Transport Layer Security (TLS)

This article covers the basics of what SSL/TLS could do for a site. The benefits range from added security to reassuring potential visitors that the site is legitimate, and may even provide you with a slight bump in search engine ranking.

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, email, faxing, instant messaging, and other data transfers.

Why add an SSL certificate?

View the following links for further details on how to configure an SSL certificate at DreamHost:

The normal HTTP protocol transmits information across the Internet in the clear for anyone to see. If someone has access to any of the networks between the client browser and your DreamHost server, they can easily peek at your data and see everything. The SSL/TLS protocol protects against this; when using the secure protocol, your web site address start with https:// instead of http://.

HTTPS is used to:

  • verify that a user is reaching the site that was intended to be visited,
  • encrypt the information in transmission,
  • protect session cookies from theft, in addition to protecting personal information such as credit card numbers,
  • protect against session cookie theft when connecting wirelessly, and
  • help give your site a ranking boost. Search engines such as Google provide small ranking boosts when sites are securely hosted.

If your site processes customer credit card data, you must add an SSL certificate to your site to protect this information. View the 'Adding an SSL certificate overview' article for further details.

When wouldn’t I need an SSL certificate?

If you site does not require a user login, or request any other sensitive information from visitors, then it doesn't need an SSL certificate.

In other words, if your site only has a some descriptive text and a few images, then you don't need an SSL certificate.

Adding an SSL certificate to your domain

View the Adding an SSL certificate article for details on how to add an SSL certificate to your domain.

Troubleshooting

  • If your secure site doesn't show any data, make sure that it works properly by using the regular protocol. For example, browse to http://example.com and you should see your web site load normally.
  • If you get a security pop-up message when you visit your secure site, you may not have the certificate installed correctly or the certificate may belong to a different site. Ask your certificate authority and/or DreamHost support for assistance. You can submit a ticket in your panel on the (Panel > ‘Support’ > ‘Contact Support’) page.
  • You may see a pop-up that says some elements on the page are secure and others are not secure. The problem is that a page on your secure site includes items (such as images, CSS files, or JavaScript files) that link to the http:// URL for your site or an external website. You must make sure that everything on the page is linked from a secure site. For example, image URLs should start with https:// for externally linked files. If the files are part of your website, then use a relative URL.

Advanced topics

Transport selection

Your pages won't be encrypted if your website visitor surfed to example.com since the default transport for browsers is http, not https. One solution is to use links to visit specific pages on the secure site as needed. For example, your links could send customers to https://example.com/securepage whenever necessary.

You could also add a few lines to your .htaccess file. These line automatically redirect http://example.com to https://example.com.

Automatic redirection from HTTP to HTTPS

Add the following to the .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

For more information on .htaccess files, see .htaccess.

Remember that security is deeper than the HTTPS protocol

While protocols allow for data encryption, there is more to securing a site than installing a secure certificate. Incorrect file permissions, outdated software, and other aspects can also cause problems.

For more information on keeping your site and account secure, review the following article on Security:

See also

Did this article answer your questions?

Article last updated .