The web is not the same as it was just a few years ago, where it was important to always verify a website that you were providing sensitive data to used SSL to encrypt the data being exchanged between your computer and the website’s servers.
Entering your information on a website that didn’t use the https:// prefix in the address bar is still dangerous, but it’s much, much harder to do. Many modern web browsers warn users against entering sensitive data on websites with poorly managed, expired, or non-existent SSL certifcates or that don’t use the HTTPS protocol at all.
The onus has shifted from web browsers to website owners to ensure that websites where sensitive data may be entered are secure. And that’s a good thing. But it does mean that if you have a website, you need to be aware of the need to manage your SSL certificates.
What is an SSL certificate?
When you navigate to a website that uses the HTTPS protocol to encrypt data sent and received between your browser and the website’s server, the server needs to provide a certificate that’s cryptographically signed by a certificate authority that essentially vouches for the identity of the server.
This certificate is called a TLS (or “Transport Layer Security”) certificate, which is more commonly known as an SSL certificate (or “Secure Sockets Layer,” which TLS actually replaced), and is the basis of the “TLS handshake,” which is the process of verifying the identity of a web server and opening a secure “session” using public key cryptography.
This secure session is like a closed tunnel between your web browser and a web server. Nobody can see in or out, thanks to the data being encrypted using cryptographic keys that were generated for the session during the TLS handshake. This “handshake,” then, is the essential first step in establishing a secure link for exchanging data, and the TLS or SSL certificate is the critical piece of this whole process that ensures that the web server is the server it claims to be.
This also means if you want to use HTTPS on your website — and be able to process payments, logins, etc. — you’ll need an SSL certificate.
What happens when you don’t manage your SSL certificate well
Since your SSL certificate operates as your website’s means of showing web browsers that you are who you say you are and is also a critical step in establishing a secure connection, it’s of critical importance to your website’s operation.
If your SSL certificate expires or becomes otherwise invalid, instead of getting your website when users navigate to your web address, they’ll see an error that says your website cannot be trusted. It might also be very difficult for users to actually get to your website in such a situation. That can lead to some serious negative consequences.
Loss of traffic
First of all, because it will be hard to get to your website without bypassing at least one very intimidating warning about how your website cannot be trusted, the first way you’ll feel the hit of a poorly managed or expired SSL certificate is in the loss of traffic you’ll experience towards your website.
Only the most dedicated will want to venture beyond the scary warning signs their browsers will throw up.
Loss of SEO
A loss of traffic can by itself decrease your ranking on search engine results pages, but did you also know that having SSL properly installed on your website improves your website’s searche engine ranking?
That means that if your SSL certificate expires or is otherwise invalid, your site’s search engine ranking can also suffer, beyond the impacts of the loss of traffic to your site.
Loss of sales
Even beyond the loss of traffic and your loss of search engine ranking, if you sell products and services online, it’s highly unlikely that anyone will hazard to enter their credit card information into a website that isn’t properly secured.
In fact, it would be surprising if any customers did so, meaning that mismanaging your SSL certificates might result in you losing out on a whole lot of sales.
Loss of trust
Even after you repair the issue, your traffic, your SEO, and your sales might be slow to rebound because you’ve lost something even more essential to your website than any of these — trust.
Managing your SSL certificates
Luckily managing your SSL certificates well can help you avoid any of these scenarios. All you need to do is take care to manage your SSL certificates, renew them on time, revoke them when necessary, and you’ll be able to steer clear of any of the negative results mentioned above.
How to see your SSL certificates
First of all, it’s possible to view the SSL certificates you have in your Gandi accout from the SSL page. This page lists the SSL ceritficates in your account, the type, the subscription, and their validity.
From this page you can renew, regenerate, or revoke your SSL certificate.
Renewing your SSL certificate
An SSL certificate is only valid for one year. After that, you’ll need to renew it, or risk the negative consequences mentioned above.
You can renew your SSL certificate by choosing the option to do so from the drop-down menu available by clicking the three dots next to an expiring SSL certificate.
Regenerating your SSL certificate
You might want to regenerate an SSL certificate if you lose your private key or you think that it might have been compromised in some way. A compromised key might result in someone “listening in” on your website’s encrypted traffic without your knowledge.
You can also regenerate your SSL certificate from the SSL page by clicking on the three dots next to the SSL cetificate you want to regenerate and selecting the option to regenerate your certificate.
Revoking your SSL certificate
You might also want to revoke your SSL certificate if you lose your private key or you think that it might have been compromised.
This is a third option that’s available in the drop down menu available by clicking the three dots next to the SSL certificate.
Managing your SSL certificates is important
There isn’t much to managing your SSL certificates, but being able to do so from a single interface is invaluable. When you manage your SSL certificates together with your domain names and hosting, you can ensure that you have the visibility you need to be able to quickly address any issues with your SSL certificates and either renew, regenerate, or revoke them as you need to.Tagged in ssl