In this article, we will examine why the SSL Manager lists both the “www” and “non-www” versions of your domain names. We will also discuss whether it is really necessary to purchase a separate SSL certificate for the “www” and “non-www” versions of your website.

What Is the Difference Between the “www” and “non-www” Versions of a Domain?

To better illustrate the differences between the two domain versions, we will use the example domain my-domain.com. The “non-www” version, my-domain.com, is regarded as a domain while the “www” version, www.my-domain.com, is classified as a subdomain. In that sense, it could be said that the main version is my-domain.com, while www.my-domain.com holds the same classification as other subdomains like blog.my-domain.com and shop.my-domain.com.

From a technical standpoint, the “www” and “non-www” versions of a domain are completely separate and unique. In fact, if the web server is not configured correctly, it is not uncommon for web crawlers and other bots to mistake the “www” and “non-www” versions of a domain as two separate websites that hold identical content.

From a practical standpoint, however, “www” and “non-www” are almost completely interchangeable. As a website owner, you should ensure that your visitors can reach your website regardless of whether they enter the “www” or “non-www” version of your domain name in their browser address bar.

Why Does the SSL Manager List Both the “www” and “non-www” Version of My Domain?

The SSL Manager is set up to list all hostnames that are associated with your hosting account. Every domain and subdomain can be classified as a hostname. As such, the SSL Manager lists both the “www” and “non-www” versions of all domains that are part of your hosting account along with all other subdomains that you may have created.

Do I Need a Separate SSL Certificate for the “www” and “non-www” Versions of My Domain?

The need to purchase a separate SSL Certificate for the “www” and “non-www” versions of your domain depends entirely on the SSL provider that you have chosen as well as the SSL certificate itself. We are happy to say that all SSL certificates purchased through AwardSpace will always cover both the “www” and “non-www” versions of your domain.

If you need to purchase an SSL certificate through a third party, it is always best to check with their Customer Support team and learn whether the SSL certificate will cover both the “www” and “non-www” versions of your domain. Fortunately, when you opt to purchase an SSL certificate through a third party these days, it is increasingly common for the SSL certificate to cover both the “www” and “non-www” versions of your domain.

Should I Use Both the “www” and “non-www” Versions of My Domain?

Even if you can install an SSL certificate on both the “www” and “non-www” versions of your domain name, we actually recommend picking just one version and forwarding all traffic to it. Not doing so will have a negative impact on your SEO.

How Do I Set up My Website to Only Use “www” or “non-www”?

Generally speaking, you can set up a website to use either “www” or “non-www” through your CMS settings or via a 301 redirection in your .htaccess file. In fact, we have a separate tutorial which details how to redirect all traffic to “www” or “non-www” while also forcing an HTTPS connection.

You can follow the tutorial as long as you are using one of our premium shared hosting plans or one of our Semi-Dedicated web servers. If you are using our free website hosting service, you can still follow the guide in order to direct all traffic to “www” or “non-www”, but without forcing a secure HTTPS connection.

Conclusion

Even though the SSL Manager lists your domain name two times, you do not need to purchase an SSL certificate for “www” as well as “non-www” to fully secure your website. Instead, you should pick your preferred domain version, secure it with SSL, and redirect all traffic to it. Listing “www” and “non-www” in the SSL Manager is most helpful when you need to upload a third-party SSL certificate that only works on one version of your domain and not the other.

The post Do I Need a Separate SSL Certificate for the “www” and “non-www” Versions of My Website? appeared first on AwardSpace.com.

But when you do get your SSL certificate, you may be surprised to discover that there are actually three different parts to it – the SSL certificate itself, the Intermediate Certificate Authority (CA), and the Private Key. In this article, we will describe how an SSL works and we will focus on the purpose of the Intermediate Certificate Authority.

What Is an SSL Certificate?

SSL, which stands for Secure Sockets Layer, is a popular Digital Certificate. At the heart of every SSL certificate, you will find a set of cryptographic keys. These keys are different on each certificate and they uniquely represent the organization or person for whom the certificate is issued.

What Is the Purpose of an SSL Certificate?

The cryptographic keys in SSL certificates are commonly used to enable HTTPS on websites. Additionally, SSL certificates can confirm the identity of the domain where they are installed, thus preventing phishing attacks. SSL certificates have other uses as well, such as verifying that programs and documents have not been tampered with.

How Do SSL Certificates Work?

Each certificate is created by a trusted Certificate Authority. Before issuing the SSL, the Certificate Authority has the task of verifying the data submitted by the applicant. Once all data is confirmed to be correct and factual, a set of cryptographic keys is generated and the certificate is issued.

An SSL certificate’s security value is derived from two main factors: that the Certificate Authority that has issued the SSL is a trusted one and that the Certificate Authority has performed validity checks before issuing the certificate. As such, when you purchase an SSL certificate and install the SSL on your website, the Certificate Authority effectively vouches for the authenticity of your website.

Each Certificate Authority has its own certificate known as a Root CA certificate. This Root CA certificate is used during the creation of your SSL certificate. The Root CA certificates are trusted by most operating systems and web browsers and as such, your SSL certificate is also trusted by extension.

It is actually not common for a Certificate Authority to use its Root CA certificate to issue SSL and other end-user certificates. Instead, an additional layer of certificates is used. These additional certificates are called Intermediate Certificate Authority (CA) certificates.

What Is the Purpose of the Intermediate CA Certificate?

Intermediate CA certificates act as middlemen between the Root CA certificate and the certificates issued to end-users. All three types of certificates create a chain of trust: the web browser implicitly trusts the Root CA certificate, the Root CA certificate trusts the Intermediate CA certificate, and finally, the Intermediate CA certificate trusts the end-user’s SSL certificate.

Why Is the Intermediate Certificate Authority Important?

The idea behind the Intermediate CA certificates is to add an extra layer of protection. This higher level of protection is achieved by not having to use the Root CA certificate to issue certificates for end-users. Instead, the Root CA certificate mainly issues Intermediate CA certificates, and these Intermediate CA certificates create SSLs for third-party organizations and individuals.

Is the Intermediate CA Certificate Mandatory?

While it is possible to upload a custom SSL certificate without including the Intermediate CA certificate, it is not recommended. As we have outlined above, the Intermediate CA certificate plays a vital role in the chain of trust between the Root CA certificate and your SSL certificate. By omitting the Intermediate CA certificate, you are breaking this chain of trust.

As a result, most web browsers and operating systems will not be able to recognize that your SSL certificate is coming from a legitimate Certificate Authority. To make matters worse, instead of loading the website, you will likely be presented with a warning message, such as the one shown below:

Conclusion

The inclusion of the Intermediate Certificate Authority, although optional, is highly recommended for all website owners. Without the Intermediate Certificate Authority, not all web browsers will recognize the installed SSL certificate as a legitimate one and will display messages discouraging visitors from proceeding to your website.

If you would like to ensure that your SSL is using the Intermediate Certificate Authority, you can contact our 24/7 Technical Support Team for assistance. The only requirements are that you need to be using one of our premium shared hosting plans and that you need to have an active SSL certificate on your domain name.

The post What Is the Purpose of the Intermediate Certificate Authority in SSLs? appeared first on AwardSpace.com.

This high level of protection is achieved by using hash functions to encrypt all data. SHA-1 and SHA-256 are two of the most popular hash functions. In this article, we will look at the differences between SHA-1 and SHA-256 and also explain how you can upgrade your SSL certificate from SHA-1 to SHA-256.

What Are SHA-1 and SHA-256?

SHA-1 and SHA-256 are known as cryptographic hash functions, complex mathematical algorithms that can be run against any type of content such as text, images, video, etc. SHA-256 is the successor of SHA-1. The creation of SHA-256 was necessitated because flaws were found in SHA-1 that weakened its cryptographic strength.

Each SSL certificate can use only one cryptographic function at a time. So if your installed SSL certificate is a couple of years old, it may have been issued using the now-defunct SHA-1 hashing algorithm.

Is My SSL Certificate Using SHA-1 or SHA-256?

You can check whether your SSL certificate is using the SHA-1 or SHA-256 hashing algorithm by running an SSL test on your domain name. There are multiple free online SSL checkers and most of them should be able to list the type of hashing algorithm that is used.

If you do not have a preferred SSL checker in mind, you can use the SSL Server Test by Qualys. Just click on the link, enter your domain name, wait a minute for the SSL test to run, and then view the available information.

In the screenshot example above, you can see that the tested site is using SHA-256 as its hashing algorithm. The field is titled Signature algorithm, however, this can vary depending on the SSL checker that you are using.

If you do not wish to use an online SSL checker, your other option is to contact your SSL issuer. They should be able to provide you with information on which hashing function is used in the SSL.

How Can I Upgrade My SSL Certificate From SHA-1 to SHA-256?

In order to upgrade your SSL certificate from SHA-1 to SHA-256, the SSL certificate needs to be reissued using SHA-256. Once the certificate is reissued, the old certificate should be uninstalled and the updated SSL certificate should be installed in its place.

If you have purchased an SSL certificate through AwardSpace, you can open a Trouble Ticket to the Technical Support Team and request your SSL certificate to be reissued using SHA-256.

On the other hand, if you have purchased an SSL certificate through a third party, you would need to contact your SSL issuer via their website and request your SSL certificate to be reissued using SHA-256.

How Critical Is It to Upgrade My SHA-1 SSL Certificate to SHA-256?

Currently, there are multiple known weaknesses in SHA-1. As such, any active SSL certificate that is using SHA-1 is severely compromised and should be upgraded to SHA-256 as soon as possible.

The good news, however, is that the move to SHA-256 has been ongoing for a few years already. So there is a good chance that your SSL is already using SHA-256. Nevertheless, if your SSL was issued three years ago or more, you should check whether the SSL is using SHA-1 and if it is, it should be reissued using SHA-256.

Conclusion

SSL certificates are only as strong as the hashing function they use. If an SSL uses a weakened hashing function, such as SHA-1, attackers can exploit the SSL to present false information to your site visitors or steal the visitors’ data outright. Therefore, it is important to check whether your SSL is using SHA-1 and if it is, the SSL should be reissued using SHA-256.

The post How Can I Upgrade My SSL Certificate From SHA-1 to SHA-256? appeared first on AwardSpace.com.

Do I Have to Own a Dedicated IP for SSL?

Yes, if you plan on getting an SSL certificate for your website, you should purchase a dedicated IP for SSL as well. The IP address is necessary for the proper installation and activation of your SSL certificate. If you are not sure how the SSL installation is carried out, you can read our guide on how to install an SSL certificate.

What Will Happen If My Dedicated IP for SSL Expires?

Your SSL certificate depends on your dedicated IP address to function properly. As such, if you forget to renew your dedicated IP for SSL, the SSL certificate that you have installed on your hosting plan will cease to work. To make matters worse, web browsers will start showing a security warning instead of your homepage.

Fixing SSL-related issues should be your top priority since the warning messages displayed by web browsers will deter your potential visitors. Fortunately, an expired IP for SSL is not a complex problem and it can be resolved fairly quickly. You can take two approaches to get your website up and running: you can either disable all SSL-related functionality on your website altogether or you can renew your dedicated IP for SSL.

How Do I Renew My Dedicated IP for SSL?

To renew your dedicated IP for SSL, head to the service renewal page in our Control Panel.

From there, select your IP for SSL as the product you wish to renew, choose the renewal duration, and press the Continue button. You will then be asked to provide your payment information. Once the payment is made successfully, your website should be fully restored within a few minutes.

How Do I Disable SSL-Related Functionality on My Website?

SSL Manager section of our Control Panel. Additionally, you may need to configure your website and .htaccess file to allow unsecured HTTP connections. If you are not sure how to perform these tasks, you can reach out to our friendly 24/7 Technical Support Team.

Generally, we do not recommend this approach as it lowers the security of your website and is likely to have a negative impact on your search ranking and the number of site visits. Disabling SSL should only be used as a temporary solution to getting your site up and running.

Conclusion

Letting your dedicated IP for SSL expire can lead to unexpected and unnecessary downtime for your website. To prevent this problem from ever occurring, you should keep a close eye on your IP’s expiration date and make sure that it is renewed before the date passes. In fact, we would recommend getting the IP renewed a few days in advance, just to be on the safe side.

The post What Will Happen If My Dedicated IP for SSL Expires? appeared first on AwardSpace.com.