Secure Hosting allows your site to be accessed using the HTTPS protocol which encrypts the data transmitted between a visitor's web browser and your website. This is accomplished by adding an SSL certificate to your domain. Most often, the HTTPS protocol is used with eCommerce web sites that sell products/services over the Internet. The reason for the increased security is to protect the privacy of a visitor's/customer's transmission of personal, confidential, financial, or billing (credit card) information when making a transaction on a web site.
On a more technical note, SSL (Secure Sockets Layer) is is the predecessor of TLS (Transport Layer Security). Both are cryptographic protocols designed to provide security over a network.
DreamHost allows you to set up Secure Hosting (which creates a free self-signed SSL certificate) for any domain/subdomain that you are hosting under any active paid hosting plan.
For detailed instructions on how to add an SSL certificate to your domain, renew an SSL certificate, generate a CSR, or add a Free 'Let's Encrypt' certificate, please review the following articles:
What's the difference between a free Let's Encrypt certificate and a paid Comodo certificate?
View the following link for further information.
Considerations and caveats
The following are a few things you should be aware of before purchasing an SSL certificate.
The SSL certificates that DreamHost offers through Comodo do not support wildcard-type (*.example.com) SSL certificates. This means each domain/subdomain that you set up Secure Hosting on requires its own SSL certificate.
Single vs. separate secure sites
It's usually a good idea to create a single site that uses both HTTP and HTTPS. For example, some site owners create a completely new subdomain to host the secure site such as "https://secure.example.com". They may not even set up a regular/insecure option for this subdomain. Or, a redirect is set up on the primary domain that redirects connections to the secure subdomain. However, this type of configuration can be difficult to manage and most modern shopping cart applications (such as Zen Cart) do not require a separate subdomain. When possible, DreamHost recommends that you configure hosting on the same URL as the main site.
Not all traffic is encrypted
Adding an SSL certificate to your domain does not mean all web traffic is necessarily encrypted. Whether your web traffic is encrypted or not depends on what protocol you use. This protocol is determined by the URL. For example, if you go to http://example.com, your traffic is not encrypted. Any directory you access under that domain while using HTTP in the URL is also not encrypted. However, if you use HTTPS://example.com, your traffic is encrypted as well as any directory you access.
Note the 'S' in HTTPS. The 'S' character confirms the URL is secure.
This means you can specify what gets encrypted by choosing which protocol to use in the URL links. You can configure your site to use HTTPS when things should be encrypted such as personal and credit card information. Otherwise, you can choose to use HTTP for everything else such as information about a sales catalog. Shopping cart software builds these links according to the configuration you specify.
Private keys are used to encode Certificate Signing Requests (CSR) which in turn are used to generate SSL certificates. The private key should always be kept private and never divulged to anyone. This is one of they ways that public key encryption is used to secure data. Only an SSL certificate that was generated from a CSR (that was encoded with your private key) can be installed on DreamHost's servers. If the SSL certificate and private keys do not match, the installation fails. Since all communications with the DreamHost panel are automatically encrypted, storing your public keys in the panel is a safe place to keep them.
Using a DreamHost SSL certificate with another company
If you purchase a signed SSL certificate from DreamHost within the panel, the certificate is intended to be used within the DreamHost system and is automatically installed in the Secure Hosting configuration of the domain it was purchased for. Although it is possible to purchase a signed SSL certificate from DreamHost and then use it elsewhere, this is a complicated process which support does NOT recommend unless you are very familiar with how this is done. Please note that if you want to purchase a signed SSL certificate from DreamHost and use it at another host, support cannot provide assistance with this.
Unique IPs are most commonly used with domains that have Secure Hosting enabled. While it is possible to use Secure Hosting without a Unique IP, some older browsers which do not support Server Name Indication display a certificate warning when viewing your site.
The following browsers do NOT support Server Name Indication (SNI):
- Internet Explorer (any version) on Windows XP or Internet Explorer 6 or earlier
- Safari on Windows XP
- BlackBerry OS 7.1 or earlier
- Windows Mobile up to 6.5
- Android default browser on Android 2.x (Fixed in Honeycomb for tablets and Ice Cream Sandwich for phones)
- wget before 1.14
- Java before 1.7
- Nokia Browser for Symbian at least on Series60
- Opera Mobile for Symbian at least on Series60
For more information, please see this article on SNI to view unsupported SNI combinations.