and validation usually take longer, but they are well worth the wait. For instance, an EV SSL certificate takes longer to issue, but it provides the best security and maximum reassurance so your customers feel safe using your site. An EV certificate also delivers the biggest business benefit because of the positive impact that can help convert more of your prospects into actual transaction-completing customers.
Once you receive your certificate, you will then need to install it on your web server. Though it may sound daunting, installing an SSL certificate is a straightforward process and some CAs like GeoTrust offer instructions to help you. The process for installing SSL certificates can differ between servers, so be sure to check with the CA if you have any questions. GeoTrust support is standing by to help.
Some CAs also provide a seal or other trust mark that you can display to show visitors that your site is protected by SSL security. To install a seal, you must copy the code snippet from your CA and paste it into the source code for your web site. Be sure to display the seal prominently on your site, including your homepage and—if you have an ecommerce site—any product pages or shopping cart pages. When visitors see an SSL trust mark on your site, they will spend longer on your site and will be more likely to sign up for an email list or newsletter, and make purchases. Web site gurus often recommend that you display your trust seal above the fold on your home page. Many web sites go ahead and display their trust seal on every page just to make sure their customers have a constant reminder that security is paramount.