Since a couple of moths Google is using SSL as a ranking signal which means that the use of secured SSL connections will improve the ranking of your page in the Google Serp. Furthermore it will increase the trust in your project if you use SSL connections. Switching to SSL is has never been easier than now. Here a short step-by-step guide which is showing you how to make your website secure.
Step 1: Create your a private and public key
The first thing you have to do to get started with encrypting your website is getting creating a SSL key and a certification request file based on that key. Using Linux this step is very easy. Just execute the following tow commands.
openssl genrsa -out mykey.key 2048 openssl req -new -key mykey.key -out mykey.csr -config req.conf
The directory where you execute the command has also to contain the following req.conf:
[ req ] default_bits = 2048 default_keyfile = mykey.key distinguished_name = req_distinguished_name req_extensions = req_ext # The extentions to add to the self signed cert [ req_distinguished_name ] countryName = US countryName_default = US stateOrProvinceName = Colorado stateOrProvinceName_default = Colorado localityName = Denver localityName_default = Denver organizationName = myproject.com organizationName_default = myproject.com commonName = www.myproject.com commonName_max = 64 [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = www.myproject2.com DNS.2 = www.myproject3.com
Important: The [ req_ext ] and [alt_names] sections are only needed if you want to issue a certificate which is valid for multiple domains. Otherwise you can just leave these tow sections out.
Step 2: Now we arrived at the time where you have to issue your SSL certificate. You can either do that for free or get a commercial certificate. The advantage of the latter solution is that these certificates are recognized by all common web-browsers while the free certificates still have some acceptance issues.
A a really good provider of free SSL certificates is CaCert.org. The acceptance of these free SSL certificates will increase with the time so it is definitely worth considering this option. If you decide to get a non-free certificate you might have a look at Namecheap.com or GoDaddy.com to get cheap ones.
The certificates are simply issued after you uploaded your CSR Request file you have created before. If you got your certificate the only thing missing is to correctly setup your Apache Webserver
Step 3: Configure your webserver to use the SSL Certificates
The easiest way to do is to use virtual hosts. Adding the following two configs to your webserver will do both enable SSL and also maintain the normal HTTP connection.
<VirtualHost *:443> <Directory "/var/www/html"> Require all granted </Directory> DocumentRoot /var/www/html ServerName www.mysite.com SSLEngine On SSLCertificateFile /etc/httpd/conf.d/ssl.key/cert.crt SSLCertificateKeyFile /etc/httpd/conf.d/ssl.key/djvupdf.key SSLCACertificateFile /etc/httpd/conf.d/ssl.key/cert.ca-bundle </VirtualHost> <VirtualHost *:80> DocumentRoot /var/www/html ServerName www.mysite.com <Directory "/var/www/html"> Require all granted </Directory> </VirtualHost>
The files cert.crt and cert.ca-bundle will be provided by your certification authority after the transaction has been completed.
Step 4: Solving SEO issues and testing your SSL configuration
Now you are done already. Your server is reachable via secured connections now. You can test if your SSL configuration is up-to-date at the following site:
If you get an A+ to A- there you are completely fine.
In case you did not disable the normal HTTP connection to your server there is a little issue with duplicate content you should solve. Search engines do not like duplicate content therefore you should tell them which is the preferred version of your site. This can be done easily by including the so-called canonical tag to the header section of your pages and setting it to the https:// URL of the particular page. This will fix those issues. Make sure, that the URL is exact!
A example how this looks like is the following line. Make sure to put it in the head section:
<link rel="canonical" href="https://www.go4epub.com/" />