All hosting companies that give you Cpanel access on your web space, should now offer you a FREE SSL certificate for your website.
Now before we get down to the nitty-gritty of how to get it & install it, we need to make a few points about SSL certificates very clear.
What is an SSL certificate and what does it do ?
VeriSign tell us
What Is An SSL Certificate?
SSL stands for Secure Sockets Layer, a global standard security technology that enables encrypted communication between a web browser and a web server. It is utilized by millions of online businesses and individuals to decrease the risk of sensitive information (e.g., credit card numbers, usernames, passwords, emails, etc.) from being stolen or tampered with by hackers and identity thieves. In essence, SSL allows for a private “conversation” just between the two intended parties.
To create this secure connection, an SSL certificate (also referred to as a “digital certificate”) is installed on a web server and serves two functions:
- It authenticates the identity of the website (this guarantees visitors that they’re not on a bogus site)
- It encrypts the data that’s being transmitted
All it does mean and guarantee is that the website you are visiting is the one you think you are ( provided you see the little padlock in the URL bar at top of your browser.) And that information like credit card numbers, user names, passwords etc. do not get intercepted between you and the website.
- This doesn’t guarantee the Website is safe. It can still be run by a Phisher or Scammer.
- It doesn’t mean that you won’t be infected by malware on the site.
- It doesn’t mean that the website won’t steal your credit card, email or other details you give it.
green padlock, green https in url bar
The increased use of SSL certificates and the green padlock on sites is both an advantage and a disadvantage. In the Old days, when SSL certificates cost a lot of money and could only be purchased from a few suppliers and it took a lot of technical knowledge to install one on the webserver, they were treated as a sign of “goodness” and that the site in question would be safe. Now with free and very cheap SSL certificates, any website can install one in seconds with a single push of a button. This has the serious disadvantage that many malware spreading sites and phishing sites now use SSL certificates to make them look “Good” and “safe”.
Now Lets Get On To Cpanel.
Cpanel is a webhosting control panel that lets any website owner or server admin control many aspects of day to day running of a web server or website. The latest version WHM version 58 introduced cPanel & WHM’s AutoSSL . These are set up to use Cpanel DV certificates automatically, but the server admin can choose to also use Lets Encrypt free certificates. This Blog post on Cpanel explains how to set it up
The settings ( that have to be enabled by the web host or server manager) automatically install a FREE SSL certificate and keep it up to date & renewed. However a Cpanel user also has an option to buy a SSL certificate from within your Cpanel control panel and automatically install it. There are currently 2 providers Cpanel or Comodo. See HERE for details and instructions. These are available to Cpanel users that use both currently supported versions 56 & 58.
If your hosting provider still tries to charge you the typical high price for a SSL certificate from them or their other “approved” supplier which can vary from $10 up to $ 50 or so for a simple plain Domain Validation certificate, then you should complain to them. Tell them to install the Cpanel features. If they won’t then consider moving to a hosting provider who won’t rip you off.
At this time only simple plain Domain Validation Certificates are available, either as free Auto-SSL version or as a paid option from within your Cpanel control panel. Eventually the option will be offered for Extended Validation certificates. These are the ones where the entire address bar turns green and have much deeper checks on the website, website owner and web name to ensure it is legitimate.
VeriSign explains the difference between the 3 normally available certificates
There are many different types of SSL certificates based on the number of domain names or subdomains owned, such as:
- Single– secures one fully-qualified domain name or subdomain name
- Wildcard – covers one domain name and an unlimited number of its subdomains
- Multi-Domain– secures multiple domain names
and the level of validation needed, such as:
- Domain Validation– this level is the least expensive, and covers basic encryption and verification of the ownership of the domain name registration. This type of certificate usually takes a few minutes to several hours to receive.
- Organization Validation– in addition to basic encryption and verification of ownership of the domain name registration, certain details of the owner (e.g., name and address) are authenticated. This type of certificate usually takes a few hours to several days to receive.
- Extended Validation (EV)– this provides the highest degree of security because of the thorough examination that is conducted before this certificate is issued (and as strictly specified in guidelines set by the SSL certification industry’s governing consortium). In addition to ownership of the domain name registration and entity authentication, the legal, physical and operational existence of the entity is verified. This type of certificate usually takes a few days to several weeks to receive.