SSL certificate error – how to solve the problems

A few years ago hypertext transfer protocol (HTTP) posed no issue to anyone. Used to enable communication between different instances, it transferred information from server to your browser to display a website. The process was instant and let the World Wide Web (WWW) connect computers over the Internet.

HTTP vs HTTPS certificate

What HTTP did not provide was reliable encryption against hackers and others, unsolicited agents. This made any sensitive data sent through HTTP open to anyone who would put just a little effort into intercepting the connection and reading it through. Since the protocol gave little to no guarantee in terms of who received your request on the other side of the wire, such assets as documents, images and – most worryingly – credentials caught the keen interest of unwanted intermediaries.

To protect websites, a secured HTTP version was introduced. HTTPS – with an extra ‘s’ standing for security – was meant to diminish the risk of attacks and to authenticate your connection to a given website. This new method of encryption was possible through SSL which funnelled all sensitive information before submitting it to the browser.

What is an SSL certificate?

Created by Netscape developers, SSL certificate plays two essential roles in an every-day internet use.

  • It authenticates, meaning the SSL gathers information about users and vents the details through Certificate Authorities.
  • It confirms that the website is what it really is, and its visitors may not worry that the data they send will fall into the wrong hands.

Though an HTTPS certificate is recommended for all websites in which any online transaction, form-filling, and data sharing takes place, the security is oftentimes omitted. It is because to add SSL you need to buy it, though some web hosting providers offer the certificate from day one free of additional charge.

How to get an SSL certificate?

You should be able to buy the certificate through your server admin panel. It’s usually one of the options attached to your current hosting plan. Once selected, the authority behind the process will ask you to confirm the information submitted in the WHOIS protocol. It should take the server no more than 24 hours to index the certificate and confirm the installation.
Not every provider is that flexible when it comes to your server activities. When you feel that the access to the configurations is insufficient, you will have to contact server support and describe your request.
There is a handful of criteria that you have to put attention to before choosing the certificate package. The most important are: the extent of validation, browser compatibility, and money back guarantee. Usually billed annually, the plans vary from a cheap ssl certificate for $9 to over $150 you have to pay for a premium package.

How to redirect HTTP to HTTPS?

Depending on the type of your web server, the change to HTTPS may be slightly different. Take two most popular providers:
While using Nginx, it is the config file that you need to edit. The line you have to add at the end of the document says:

server {
 listen 80;
 server_name domain.com www.domain.com;
 return 301 https://domain.com$request_uri;
}

In Apache web server you have to add the following line to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Similarly to getting an SSL certificate, you won’t always be able to access the files from the level of your browser. In that case, you will have to jump on the line with a support representative and lay down what is at stake.

How to resolve the most common SSL certificate issues?

A green padlock next to the website address means that you have successfully added the certificate. Despite that fact, there is still a risk of running into an SSL certificate error. Below, there are a few solutions how to fix them.

  • One popular error may result from missing certificate components. For example, a private key, which encrypts information exchanged between the server and the website, can get lost or be deleted. It could also mean that the key has not been installed correctly and you need to follow instructions from a server admin to let you generate a new certificate.
  • SSL connection problems which the system usually communicates through a popup. ‘Security certificate mismatch’ and ‘certificate not trusted’ are only two examples of the alerts. The fix could be the easiest web fix you will ever make, just make sure the date and time in the bottom system bar (on Windows) are properly set. If the solution isn’t there, check if you have added any recent web securities to your browser – or the ones added in the course of the browser’s update – and revert them to see if the alert message goes away. Sometimes, this kind of problem may not even be due to misconfigurations on your end. In this scenario, don’t hold it in and inform the website owner about the problem.
  • HTTP assets blocked when loaded through HTTPS. Your images, scripts, as well as content-related elements, should leave no room for guessing when the SSL is on. Otherwise, they will be blocked by your browser. To verify the resources in use, you can launch Google Chrome Inspector, look for ‘obsolete’ paths via a View Source command or use handy plugins – if you run your site on WordPress. The next step is to point all HTTP links to HTTPS.

Today, website owners who still rely on non-secure sites are an easy target for hackers and men-in-the-middle. With so many cases of data leakage, the risk of leaving your sites exposed to attacks has become terrible. 46,740 new pictures will have been posted be on Instagram by the time you finish reading this sentence. This should give everyone an idea of how vast the Internet is. The SSL certificate installation is only one of the means of helping you keep yourself safe online. Since this is also a method that you can easily apply yourself, don’t hesitate to add it to your website’s security arsenal.

Share:

2 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

4+ years experience in working with global and local partners from the web development industry. He combines strong communication and project management skill-set that helps him develop new opportunities and turn them into long-lasting relationships. Outside front-end and CMS landscape, he writes about film music and performs in improv theatre.

See other articles of Tomasz Ludward