Manage your SSL certificate: tips & best practices

SecurityCategory
15 min read
Elijah Charbonneau

When you manage an SSL certificate, the process does not end with installing it for the safety of your website. As a webmaster or website owner, you know that security is important. And one of the most important ways to keep your website secure is by using an SSL certificate. However, while installing an SSL certificate is one of the first steps to securing your site, it's not the last.

This is because SSL certificates require ongoing maintenance and management in order to stay effective and protect your website.

If you're not sure about the requirements to properly manage your SSL certificate, this blog post is for you! We'll discuss tips on how to manage SSL certificates effectively and keep your website safe from hackers and cybercriminals.

First, let's start with a brief overview of what SSL is and why it's important.

What is SSL certificate management?

SSL certificate management is the process of monitoring and managing the entire SSL certificate lifecycle for your website or application. This starts with the installation or deployment of your certificate, keeping it up-to-date, and renewal or revocation before it expires. It includes ensuring configuration is performed correctly and that certificates are working properly.

Certificate lifecycle management begins as soon as you purchase an SSL certificate from a third-party Certificate Authority (CA).

In case you need a refresher on what SSL is, let’s briefly cover what it is.

What is SSL?

SSL, or Secure Sockets Layer, is a protocol that provides a secure connection for communication between a website and a web browser. When you install an SSL certificate on your server, it uses advanced algorithms and a type of cryptography called public key infrastructure (PKI). This enables encrypted communication between the server and any browsers that connect to it. This helps to protect sensitive information, like credit card numbers and login credentials, from being intercepted by third parties.

These digital certificates also signal to browsers that communicating with your website is encrypted. If you remember when website URLs started with HTTP, that was before the widespread adoption of the more secure HTTPS standard. The extra ‘S’ indicates a secure, protected connection. By installing an SSL certificate, your website URL will now begin with HTTPS.

In addition to encryption, SSL also provides authentication. This means that you can be sure the data is coming from the intended website and not being redirected by a malicious third party. This is important because it helps to prevent phishing attacks, where criminals try to trick users into entering sensitive information on a fake website that looks identical to the real thing.

By the way, you may have heard of TLS (Transport Layer Security). This is the successor protocol to SSL. However, both SSL/TLS are used interchangeably. Throughout this guide, the information will apply to both SSL and TLS certificates.

The importance of managing your SSL certificate 

Having an up-to-date SSL certificate is a must for data privacy, and this is especially true for online businesses and e-commerce websites.

Bad actors are always looking for vulnerabilities to attack and steal valuable information at the expense of your business and customers.

Here are a few more reasons why it is essential for website administrators and business owners to manage your SSL certificate.

To begin, you need to renew SSL certificates every 13 months. In the past, certificates were able to be valid for up to two years. However, since 2020, any certificate issued is only valid for up to 397 days. Once your certificate expires, you need to be replace it with a new one in order to continue providing security for your website.

Additionally, the encryption protocols that are used can become outdated over time. As newer, more secure protocols are developed, older ones become less effective. This means that if you're using an outdated protocol, your website may be vulnerable to attack.

It's also important to keep track of the certificate's chain of trust. The chain of trust is the path that starts with your certificate and goes all the way back to a trusted root certificate. In order for your SSL certificate to be valid, the entire chain must be in place. If any part of the chain is missing or broken, then your certificate will be invalid and your website will be vulnerable to attack.

Don't lose your page rank on search engines

Keeping a valid SSL certificate is crucial these days for website owners, especially online businesses and eCommerce stores. Having an HTTPS URL is now pretty much required by the major browsers. Without an SSL certificate, your website will lose search ranking and users will see a warning when they visit your site. That certainly doesn’t make for a great user experience.

As the world, and especially shopping, continues to move online, you need to ensure visitors can find your brand. Whether that’s on mobile devices or desktops, having a solid online presence is fundamental to success.

Besides staying secure online, SSL is an important part of a larger strategy to be discoverable online.

Editor’s note: With GoDaddy, you can leave SSL certificate management to our experts. Just sign up for our Managed SSL Service. We’ll handle the installation and maintenance!

Why doesn't the process end with an installation?

You might be wondering why the process of securing your website doesn't end with the installation of an SSL certificate. After all, once the certificate is in place, shouldn't that be enough?

Unfortunately, it's not that simple. This is because of the reasons we’ve stated above. You need to renew your SSL certificates on a regular basis and the encryption protocols that they use can become outdated. Additionally, it's important to keep track of the certificate's chain of trust to ensure that it remains valid.

In other words, SSL certificate management is an ongoing process that requires regular maintenance.

So what exactly do you need to do in order to properly manage your SSL certificate? Let's take a look at the different stages of SSL certificate management.

Stages of SSL certificate management

If you are handling SSL certificate management manually, there are a number of steps you must follow throughout the lifecycle of your certificate. Follow these steps closely to be sure that your website stays secure.

Of course, if you choose our Managed SSL Service, you won’t have to worry about any of this. Our experts will handle the installation and maintenance of your SSL from beginning to end.

Here are the steps to manually manage your SSL certificate:

#1 - Purchase an SSL certificate from a certificate authority

The first stage of SSL certificate management is purchasing the certificate from a certificate authority such as GoDaddy.

A certificate authority is a trusted third party that issues SSL certificates. When you purchase a certificate from a CA, they will verify the identity of your website and issue you a certificate that contains your website's information.

To get your SSL certificate, head over to GoDaddy’s SSL Certificates page then choose between:

  • Domain Validation (DV) SSL Certificate: This provides the standard level of validation for one domain name.
  • Managed DV SSL Service: Validation for one website, fully managed by GoDaddy.
  • Organizational Validation (OV) SSL Certificate: Provides a higher level of validation for non-eCommerce businesses and organizations.
  • Extended Validation (EV) SSL Certificate: The highest level of validation - recommended for eCommerce businesses.

If you’re not sure which type of certificate is right for you, click on GoDaddy’s SSL selector to help you choose. If you need to validate multiple domains, choose SAN SSL. For validating one website and all of its subdomains, choose our Wildcard SSL.

Once you’ve made your choice, click ‘add to cart’ then select the number of domains to protect and the term length. After this, follow the guide to complete your purchase.

Editor's Note: Learn more about different types of SSL certificates in our guide!

#2 - Install SSL certificate and ensure that it is implemented correctly

After issuance, the second stage to manage your SSL certificate is installing the certificate on your website.

While this is a relatively straightforward process, make sure you install the certificate correctly. If this isn’t done correctly, the certificate will not work properly and your website will not be secure.

Before you start, you’ll need to request the certificate for the website you want to secure. How you’ll do this depends on which certificate you have and the type of web server your site is hosted on.

Here are the instructions for requesting your SSL certificate.

Once you’ve downloaded your certificate files, you can install them on your server. Head here for the list of instructions for installing your SSL certificate on different types of web servers.

If you have one of our most popular types of hosting (cPanel), you can head here for installing an SSL certificate on cPanel hosting.

To check that the installation worked properly, enter your URL into a browser and look for the padlock icon before your URL. If it’s there, you’ve completed the installation and your site is SSL secure!

Once you’ve installed your certificate, be sure to redirect your visitors to the secured (HTTPS) version of your site. If you’re on our Managed WordPress plan, this is done automatically. Otherwise, here are instructions on how to redirect from HTTP to HTTPS for different types of hosting.

Editor’s note: If you’re looking for web hosting that includes automatic SSL certificate installation, you can’t go wrong with GoDaddy’s WordPress eCommerce Hosting or Websites + Marketing plans!

#3 - Periodic monitoring of certificate to ensure secure storage

The third stage of SSL certificate management is periodic monitoring of the certificate. This involves making sure that the certificate is stored securely and that the encryption protocols are up to date.

There are different tools on the market with certificate monitoring features. Of course, the easiest way is to sign up for GoDaddy’s Managed SSL Service.

#4 - Validate legitimacy of certificate with CA or server

The fourth stage of SSL certificate management is validating the legitimacy of the certificate.

You can do that by checking with the certificate authority or the server. It's important to continually ensure that the certificate is valid before using it to secure your website.

To make this easier, GoDaddy offers a free SSL certificate checker that validates:

  • Whether your website is properly secured by an SSL certificate
  • What IP your site resolves to
  • The validity date of the SSL certificate securing it
  • The certificate authority the SSL certificate was issued by
  • The subject information in the certificate
  • Whether the chain of trust has been established

#5 - Revoke or renew your SSL certificate before expiry

The final stage to manage your SSL certificate is ensuring that the certificate is revoked or renewed before it expires. Because if the certificate expires, then your website will no longer be secure.

That's why it's important to keep track of the expiration date of the certificate and to take action before it expires. You can either renew the certificate or revoke it and purchase a new one.

Let’s take a minute and talk about revoking vs. renewing a certificate.

Normally, you’d only want to revoke a certificate if your website is no longer operational or if you made a mistake and requested the certificate for the wrong organization.

If you are just switching certificate types, there’s no need to revoke it. You can simply install the new certificate over the existing one.

For some other situation, you may re-key your certificate instead of revoking it. For instance, if you need to change the certificate’s common name, you lost your private key, or you’re moving your site to a new server. Here’s more info on how to re-key a certificate.

To renew a certificate:

  1. Head into your GoDaddy product page.
  2. Select SSL Certificates.
  3. Choose the certificate you want to renew and press Continue to Cart to complete the transaction.

What happens when an SSL certificate expires?

An expired SSL certificate can cause a number of problems for your website. These include the following:

  • Your site will no longer be secure. In this instance, any information transmitted through your website will not be encrypted and could be accessed by third-parties.
  • Your website will no longer be trusted by browsers. This means that visitors to your website will see a warning message telling them that your site is not secure.
  • You may lose ranking in search engines. This is because Google and other search engines now take website security into account when ranking sites.
  • You may lose customers. This is because many people will not want to provide their personal or financial information to a website that is not secure.

Unless you are shutting down your website for good, you should definitely avoid letting an SSL certificate expire. Expired certificates can cause a lot of problems, so it's always better to renew or revoke (and purchase a new certificate) before they expire.

How to manage your SSL certificate?

The first step in managing your SSL certificate is to decide whether you want to do it manually or use a managed service. There are pros and cons to both options. Let's go over the differences between the two here:

Manual Management

With manual certificate management, you’ll be responsible for everything relating to manage your SSL certificate. This means from the purchase, to installation, monitoring, and renewing, you’ll need to stay on top of everything. If you make a mistake or forget to renew on time, there’s no guarantee that your website will remain secure.

Here are some of the pros and cons of manual management:

  • Pro: You have full control over your certificate and can make changes whenever you want.
  • Pro: You can save some money by doing it yourself.
  • Con: You have to keep track of all the updates and changes yourself. This can be time-consuming and difficult, especially if you're not familiar with website security.
  • Con: If you make a mistake, it could be costly (in terms of time and money) to fix it and prevent cybersecurity issues.
  • Con: It is more challenging for those without technical proficiency.

Managed SSL Services:

With a service like our Managed SSL Service, you’ll gain a lot of peace of mind. With our experts handling everything from installation to monitoring and renewal, you can relax and focus on other things.

Here are some pros and cons of choosing a managed service to automate your SSL needs:

  • Pro: You don't have to worry about keeping track of updates and changes. Our experts will do everything for you.
  • Pro: Aside from SSL, we can handle all of your website security needs for you. This means you’ll have fewer things to worry about.
  • Con: You don't have manual control over your certificate. If you want to make a change, technical support will make the change for you.
  • Con: Pricing for managed services is typically more than what you’ll pay doing it yourself.

So, which option is better?

It really depends on your needs. If you want full control over your SSL certificate and are willing to spend the time to keep track of updates and changes, then manual management may be the best option for you. This can save you some money up front.

Just keep in mind that if you make a mistake or forget to renew your certificate on time, it can cost you and your business in a few important ways. This includes being at a greater risk of a security breach, data theft, and loss of search engine ranking.

Alternatively, if you prefer to have a team of experts handle your SSL management for you, then our managed service may be perfect for you. While it will cost a little more up front, you’ll gain the assurance knowing your website and business are secure.

The important thing is to choose the option that's right for you and your website.

Editor’s note: Looking for an all-in-one package to keep your website secure? Sign up for GoDaddy’s Website Security plan. It includes SSL and important features like firewall, malware scanning, and options for CDN and DDoS attack protection.

Conclusion: DIY or save time by getting professional help?

As you can see, there are pros and cons to both manual and managed SSL certificate management. The important thing is to choose the option that's right for you and your website.

If you want full control over the entire SSL process and workflow, then manual management may be the best option for you. However, if you would rather let our team of experts manage everything for you, then you’ll love our Managed SSL Service.

If you’re going to do it yourself, make sure that you keep track of your SSL certificate and take action before it expires. Expired SSL certificates can cause a lot of problems, so it's always better to renew or revoke (and purchase a new certificate) before they expire.

If you have any questions about SSL certificates or website security in general, feel free to contact us. We're always happy to help!

Save time and leave the management of your SSL certificates to our experts at GoDaddy. Get in touch now!

Products Used