Guide to SSL Certificates

With the web in an uproar over privacy and encryption, the newbie webmaster might get overwhelmed with all the acronyms, technical details and server configurations. Deciphering the content on popular wikis such as Wikipedia just makes it more frustrating when descriptions get too technical. Here is a breakdown of SSL, what it can do for you, why it’s important and some simple steps to get your own website encrypted.

 

What is SSL?

 

SSL stands for “secured sockets layer.” Whenever you prefix a domain address with “HTTPS,” you’re sending encrypted communication across the Internet to a web server. SSL encrypts the communication between the website and your browser, which means that any information you pass over the Internet is jumbled in a way that only the recipient can decipher.

 

Importance of SSL

 

Understanding the mechanics of SSL is difficult, but it helps to understand why SSL is important and how your Internet communications transfer to a recipient. Once you understand these basic concepts, you’ll understand why SSL is an important part of Internet communication.

 

When you type a website name into your browser, your browser first does a lookup for the domain’s IP address. Once the IP address is found, the browser makes a request to the server for a connection. The server accepts, and then it sends you the website’s HTML for your browser to display. Let’s say you find a contact form on a website and want to send the owner a message. You type your information into the contact form and the information is packaged according to communication protocols and sent to the server. This is when SSL is important.

 

Your computer packages all that contact information and directs the package to the web server. However, the information must be routed from your computer to the web server that is likely hundreds or thousands of miles away. Look at the Internet as a bunch of pathways just like a normal traffic system. The packaged information takes a pathway to the web server and stops at each traffic light as it makes a “turn.” The traffic light in this example is a router. Your communication package must stop at several routers before it reaches its destination. What happens if the owner of that router decides to read your information? Since the information you sent to the web server is unencrypted, the router owner could read the data without any limitations. This type of hack is called a man-in-the-middle attack. The router owner reads the information and then passes your data to the web server you’re communicating with. In this type of attack, you don’t know that someone is eavesdropping on your communication.

 

As the data is sent and the eavesdropper is “listening” to the communication, the information passed back from the web server is also hijacked. Neither the web server nor you have any idea that the data is stolen. If your communication package includes sensitive information such as credit card numbers or social security numbers, the hacker now has your information.

 

This type of attack can be used for standard Internet activity, email, transferring files, or any type of communication that passes over the Internet without any security.

 

Encrypting Your Communication

 

What happens when you encrypt the data? The data still travels in the same way as unencrypted data. However, when you apply SSL, you encrypt data and make it useless for the attacker to read. The hacker could try to crack the encryption, but that’s a different topic altogether.

 

Let’s use the same example, except instead of standard HTTP communication, we’ll assume that the web server requires HTTPS when communicating across the Internet. The information is packaged in the same way, but now the information is encrypted with the web server’s public key.

 

What is the server’s public key? Public and private keys add another layer of complexity when working with encryption. The server has a public and private key. The public key, as the name suggests, is open to the public. Anyone can encrypt a message with someone’s public key. However, only the web server can decrypt the message with its own private key.

 

For instance, you want to send a message to your friend “Paul.” Paul has a public key. You use Paul’s public key to encrypt the message and send it to him. Only Paul can decrypt this message, and Paul uses his private key to decrypt the public key’s encrypted message.  Only Paul knows his private key password, so only he can decrypt it.

 

The same methodology is used when you communicate with a web server that uses HTTPS. You encrypt the data with the server’s public key, and the web server uses its private key to decrypt it. The hacker used in the previous section is still eavesdropping on your communication, but it’s encrypted and unreadable for him.

 

How Do You Get SSL for Your Website?

 

Interserver offers $19.95 SSL certificates available for sale inside https://my.interserver.net.

Interserver will also setup your SSL certificate free of charge on your Web hosting, VPS or Dedicated server.

 

How to Set Up a Certificate

 

The way you apply and set up a certificate depends on the operating system of your server, your access control on the server itself, and the type of certificate you buy. There are general steps for installing a certificate on your server, so this article will discuss some of the basics.

 

The first step is to create a CSR (certificate signing request). The operating system during this step will ask you for several pieces of information including your organization’s name, your address, the official domain name, and your passkey (remember the public and private key discussed earlier). Ensure that you use the official information you entered when you registered your domain. The certificate authority will verify that this information matches the official WHOIS record, which is the record of information for the owner of the domain.

 

Some certificate authorities check the validity of your business also. The certificate authority will verify that the business is registered to the person requesting the SSL certificate, because an SSL certificate is supposed to give users peace of mind that they are at the official website for the business.

 

Once you finish this step, you now have a CSR text file with encrypted information that you just entered. The certificate authority uses this file to generate your SSL certificate. It takes a few days to get your SSL certificate, so give yourself some time if you need to upload a new website with SSL installed.

 

Once you receive the certificate, you need to install it on your server. This can be done a number of ways depending on your operating system. The certificate authority usually has instructions for the type of operating system you’re using, and the installation is only a few steps similar to generating the CSR. Instructions usually come with the new certificate sent by the certificate authority.

 

In summary, it’s important to have encryption installed on your web server especially if you take any type of credit card information from customers such as the case with ecommerce stores. While encryption doesn’t guarantee that you’ll never be hacked, it does guarantee that your customers’ data is protected and private.

 

What is IPV6?

When the Internet was defined, original creators used 32-bit addresses for each host in the cloud. The addresses allowed about 4.3 billion unique addresses. These addresses were the foundation of the TCP/IP protocol and communication over the Internet. Each address had to be unique for communication to succeed, but decades later the Internet has depleted its IP address pool. Recognizing the issue, engineers have introduced the new IPv6 address pool.

 

How Computers Communicate on the Internet

Before discussing the specifics of IPv6, it’s important to understand how computers communicate over the Internet. Each computer is given a 32-bit address that’s unique from any other computer on the Internet. This includes web servers, routers, switches and any cloud resources accessible over the Internet.

When a computer sends a message to another computer, the data is packaged along with the sender’s IP address and the recipient’s IP address. The addresses are used by routers and switches to direct traffic to the right recipient.

Numerous new Internet resources have been added to the cloud in the last decade. The result is that 32-bit IP addresses are recycled and reused. With more web servers, hosts and routers added to the cloud, these IP addresses are no longer available. To compensate for a lack of available IP addresses, engineers introduced IPv6.

Adding Available IP Addresses Using IPv6

IPv4 used 4 different numbers between 0 and 255 to define addresses. With IPv6, IP addresses are expanded to 128 bits, and they introduced hexadecimal values.

The following is an example of an IPv4 address:

172.16.254.1

The new IPv6 addresses look like the following:

2001:db8:ffff:1:201:02ff:fe03:0405

IPv6 extends available addresses to hundreds of trillions of available Internet addresses.

You probably don’t even realize that many of your devices already use the newer form of IP addresses. Most mobile devices and wireless networks use IPv6 to connect to the Internet. In some environments, system administrators mix IPv6 with IPv4. Your device can be given both addresses to enable communication with older resources.

Implementing IPv6 is more difficult than it seems. Older operating systems don’t support IPv6 such as Windows 2008, Vista and XP. Even though these operating systems are years behind current technology, plenty of users still don’t want to migrate to newer operating systems. This creates a hurdle for network administrators. It’s too costly to retire old servers on large enterprise networks. Moving to a new operating system also requires extreme testing and quality assurance to avoid costly internal network bugs.

Internal networking systems don’t have enough computers to force conversion to IPv6. The IP address assigned to your internal home or network computer isn’t exposed to the Internet. These IP addresses are considered “non-routable.” For instance, go to “WhatIsMyIP.com” and notice that the IP address listed is not the same as what’s assigned to your computer. The IP address shown is your firewall or external router public-facing IP. Internal networks use routers to control traffic on the Internet, so your IP address isn’t exposed to the public. This is a way to segment the network and protect individual computers from cyber threats.

If you’re an end-user, you don’t need to worry about IPv6, but you might notice a change in IP address format. When a support technician asks you for your computer’s IP address, it might be a version 6 format instead of version 4.

Tips to Speed Up Your WordPress Website

blog_speedup_wordpressA resourceful semantic publishing software, WordPress is packed with a great set of features with a focus on ease of use, better user experience, standards-compliance, easy customization, free content management system and is blessed with an active community. Not to mention, it is as free as in freedom. However, like with everything else, you have to take the bitter with the sweet. With a horde of benefits that WordPress comes with, it can be quite slow and shorn of correct precautionary measures, you may end up with a snail-like website.

The importance of the speed of a website cannot be stressed enough as the attention span of an internet user is miniscule. When a visitor lands on your website especially for the first time, a website only has few seconds to attract the attention of the user in order for them to linger. The slower the website, the lesser the number of users for the site. A faster website also translate to more traffic and rank better in search. In short, a slow website is a recipe for failure. Here is a little smattering on the ways to improve your website speed.

Tips to improve your WordPress website:                             

Hosting and Type Of Hosting

A shared host, at the outset, sounds like a great option with unlimited page views and is very cost effective that most new entrepreneurs get attracted to it. However, a shared hosting can be a major reason for the slow speed and frequent downtime of a website. So, if you plan to stack a large amount of content on your website, it is advisable to invest in a proper hosting services, which wouldn’t be detrimental to the health of your website.

Choosing a Good Hosting Provider

A website needs a hosting plan as a fish needs water. Okay this may be little over stretched but you get the drift, right. A website needs a hosting plan but instead of visiting too many different hosting providers, you need to look inside first. Choose according to your need.  If you own an Ecommerce site, a heavy CMS, expect a lot of traffic or traffic spikes, then avoid shared hosting plans. There are many different types of hosting available including shared hosting plans, dedicated hosting plans, managed WordPress hosting plans and virtual private server (VPS) hosting plans.

InterServer offers 30 day money back guarantee on shared hosting, 99.5% uptime guarantee, 100% power guarantee,  fast and easy setups, easy to use control panel choices, and much more. With a 30 day money back guarantee, and a horde of other benefits, InterServer is a great option for start-ups and huge corporations alike.

Browser caching

When a user visit a website, the elements on the page they visit are stored in a cache, so the next time if the user again visit the same site, your browser can load the page without having to send another HTTP request to the server. Install WordPress plugins which will help capture caches more effectively and ensure a faster website. For more details check our previous blog on Optimizing your wordpress blog.

Enable compression

Compressing the CSS and Javascript files of the website will help the browsers to download them faster. Gzip compression can easily reduce file sizes from 200+KB (non-compressed) to less than 40KB (compressed). As long as server has the compression enabled, take an advantage of it. It is sure that the users of the website will experience a drastic speed up both for desktops and mobiles by enabling compression at the server.

Image size reduction, specify image size, scale images and type (JPG/PNG)

Images are the major perpetrator when it comes to slowing the website. The keyword when it comes to images is ‘optimize’. You need to optimize your images (above 50KB) before uploading them to the website. The best way of optimizing them is to use Photoshop or any other image manipulation software. Progressive images should be used for JPG files because progressive furnishing of images provides a smoother user experience.

When loading images into WordPress the height and the width of the image has to be set without fail. If you fail in doing that, the browser has to wait until the image is fully loaded. Setting up the height and width allows the browser to allocate a box on the page for an image.

Type: Use JPG as your default. It’s the smallest and fastest loading file type. Use PNG only for images with text (JPG rasterizes text which makes it blurry) or if you need a transparent background. Minimize or even eliminate any heavy GIF files because they can drastically slow down the loading time of your site

Reduce number of plugins and Keep your WordPress installation updated.

The number of plugins is one of the greatest advantage that WordPress has. However, excess of anything is bad. Ensure that you aren’t adding all the plugins you can find. The more the plugins, the higher the chances of software conflicts which may lead to the website crash. Use only what’s really important and delete the rest. Also, be sure to keep your plugins up to date to prevent any further delay on loading the websites.

Choose a simple, clear and a clean theme

WordPress has abundant theme options, both in free and paid versions. To make sure that you have a theme that performs pretty well, ensure that it’s not majorly dependent on images. Images look great, but it should also be noted that they also reduce the speed of loading. Another thing to look for is a theme with a CSS based design.

Minimize the number of HTTP requests and Fix 404 errors

The more HTTP requests the page calls for, the slower the loading time of website will be. Combine the CSS files, merge Javascript files, and combine images in data sprites among others to make as few HTTP requests as possible. Your major goals should be to minimize the number of HTTP requests loaded per page.

Incorporate these tips while investing in a good hosting provider such as InterServer to speed up your website, get more traffic, rank higher in search and make more sales.

Is Your Website Footer A Missed Opportunity?

 

A website design always includes a website footer, but many people consider the footer only suitable for disclaimers and cookie policy documents. But the footer can be a valuable part of a website if used correctly, so ask yourself if you have let your website footer become a missed opportunity.

 

Common website footer mistakes

There are several mistakes that are made by many, including website designers, when it comes to the design of a website footer. These include including a copyright notice and nothing else, but also failing to use the footer to repeat contact details or Calls to Action. Broken links, excessive placing of logos, and out of date information are all notorious footer mistakes.

 

Why the footer is important

The footer is important because it is visible on every page of your website, including your blog if it is part of your main site. Using the footer to its optimum capabilities also means that you need not clutter your main pages with text or images. The footer is also usually the last thing a visitor to your website sees, especially if they are viewing it using a mobile device, such as a smartphone or tablet. This means it may be the last opportunity you have to make a connection with your site’s visitors and the last opportunity to make a sale.

 

What your footer should be used for

Your footer therefore, should be used for Calls to Action, links to other pages on your website, contact details, opening hours and social media buttons. It should also be used for a copyright notice and policies, because this is where most people are likely to look for them. You can also use your footer for a list of recent blog posts and their most popular categories, your Twitter and/or Facebook feed, and your logo.

 

Keep it simple

You may be thinking that this is a lot of information to put in your footer and this is true, so you will need to exercise discretion when choosing what to include. Do not include links that are of little value or interest to your users, for example, but rather focus on links that will take your users to places where you want them to be and which they will find entertaining, informative and relevant. Do make your contact details – business name, address, telephone number, email and operating hours – clearly visible so it is easy for users to get in touch.

The footer of your website is a prime opportunity to market your business and enhance engagement with your website users. Pay as much attention to your footer design as to the rest of your website to ensure that your site is working hard for you 24/7.

Dedicated Servers: 6TB Drives Now Available

1436835734_HardDrive

Need to store a large amount of data?

InterServer now offers 6TB Hard Drives as an available option for all dedicated serves.

Upgrade from 250GB HD to 6TB for an additional $20 per month during your purchase of a new dedicated server.

See all our dedicated server packages here: http://www.interserver.net/custom-managed-dedicated-servers.html