Do you know you can get a Free SSL certificate for your website using the Cloudflare service?
To make the web safer, Google now marks websites that lack an SSL certificate installed but still exchange user information as "Non-Secure."
For this reason, you need to serve your website over HTTPS/SSL to protect your visitors' data and also to show your brand cares.
Additionally, adding an SSL certificate to your website can improve your search engine rankings. The purpose of this post is to explore SSL certificates, their types, and how to implement a free SSL (Cloudflare) on your site.
What is an SSL Certificate?
SSL stands for Secure Sockets Layer.
Nowadays, most websites begin with "https://" in the URL and have a green padlock saying secure. That's due to the use of an SSL certificate. That's not just an indication, there's a lot of activity going on behind the scenes.
In order to establish an encrypted link between your web server and your website visitor, SSL or Secure Sockets Layer is used. This ensures that all data exchanged between them is private and can't be accessed by anyone in the middle. As the data is encrypted end-to-end, even if someone manages to tap the connection, it will have no value to them.
The SSL certificate is a small file combining a cryptographic key with the details of your organization and domain. Based on the type of SSL certificate used, the Certificate Authority checks the organization's information based on the information on the certificate. In order for the certificate to be authenticated and a secure connection to be established between the web server and the end-user, browser and operating system vendors embed the Root Certificates (from which the SSL certificate is derived) within their software.
Third parties can intercept insecure HTTP connections and collect private information including email addresses, passwords, and usernames, by snooping at the traffic passing between a web server and the browser. Due to this, Google and security experts are pushing for the use of SSL on websites so that you can feel more secure that even the simplest of data is not intercepted.
What is the purpose of having an SSL certificate on your website?
For a long time, eCommerce websites and banks have used SSL, but now small and medium-sized businesses, personal websites, and blogs are starting to embrace the idea.
Google's webmaster guidelines have been one of the major driving factors, aside from the security of user information and prevention of data leaks. As part of their search algorithm, SSL will be considered a ranking factor.
Several websites have started transitioning to HTTPS since this was announced back in 2014.
SSL-enabled websites will therefore receive a boost in SERPs. The fact that it is a positive signal may not be a huge ranking factor. Furthermore, Google Chrome, the most widely used desktop, and mobile browser label HTTP pages that collect passwords or credit cards as "Non-secure".
A browser deeming your website non-secure would certainly affect the way your visitors feel about entering any information on your site.
This is not something you want in your URL bar.
Which SSL Certificate should you get? What are the different types of SSL certificates?
- Organization Validation (OV)
- Extended Validation (EV)
- Domain Validation (DV)
Free SSL certificates: how to secure your website using CloudFlare?
Step #1: Sign up for a Cloudflare account.
Step #2: Configure your domain DNS
Click on Scan and enter your complete website URL.
CloudFlare will scan your website now. Click on the "Continue Setup" button once it's finished scanning.
Step #3: Configure the DNS records for your website
After the scan is complete, you will see an orange cloud next to your main domain. This means that everything is configured correctly. CloudFlare bypasses email and FTP, which should appear gray.
Click on the 'Continue' button if you see the primary domain with an orange cloud.
Step 4#: Choosing a CloudFlare Plan
The Free Plan would be sufficient for most websites. Please click 'Continue' after selecting it.
Step #5: You need to update your Nameservers.
Cloudflare needs to be pointed at your NameServers. You will have to log into your domain registrar account and find the setting for changing the NameServer.
Add the DNS that CloudFlare provided, and delete the existing entries.
Come back to CloudFlare after you have changed the NameServer and click 'Continue'. The propagation of NameServers may take up to 24 hours, however.
Step #6: Install SSL on your website
During the setup of your nameservers, you can configure SSL. To do so, click Settings Summary, and then click SSL: Full. The "Crypto" page will appear when you click Full.
There is a dropdown list next to the SSL option. Choose Flexible. You will receive the SSL certificate within an hour. The status can be checked from the 'Crypto' page once it has been issued.
Step #7: Set HTTPS as the default
This is the final step in the configuration process. All traffic to your website will be redirected to HTTPS through a page rule.
To access the Page Rules, click on the Page Rules link at the top of the page. Add these two rules now.
Add www.mywebsite.com/* and mywebsite.com/* separately, and select Always Use HTTPS for each of these URL patterns. You should keep in mind that the SSL certificate will only be available once it has been generated.
We will need to configure the system for a few minutes. Your website will open on HTTPS once you have completed these steps.
Enjoy your Free SSL and stay protected.