Cloudflare & Free SSL Certificates
If you are using Co-op Web Builder 3 for your website, we can help you install free SSL certificate on your site with our Cloudflare partnership. Please contact us at [email protected] for more information.
How to Get an SSL Certificate for your Website
Please read the FAQ to the right and contact us with the information needed to generate a CSR code.
Recent Browser Changes & Warnings
In recent years there has been a concerted effort by the Internet’s biggest players (Google & Mozilla, specifically) to move the internet to an encryption-everywhere model. Browser releases have been incrementally increasing security notifications with each new release.
The release of Firefox 52 on March 7 of 2017, introduced a new security feature - in-context notices for log-in fields on unencrypted pages. This is intended to call attention to the dangers of providing credentials on unsecured pages. In July of 2018, Chrome 68 started to label any HTTP pages or resources as "Not Secure".
Many of our members have noticed this change and have had questions about what it means for them. In order to help our members to understand and offer the best security for their web sites, we've compiled an informative FAQ.
FREQUENTLY ASKED QUESTIONS
Without a SSL certificate, all information entered on your site is transmitted in plaintext, which is exceptionally easy for an attacker to intercept. This includes site log-in fields, bill pay log-in fields and application forms. Without a SSL certificate, any sensitive information provided by your members is easy to steal.
Site security is provided by having a SSL certificate installed on your site.
Note: If your website is using Co-op Web Builder 3, we can generate a certificate for you with our Cloudflare partnership.
Please contact us at [email protected] and ask to be setup with Cloudflare today.
SSL certificates are offered by many reputable vendors, and usually cost between $50 and $300 per year, depending on the exact type of certificate being purchased.
Many coops work with IT companies who can facilitate the purchase for them, and an Internet search on Google, Bing or any other search engine should show many SSL vendors. For coops who don't have a preferred vendor, we often direct them to GoDaddy or DigiCert due to the ease of purchase and support offered.
To start, you'll need to know all of the domain names that will be covered. Most web sites only utilize one domain, but some web sites are accessed through multiple domains.
You'll then need a value from us called a CSR (a Certificate Signing Request). We can generate a CSR value for you easily once you provide us the following pieces of information about your coop:
- Company Name
- List of domains
In most cases, a single-domain or wildcard certificate will suffice. If you need to cover more than one domain, then you'll need a type of certificate called a SAN or UCC. These are sometimes just called multi-domain certificates.
SSL vendors usually offer varying levels of verification and authentication, as well as other value-adds, like a warranty or price break for longer term certificate purchases. The protection offered by each certificate level is the same, but the extras (such as a "Green Bar") can be beneficial to your business reputation, or offer additional liability coverage in the event of a breach.
SSL Shopper offers an excellent overview of SSL features in their article here: https://www.sslshopper.com/ssl-certificate-features.html
We are happy to install your SSL certificate for you. Once your SSL certificate is purchased, typically you'll be prompted to download the certificate, choose the Apache server type and proceed to download the files. You can then forward the certificate files over to us via e-mail and we'll take care of the rest. If credentials are required to access your certificate, please forward those, as well.
Completely. SSL certificates are publicly visible and do not need to be treated as secret data. All of the secret data is safely stored on our web servers.
In most cases, yes. Purchase of a new SSL certificate isn't usually necessary. Instead, your existing SSL certificate just needs to be re-generated for use on our servers. This also requires a CSR and follows the same process for installing a new SSL certificate.
Due to the security implications of transmitting a private key over the Internet, we cannot accept an existing private key. A compromised private key not only opens a vulnerability on your web site, but on our server as whole, putting all of our Coop WebBuilder web sites at risk. If you already have a SSL certificate, please see the question above (What if we already have a SSL certificate?) for information on using your existing SSL certificate on our servers.