SSL Install
By Peter Boyd on December 13, 2018 in SSL / TLS Best Practices
What is Involved in an SSL / TLS Certificate Install and Full Checklist
SSLs are big now. Security is ever more important, and you should encrypt traffic on your website.
We often hear the words “Install an SSL now. It should be easy and quick.” Well, yes, getting the SSL installed on a server is often just a few clicks, cutting/pasting some CSR keys, and a few emails to finalize a new SSL install. So, doing the bare minimum to install an SSL can take 20-minutes, if everything goes perfectly. Easier said than done, though.
In fact, installing the SSL is only the first step in a process of updating a site to full encryption and security. As we have blogged before in our SSL Checklist, there are other steps you need to complete to finalize everything. The extra steps take time, and if not done properly they can lead to issues with your website traffic and rankings. Let’s discuss in more detail why an SSL install really takes about 2 hours of work from start to finish.
SSL and Security – A Brief Primer
First, for most informational law firm websites your site is secure. If you host on a modern platform and keep the content platform up-to-date, then you are probably secure. If you are just pushing information about your firm, practice areas, blogs, etc. to a client via static web pages, then realistically there is no reason for an SSL to encrypt basic text information.
However, SSL does allow for encryption for any communication made between the visitor and your server. If you have a contact form or database of information, then an SSL is probably warranted. This is especially true if you have any confidential information, user names, dates, passwords, etc.
The web in the past year is moving towards installing SSLs for all sites. We recommend installing an SSL for most sites and even wrote blog posts on this in 2018. Whether information only sites need a full SSL is up for debate, but overall SSLs are good. On a side note, really what you are getting is a modern TLS certificate (SSL is just what they used to be called).
How Much Does a SSL Cost?
It varies. For our team, SSL costs vary depending on your server and platform. At PaperStreet, we believe in encryption. So, we pass along any certificate costs directly with no markup.
Often the cost to purchase a certificate is free, as it is on some of our servers using Let’s Encrypt. Therefore, your certificate costs are free. If the certificate costs $50 to $75 from GoDaddy, then that is the cost we pass along to the client. Again, no mark up of the actual certificate cost.
We do charge a minor fee to cover our time in setting up any certificate extras. If we are just setting up the base SSL to get the CSR request, the response, and install that data, then we just include that time for free as part of our hosting.
However, as you will see below that is just the starting point, and you really should complete the full checklist. All the other items needed to finalize an SSL are technically optional, but they really help your site and business long-term. So for that work, we do charge a bit extra as it takes up to 2-hours to finalize everything.
A True SSL Process:
Note that all the below times include client correspondence time and tracking down password access. That is often the biggest time commitment in installing a cert. The copying and pasting of data is easy.
- SSL Install – Corresponding with us for the SSL requests to install with the client. Then getting the CSR request generated, the response from the cert authority, and putting that into the web hosting system. Then liaison with any IP updates that need to be made with the client or web host.
Time Needed – 20 minutes (free part). - IP Update – Sometimes an SSL requires changing of an IP address. So, we need to either gain access to the DNS or instruct the client on updating the DNS to the new IP.
Time Needed – 10 minutes (free part). - Redirects – Updating htaccess for all redirects from non-SSL to SSL. Usually we can set a global redirect for all pages, but sometimes we have to write specific updates in the htaccess rules and check on prior rules (which can be lengthy).
Time Needed – 15 minutes to 30 minutes depending on number of them. - Site Links – We need to update internal site links via find/replace. This can be in the templates themselves or in the CMS. Usually there are static full links that should be updated. Yes, the redirects will override from step #4, but it’s better to update actual code so redirects are not needed.
Time Needed – 15 minutes to 30 minutes (sometimes longer for big sites). - Webmaster Tools – Google WMT is a great tool. However, you do need to register your new SSL property and merge with your existing property. You need to contact WMT, verify address, and update to SSL as primary.
Time Needed – 15 to 30 minutes. - Updating xml sitemaps in WMT.
Time Needed – 15 minutes to 30 minutes. - Notify – You should also notify all teams involved with your website about SSL update. This includes pay-per-click ads, SEO, developers, and marketing. They may need to update links to the site from various web properties.
Time Needed – 10 minutes to notify but updating links can take anywhere from 20 minutes to 15 hours (depending on how many directory links you need to update offsite).
Overall, a full SSL install is anywhere from 1.5 hours to over 2 hours. If a firm simply wants an SSL installed with no extras, then we will do that as part of the hosting. If you need any assistance with the other tasks, then we ask for a budget.
