A SSL (Secure Sockets Layer) certificate allows your server to encrypt all communications between the server and your website visitor's browser. This prevents anyone else from eavesdropping and capturing sensitive information. SSL is commonly used whenever credit card information needs to be provided by a website visitor to a server.
Website visitors know when a page is secure simply by looking at their browser's navigation bar. If SSL is enabled, a lock icon will appear next to the website. Sometimes you may see a green bar as well with the business name, that is an Extended Validation SSL certificate whereby the identity of the business owning the website is verified as well.
SSL certificates are provided by a number companies, including GoDaddy, Thawte, Digicert, GeoTrust and VeriSign. Technically, there is no difference in the encryption with certificates from different providers, although some consumers do trust certain SSL companies over others.
Requesting A SSL Certificate
The following instructions guide you through requesting and installing your SSL certificate (if you are hosting your website with us):
Start by clicking "Organization Settings" from the MembershipWorks menu. Then click on the "SSL" tab.
To obtain a SSL certificate, you first need a Certificate Signing Request (CSR). This request will contain your organization name, the website domain name, email, and your locality (city and state). Ensure that all this information is accurate under the "Organization" tab (if not, edit the information accordingly and don't forget to click "Save"). Then click on the "Create New Certificate Signing Request" button.
Copy the CSR block and give that to your SSL provider accordingly.
Installing Your SSL Certificate
Once your SSL certificate is issued by your provider, you can download the certificate and chain/intermediate certificate from them. You should select the format appropriate for "Apache", "OpenSSL" or "X.509".
Open your certificate and chain/intermediate certificate using a text editor. You should notice that both start with "-----BEGIN CERTIFICATE-----". Copy the certificate block into thePrimary SSL Certificate box and the chain/intermediate certificate into the Intermediate SSL Certificate box. If you are unsure what your intermediate certificate is, please contact us:
Note: do not alter the Private Key box unless you are copying that over from an existing server.
If you are installing a certificate you obtained previously, you will also need to copy the SSL Private Key from your old installation. If you had obtained a CSR from us according to the process in the last section, this will already be generated, in that case be careful not to edit this box!
Click "Install Certificate". If for any reason the installation is unsuccessful, the system will remove the certificates and provide you with an error message. In that case, make sure you have downloaded the certificates in the appropriate format (Apache or X.509), and that you had copied the certificates correctly.
Activating SSL On Your Website / Pages
If you are using a MembershipWorks theme, you can activate SSL on any web page by checking the "Enable SSL" setting under the "Page Options" box on the right side of the page. You can also simply force your entire site to be SSL by changing the "WordPress Address" and "Site Address" under Settings > General to use "https://".
If you are not using a MembershipWorks theme, you will most likely need a separate plugin to "force" your website visitors to connect via SSL to your website. There are also a number of plugins that do this, such as:
WordPress Force HTTPS - forces the entire site to be SSL
WordPress HTTPS - select only specific pages to be SSL
Certain themes may have hard-coded resources that load over HTTP (any one component that does not load by SSL renders the entire page non secure), in which case you may need to have the theme developer fix any such issues.