How do I add SSL to my Site?
OVERVIEW: Customers who have an e-commerce WordPress site will need an SSL (Secure Socket Layer) certificate. An SSL certificate validates your website’s identity and encrypts all information sent to and from your website. When you have an SSL installed, your customers’ data will be fully secured for all financial transactions, usernames and passwords, and credit card information. Websites running SSL can be recognized in the following ways.
SSL certificates must be purchased and established prior to being implemented on your site.
You can purchase an SSL certificate through WP Engine or a third party. This article will cover:
- What is an SSL certificate?
- How to obtain an SSL certificate.
- How to transfer an existing SSL certificate.
- Regarding Internet Explorer and SSL
What is an SSL Certificate?
SSL stands for Secure Socket Layer (SSL). SSL is a protocol that will encrypt a website’s data. This will assure your customers that what they are visiting is your site, not an imposter’s site that is pretending to be your site. Data that is transmitted via SSL is encrypted to ensure that it cannot be intercepted by any third parties. For a more in-depth guide on how SSL encryption works, please see our article regarding SSL Certificates .
HOW TO OBTAIN AN SSL CERTIFICATE
Before we get started there are a few things to understand.
- SSL Certificates can be purchased from WP Engine (Option 1) or a third party (Option 2).
- Before you can obtain an SSL certificate from WP Engine, your site must be live with us (that is, the DNS records for the affected domains must point to a WP Engine IP address).
- We sell two distinct types of SSL certificates (and can support all 4 of the available SSL varieties).
- Standard SSL certificates cover one domain including both the www and non-www versions of that domain (so, for example, the SSL certificate will cover both www.yoursite.com and yoursite.com).
- Wildcard SSL certificates cover www, non-www, and all subdomains (for example, subdomain.yoursite.com).
Option 1: Purchasing from WP Engine
Purchasing an SSL certificate through WP Engine is the easiest and most hassle-free way to get setup with additional security. We partner with RapidSSL so that we can offer you the opportunity to not only purchase the SSL Certificates, but also have them automatically installed. If you would like more info about RapidSSL you can consult: https://www.rapidssl.com/learn-ssl/ WP Engine SSL certificate pricing Standard SSL certificates = $49 per year Wildcard SSL certificates = $199 per year You will be charged immediately through our billing system. Your purchase will be automatically renewed after 12 months. You will need to contact support if you wish to cancel the renewal. After 30-days, the fee for your SSL becomes non-refundable. For step-by-step help, use our interactive tutorial, “How Do I Buy An SSL Certificate “, in the User Portal.
How to Purchase an SSL certificate through WP Engine
- Log into the User Portal
- Choose the Install to which you want to apply the SSL Certificate
- On the right hand side of the screen, click on SSL
- Click on the “+ Buy SSL Cert” button when you are ready to configure and purchase your SSL Certificate
- Choose the domain which you want to apply the SSL Certificate. Note: The drop down list of domains will only show domains that are not already configured with SSL
- Choose Standard or Wildcard certificates
- Standard SSLs cover one domain, which includes www.example.com and example.com. However, if you choose a subdomain such as shop.example.com, the domain www.shop.example.com is not included.
- Wildcard SSLs cover example.com plus all subdomains (e.g. example.com, www.example.com, shop.example.com, and members.example.com).
- Click Next
- Fill out your contact information
- Read and agree to the Terms and Conditions
- A Confirmation window will appear. You will also receive a confirmation email sent to the address specified in the Contact Information window.
How to configure installed SSL Certificates
- All domains secured by SSL will be shown in the SSL menu of
the install in question, in the my.wpengine.com User Portal
- Adding and Removing URL paths that will use SSL can be accomplished by expanding the domain under the “SSL Certificates” section: This is done using regular expressions, for more info see this guide
- In addition to using regular expressions to force paths to https, you can also choose to “Secure all URLs” which will force your entire site to HTTPS
- Install-specific settings will apply to all certificates that are configured per install. These options include:
- Force http:// for non-SSL pages – if checked, visitors who request https:// via their browser will be redirected to http:// for URL paths that are not configured to force SSL
- WP-Admin settings – determine what areas of your WP-Admin site should use SSL.
Option 2: Purchasing or using an existing SSL from a 3 rd party vendor
Note: 3rd Party SSL is not an option on a Personal Plan
If you would like to transfer an existing 3rd party SSL or purchase a new SSL from a 3rd party, we can help with that too. To begin this process, navigate to your User Portal and select and click the “SSL” link under the install in question.
There, you will click “Add existing 3rd party cert (CSR),” and fill out the required information. Your CSR will be generated and displayed on the next screen.
You can then give the CSR to the third party SSL Certificate provider. In turn, the third party provider will give you a SSL Certificate. You can then provide your certificate to WP Engine for installation on our servers on the upload step of the CSR creation wizard.
HOW TO TRANSFER AN EXISTING SSL CERTIFICATE
If you already have an existing SSL Certificate with a previous host, and have fully migrated your site to WP Engine, we can help you transfer your SSL Certificate over to our servers. In this case, please contact your old host and request your Private Key and certificates. The Private Key and certificates can then be placed into the folder titled “_wpeprivate” and provided to us through SFTP. Note: If you are unable to retrieve the private key from your old web host, we can create a new one for you. Simply follow the above instructions for creating a new CSR from the my.wpengine.com user portal. If you have your private key and SSL certificate, please create a new ticket; which will be found within your User Portal by selecting “Open a support ticket” from the Support tab at the top right. Please include the following within your ticket:
- Name of the install to which this SSL certificate should be applied.
- Folder name where the certificates and key are stored (this is usually “_wpeprivate” ).
Regarding Internet Explorer and SSL
At WP Engine we serve our SSL’s through a process known as Server Name Indication. This is an efficient way to deliver SSL’s and works perfectly for most browsers, however when your site is accessed using Internet Explorer on Windows XP it may return the below error. This Connection is Untrusted / Certificate Error: You have asked to connect securely, but we can’t confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site’s identity can’t be verified.
Using a dedicated IP address will ensure that anyone using Internet Explorer on a Windows XP machine will be able to access your site securely and without error. A dedicated IP is only needed for Internet Explorer on XP, no other browser should have issues without a dedicated IP address. If you would like us to provide a dedicated IP for your site, please request this with your SSL setup ticket. For pricing information regarding dedicated IP addresses, please visit our Plans page .
WP Engine Status Updates