fbpx

Trick or Treat - 30% OFF - Coupon Code: SCARY20 Download Now

SSL Certificate - How to Enable HTTPS(SSL) in Joomla?

ssl-certificate-joomla

Do you own a Joomla website? If yes, then keeping it secure from hackers by installing an SSL certificate should be your top priority in 2020.

Why is that?

If you look at the stats provided by Sucuri, in 2018, 4.3% of the hacked CMS that they investigated and fixed were Joomla websites. Though WordPress sites appear to be the main target of hackers, it doesn’t mean your site isn’t vulnerable to threats.

There are other benefits to installing SSL certificates as well.

In this article, let’s look at what is SSL Certificate and some of its other important aspects. You will also learn how to install SSL on Joomla Website.

But if you are worried that investing in your website security is not in your means, don’t fret. You can still go for a cheap SSL certificate.

What is an SSL Certificate?

An SSL Certificate (Secure Sockets Layer) or Digital Certificate is responsible for creating a secure link between your website and a visitor's browser. It makes sure that all data passed between the website and browser remains private and secure. When you have an SSL encryption, hackers won’t be able to steal your private information, including credit card and debit card numbers, login details.

HTTPS or Secure HTTP is an encryption method that secures the connection between users’ browser and your server. Click to Tweet

Why is an SSL Certificate Important?

SSL certificate benefits are not limited to security alone though it is one of the major advantages. Below are some benefits that an SSL certificate brings to your website.

It provides security

SSL certificates protect the sensitive data that you transmit from and to your website. It can be your login details, addresses, signups, and payment or other personal information. Since it encrypts the connection, it protects your visitors’ data from being misused by invaders.

SSL Certificates are especially essential if you own an ecommerce store where you store to accept credit cards and login details online.

It safeguards all your subdomains

If you use a Wildcard certificate, it will secure your main site and all its subdomains using one SSL certificate. Many business owners and people who maintain large websites with several subdomains find this certificate helpful. When you get a standard SSL, separate certificate installation for each of your subdomains is required.

SSL protects your site from phishing and other attacks

Thanks to the increasing number of internet users worldwide, the rate of attacks such as Phishing and MITM is only shooting up. Having an SSL Certificate on the website can secure the website from such attacks.

The act of phishing involves copying a website. When you implement an SSL certificate, it becomes almost impossible for hackers to clone a website, providing website owners an added advantage. An EV SSL Certificate can securely safeguard the website from such kind of attacks.

Boosts SEO rankings

On August 6 of 2014, Google has announced that you can actually get higher rankings in the search engine if you install an SSL certificate on your website. Though it alone can’t be the deciding factor for your rankings, implementing it can put you ahead of your rivals who don’t have certificates yet.

You can gain customer trust

Browsers like Chrome mark your site as unsecured since July 2018 if your site is still HTTP.

It is to ensure internet safety. When your site displays a security padlock in the browser’s address bar, users will know that your site is secure, eventually gaining their trust. It has been found in research that 93% of consumers recommend a company they trust. Apart from that, they will stay loyal, invest more in your products and services, and so on.

Types of SSL Certificates

Understanding the different types of SSL certificates that are available is important as it will help you make the right choice while installing a certificate.

You can find the different types of SSL certificate below:

Extended Validation Certificates (EV SSL)

An EV certificate is deemed as the highest form of a certificate. No wonder it is the most expensive. When you install this certificate on your site, the browser address bar will display the padlock, HTTPS, business name, green bar, and the country code.

Since you undergo a standardized identity verification process that confirms you are authorized legally to the exclusive rights to the domain, users see your website as a high-profile site. An EV certificate is a must if you have sensitive data on your site.

Organization Validated Certificates (OV SSL)

The OV certificate can encrypt the user’s sensitive information during transactions and validate a business’s credibility. OV certificates are often compared to EV certificates for both the versions have high assurance.

But the difference lies in that the browser will display your business name while you implement EV certificate while the OV certificate will not provide that feature. OV certificate, however, allows the green lock feature. Commercial websites usually use OV certificates.

To have a clearer understanding of the difference between EV and OV certificates, you can have a look at the images below. In the first image, the browser visiting a site with an OV certificate doesn’t display the business name, while the second image shows the business name.

Domain Validated Certificates (DV SSL)

Compared to EV and OV certificates, a Domain Validated certificate provides lower assurance but strong encryption. It is not hard to get validated, as well. Normally, you will be required to attend an email for domain verification. The best part is that there’s no paperwork required. Moreover, it is typically used by the blog owners or informational website owners. And it is also worthy to note that It is a low-cost SSL.

Wildcard SSL Certificate

With a Wildcard SSL certificate, you will be able to secure a base domain and unlimited subdomains, making it more economical than purchasing numerous single-domain SSL certificates. You will find an asterisk * as part of the common name.

Multi-Domain SSL Certificate (MDC)

Multi-Domain certificates will save both your time and money. With a single certificate, you can secure over 200 domain names and subdomains (depending upon SSL provider). More benefits include having control of the Subject Alternative Name (SAN) field under a single certificate. You can add, change, and delete any of the SANs as desired. It is a cost-saving SSL certificate that can manage multiple domains without purchasing separate SSL for a single domain/subdomain.

Unified Communications Certificate (UCC)

You can use UCCs, also known as Multi-domain SSL certificates to secure multiple domain names on a single certificate. This certificate is ideal for securing Microsoft exchange services like owa, Mail, Autodiscover, etc. Organizationally validated, these certificates display a padlock on a browser and provide the highest assurance to the web visitors through the green address bar.

As the term free SSL certificates suggests, you can get these SSL certificates for free. You can obtain them from non-profit certificate authorities such as Let’s Encrypt. They offer free certificates intending to let HTTPS become the norm. On the other hand, the certificates you buy from third parties are referred to as paid SSL certificates.

When you implement paid SSL certificates, they offer added benefits, some of which are mentioned below:

A higher level of validation

The types of SSL certificates available vary based on the level of validation they provide. The major options that you have are Domain Validation (DV), Organization Validation (OV) and Extended Validation (EV) certificates. These certificates offer a higher level of security and demand a more inclusive vetting process.

But if you look at free SSL certificate providers like Let’s Encrypt, you will find this certificate provider offers only DV certificates. It is not enough for larger business and e-commerce sites that need a higher level of validation.

A higher level of trust

Only when you undergo an intensive validation process, you may be able to display the green bar in front of your URL. And as mentioned earlier, only an EV SSL certificate can help you to showcase your company’s identity, thus establishing customer trust. All these are not achievable with free certificates.

24/7 technical support

When you obtain paid certificates, the certificate authorities (CAs) and those reselling paid certificates will provide 24/7 support. You can choose any type of support you want, be it chatting, email, or call. Free certificate authorities won’t provide such support. You will have to go through threads in their posts when you need help with an issue.

Extended validity period and warranty

A free SSL certificate usually comes with 30-90 days validity period. You will have to renew the certificate in a timely manner. On the other hand, paid certificates offer 1-2 years of the validity period, thus saving you a lot of hassle.

Moreover, a free certificate doesn’t come with a warranty. The certificate authorities of paid certificates will pay you a certain amount in case anything goes wrong in the issuance of a certificate.

As you can see, paid SSL certificates come with more benefits. But it is entirely upon you to decide which one is best for you or you can choose depending on the type of site you own.

How to install SSL on Joomla Website?

Now that you know what an SSL certificate is and the value it brings to your website, let’s focus on how to install it on your Joomla website. Here is an easy peasy-guide that you can follow.

Install SSL Certificate on your server

Note that installing a certificate will vary depending on your hosting provider and server configuration. First, check your hosting documentation and follow the instructions.

Permit Force HTTPS/SSL on Your Joomla Website

Joomla Force HTTPS is a feature that activates the SSL Certificate on your Joomla powered site

In your Joomla backend, go to System -> Global Configuration

On the Server tab, set ‘Entire Site’ for the ‘Force HTTPS’ option.

Then click on Save to save your settings. Your work is done!

If you want to check if the certificate is functioning, you can visit the website at https://yourdomain.tld and view the certificate/site information.

However, remember that users visiting your site using HTTP protocol will not be automatically redirected to HTTPS. Hence, some tweaks on your files are recommended.

Edit configuration.php file

Go to the root directory of your Joomla to find the configuration.php file. Use a text editor to open the file. You will find the line


public $live_site = '';

Replace it with


public $live_site='https://www.yourdomain.com';

Edit .htaccess file

There is the .htaccess file in the same directory. Use a text editor and add the following lines at the bottom of the file.


RewriteEngine On
RewriteCond %{HTTPS} OFF
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Major SSL Certificate Provider

There are many certificate authorities and resellers from whom you can obtain SSL certificates. Some of the major SSL certificate providers are mentioned below.

SSL Provider Starting Price
ClickSSL $12.56 per year
Symantec $241 per year
DigiCert $218 per year
GoDaddy $79.99 Per Year
Comodo $79 Per Year
GeoTrust $149 Per Year
Let's Encrypt FREE

ClickSSL

If you are looking for a cheap SSL certificate, ClickSSL is the solution. An authorized reseller of leading certificate authorities, many individuals and businesses rely on them to secure their sites and gain customer trust. You can get SSL certificate here for as cheap as $10 with 1-year validity.

Symantec

Symantec is one of the most popular CAs providing advanced security features such as information protection, threat protection, identity management, compliance enforcement, and so on. The certificates offered by Symantec are considered little pricey, but the service it provides is worth the price.

DigiCert

Another reputed certificate authority that is quite popular among web owners who manage multiple certificates; DigiCert’s basic SSL is compatible with all major browsers, and you get 24/7/365 customer support. The diversity of SSL certificate is also the focus of DigiCert so that the authority can reach to the small size businesses.

GoDaddy

GoDaddy provides an excellent price for customers when it comes to SSL certificates while still providing SHA-2 and 2,048-bit encryption. By using their certificates, you can also protect unlimited servers (wildcard SSL) and get features like a Security Seal on your site.

Comodo

If you are looking for reliable and affordable Joomla SSL certficate, COmodo is the the best for you. With 2048 bit signature and 256- bit encryption, it provides you a highest level of security. The basic plan starts with $79/year in a 5 year bundle. To know more head over to its official website.

GeoTrust

GeoTrust is another biggest SSL certificate provider who is offering SSL certificates in more than 150 countries.

Let's Encrypt

Let's Encrypt is biggest free SSL Certificate provider. It is mostly used by the small business who are not able to afford the premium SSL for their website. The only drawback I saw in it is that you need to renew it after each 6 months.

Winding-Up

Though the primary role of an SSL certificate is to encrypt sensitive information transferred across the internet, there are plenty of other benefits that it offers.

Most importantly, the SEO boost and customer trust it gains simply cannot be missed out. Implementing the SSL certificate on your Joomla website in 2020 should be your main business priority if you are yet to do it. You can follow the easy installation process shown in the article.

Often, the high cost of installing an SSL certificate is considered as a disadvantage by web owners. But if you know where to buy a cheap SSL certificate, the issue can be solved easily.

Rate this blog entry:

Best Joomla Templates

Extremely Flexible, Responsive and User Friendly

Explore Templates