10 rookie SSL mistakes and how to avoid them
-
Choosing based on price. Not all certificate authorities (CA) are the same. The security of your certificates depends in part on how secure the CA is, so it pays to choose wisely. In addition, when you’re installing new SSL certificates you need a company that can provide a full range of services and the backup to make the installation go smoothly. (Symantec secures more than one million Web servers worldwide, more than any other Certificate Authority.)
- Not being prepared. Before you apply for a certificate, you will need certain pieces of information. It’s worth having everything ready before you start the process.
- Getting the wrong type. There are different kinds of certificates for different types of application. For example, there are certificates for email systems, code signing certificates and more, besides the familiar certificates used on websites. Make sure you choose the right one.
- Leaving certificate renewal to the very last minute. It can take a little time to go through the steps required to request and issue a new certificate, especially if you choose Extended Validation, where the CA will need time to authenticate you and your organisation. Starting 2-4 weeks in advance makes sense in most cases this also guards against unseen ‘tech issues’ that might arise too.
- Generate a valid CSR. All certificates start with a certificate signing request (CSR) but how you get a valid CSR depends on the software you’re using. Check out this guide to the most popular applications.
-
Not checking the CSR. Use Symantec’s free CSR checker to make sure you have a valid CSR.
- Not protecting the private key. SSL encryption depends on a private key that unlocks communication to and from your server. Your CA gives you this private key and you install it on your system. Treat it as a valuable asset and don’t share it with more people than necessary or make it easy for unauthorised users to access.
- Not testing the certificate. After installation, check the site using Symantec’s certificate installation checker. Also check it on a wide variety of browsers and platforms to make sure it’s working properly.
- Not getting help when you need it. If something goes wrong, you can turn to a reputable Certificate Authority like Symantec for help. A good starting point is our support page but you can also contact us directly.
- Losing your password. Smart IT managers keep a run book to record the procedures they use so that if they are not around to renew the certificates when they expire, at least their successors know how to do it. Your run book should include the URL, user name and password required to access your CA’s certificate centre (but remember keep this secured and only allow access to those who need to manage the certificates).
For more information on encryption, SSL, and website security download our SSL Explained interactive infographic now.
