HTTPS - add a SSL certificate to your site

Updated on 14-June-2017 at 11:41 AM

What is HTTPS?

HTTPS stands for Hyper Text Transfer Protocol Secure - this is the secure version of HTTP, the protocol used when data is transferred between your browser and the server that hosts the website you are visiting. As the name says, in the case of HTTPS all the communication between your browser and the website you are visiting is encrypted.

This means that all data exchanged, like personal data you are filling into a webform, credit card related data, the information you are getting when opening up your Member only webpage, and so on is encrypted at one end (the browser or the server), sent across the Internet and decrypted at the other end, thus making it unusable for a potential attacker that might intercept it. 

Various search engines have recently also started favoring HTTPS enabled websites when displaying websearch results. In general HTTPS enabled websites are regarded as more trustworthy for visitors.

What is an SSL certificate?

In order to enable the secure connection, an SSL certificate is used. This certificate is purchased from a Certificate Authority by the server's administrator and is sent over the web browser of the visitor in order to initiate the so called "SSL handshake". The handshake is basically the initial exchange between the web server and the browser in which the SSL certificate that contains the public encryption key is downloaded by the browser. After the certificate is downloaded from the webserver, the encrypted communication can begin.

The certificate provider (Certificate Authority) for Business Catalyst is Let's Encrypt.

Getting started

To enable HTTPS for your domain in Business Catalyst is a matter of a few steps. Before we get started make sure that you have purchased the domain you want to add the certificate for. This domain will need to be added as "Internal":

If your domain is not added as Internal please follow the steps in this article to migrate the domain over to the Business Catalyst DNS management system before you can add your certificate.

Add the SSL certificate to your domain

Now that the domain is added to your website and it is managed by Business Catalyst you can go ahead and add the certificate. This can be done in two ways depending on what plan your website is on.

For the Platinum plan the ability to add SSL certificates is already included by default. For the other plans you can purchase the SSL certificate overage from your Partner Portal.

In this example the site is on the Platinum plan so I already have ability to add SSL certificates included. All I need to do to enable HTTPS for the www.bcrb.tk domain is to click the "Add" link next to the domain you want to add HTTPS for:

Next you will be presented with this dialogue, click "Add" to add the SSL certificate for this particular host:

After clicking the Add link you will notice the status will change to "Pending". Please allow for up to 24 hours for the certificate to be generated by our provider Let's Encrypt. Once the certificate is generated and applied to your domain the status will change to "Active".

Testing and taking your HTTPS enabled website live

Once the certificate has been added to your domain you can start using the HTTPS protocol to browse your site. At this point, the secure protocol is not marked as default for your website. This means that site visitors will still use the non-encrypted connection.

This is a great time to browse your website securely (manually load the secure URL, for example https://www.bcrb.tk) and make sure everything is working properly - look for any errors, warning messages, assets not loading properly and so on. Here are a few items to check before redirecting all the traffic to the HTTPS version of your website - 8 things to check before enabling HTTPS

Once you are happy with how your HTTPS website looks, go to the Site Domains panel again and click the Edit link. Now it is time to switch on "Always show https in the address bar" checkbox like so:

This will basically 301 redirect all your website visitors that use this hostname from the HTTP version of your website to the secure HTTPS. After this switch is enabled, whenever somebody pulls up http://www.bcrb.tk for example they will be redirected to https://www.barb.tk

 

Conclusion

Enabling HTTPs on your website is a pretty straightforward process. To sum things up, here are the setps needed for a hassle free migration:

  1. Make sure the domain you want to enable HTTPs for is correctly configured and added to your website as "Internal"
  2. Purchase the "SSL certificate" overage or make sure you are on an eligible plan
  3. Add the SSL certificate for as many domains as you need, from the Site Domains panel
  4. Wait for the certificate to be generated and applied to your domain
  5. Test your website and make sure all the components work when using HTTPs with your custom domain
  6. When everything is set, enable the Always show HTTPs in the address bar option and all the traffic will be 301 redirected to HTTPs
  7. Add your website to the Google Webmaster tools using the new HTTPs URL