It’s an early Tuesday morning, and you stroll into the office pleasantly and leisurely since it’s a beautiful day. You stop at the coffee station and pour yourself a cup of reheated, lukewarm, leftover coffee from yesterday’s late afternoon brew. After you go back to your computer, you stumble upon the fact that your website is down. You immediately start to go into crisis mode trying to find out why.
Despite multiple reminders and emails informing your team that it was due to expire, you discover that your team did not renew their SSL certificate in time. In this pinch, one would have a thousand questions, and I hope to answer the big ones.
What is an SSL Certificate?
SSL stands for Secure Socket Layer. It is the SSL which enables the encryption of your data and securely transfers it from one device to another. Every time you use a web browser and want to visit a website, your computer (the sender) will submit a request to the web server (the recipient) for that website.
The web server receives the request and generates a public key (a way of encrypting the data) and replies back to the sender saying, “Ok go ahead and send your traffic with this code!” The sender transmits the data using the public encryption provided by the web server. The web server receives the encrypted message and then uses its internal private key (unique to that device) to decrypt the code. SSL and TLS (Transport Layer Security) are both recognized standards to implement this encrypted process.
Why is it important?
To those not in the tech world, an SSL simply means that your data is encrypted as best as humanly known and ensures that the websites that you are visiting are secured. The emails you send are transmitted safely, and you can even purchase your dachshund’s cute hot dog bun Halloween costume in a secured manner.
What happens if/when it expires?
Well, it depends on if you planned for it to expire or not. If you have a new site, which requires its certificates, then you can let the previous certificate expire. There will be no issues provided the new site launched before the certificate expires on the old site (more on that a little later). If you did not plan on it expiring, in most cases you will simply renew with the vendor you currently have the certificate with. You can also have your developer install the newly purchased certificate on the server. This can usually be done in under an hour for someone who is inexperienced.
Many complications can arise to include your website hosting. They may have been sold and bought by other third party companies. Or perhaps you can’t verify the domain name with the set of email addresses because the owner of the account is out of town.
What Kind of Problems can arise?
Consequently, replacing a certificate can involve many steps: one being the tracking down of who has bought the domain. This can usually be discovered by talking with customer service representatives at your hosting company or with your IT staff. It may take several customer service representatives and a huge time commitment to track down the information, to set up new admin accounts, and to provide the right privileges. If you do not adequately plan for these contingencies, it is possible you may run out of time, and, at best, the site will go down and be unavailable to the user until the new certificate can be put into place. Further complicating the issue, the new third party vendor you just recently discovered may not even have normal operating business hours to help. In short, many of problems can arise that you may or may not have thought about initially.
Small vs. Large Businesses
If this is a small company, then the business loss will be minimal. But it is embarrassing for you as a professional that this was allowed to happen. In the case of a huge organization, a site being down could result in the loss of a considerable amount of money due to losses in opportunity and operational costs (per hour!). It is imperative that a detailed plan is pursued to ensure this process is not costly.
How to prevent it from expiring
- Document your process. This process should not be underestimated. Many companies start out with a plan and never update their system plans and documentation. A company that sells ice cream makes its money producing and selling ice cream, not updating their network documentation. You will inevitably need to dig into the process deeper than you anticipate.
Three days may not be enough time, and for a larger organization, a week may not even be sufficient. Even if all goes well, the process should take approximately an hour. It is possible to spend upwards of 20 hours with multiple people over many days if things are not straightforward.
- Have clear and well-defined practices documented and laid out for employees to follow. It is important that this documentation is reviewed and updated accordingly as time and technology changes.
- Know the vendor and what they are capable of handling. Plans to use a wildcard certificate may fall flat if the company hosting the website does not support a wildcard certificate “at this time.” This one issue could cost the team already in crisis at least an hour to resolve the issue.
- Be nice to the customer service representatives. They have an enormous task of helping people every day. Most of the time people will be angry when they call. You will get far better service and support if you are friendly, proactive and helpful. Finally, remember they are the only way you will get the solutions to your problems.
Have any more questions about the exciting world of website certificates? Was our advice helpful? Please let us know. We are happy to help at firstname.lastname@example.org