Simply Fast WordPress [14] – Using KUSANAGI – Adding Always-On SSL and HTTP/2 (Part 2. SSL Server Certificates for Business)

This is a series of articles explaining how to speed up WordPress, the use of which is growing rapidly for CMS-based business sites and media sites. This time, we will explain how to install Always-On SSL with SSL server certificates for business, and HTTP/2.

Last time, we explained how to install Always-On SSL and HTTP/2 using free SSL certificates from Let’s Encrypt.

This time, we will explain the significance of using SSL server certificates for business-use from services like Digicert, Globalsign, Network solutions, and Symantec. We will also explain how to install them along with HTTP/2. In this article, we assume that you have provisioned WordPress with KUSANAGI, so it is recommended that you read “Using KUSANAGI – Adding Always-On SSL and HTTP2 (Part 1. Let’s Encrypt)” first.

What do SSL server certificates do?

SSL server certificates do two things: first, they secure users’ interaction with the website through SSL/TLS encryption. Many people recommend Always-On SSL to protect information from being stolen. Implementing SSL has been a central topic in the workplace for a long time.

If encryption is the only concern, using Self-Signed certificates would be sufficient. All they do is state to the user “I am the owner of this website”, but it is not completely certain who the real owner is. Encrypting your communication with a fake website is meaningless. One more reason to use SSL server certificates is that they ensure the trustworthiness of the website by getting third-party validation.

Acquiring SSL server certificate validation

There are various ways of getting validation according to each certificate authority, but the two main ones are Domain Validation and Organization Validation.

1. Domain Validation (DV) SSL Certificates

With Domain Validation, the certificate issuer requests that the website owner perform tasks that only the real owner of the domain can do, thereby validating his or her identity.
For example, Let’s Encrypt requires placing a special file in the document root on the server, and only gives validation after the Let’s Encrypt client successfully opens it. This takes advantage of the fact that only the owner of the domain can access the DNS settings or put files in the document root.

2. Organization Validation (OV) SSL Certificates

With Domain Validation, the owner of the domain can be verified. However, the actual identity of the organization purchasing the certificate is not clear. Organization Validation verifies the existence and authenticity of the organization.
For example, the certificate authority might look up the WHOIS information for the domain name by querying a third-party database, call the listed phone number and verify the intent to purchase a certificate.
Extended Validation (EV) SSL Certificates provide the maximum amount of trust to the end-user. Extra documentation must be provided as per the international EV SSL guidelines, making these certificates preferred by sites that need a high level of trustworthiness, such as e-commerce and internet banking cites.

The importance of choosing a business SSL certificate

The strength of the proof that the SSL certificate provides varies according to the strictness of the verification method. Deciding whether or not to use a business SSL certificate means deciding how strong the verification is, or in other words how trustworthy your website will be. Other merits are that there are fewer restrictions than with free SSL certificates, and that you can choose to extend the duration of the certificate from a few months to a few years.

The SSL server certificate for Internet Banking “Citibank”

The SSL server certificate for Internet Banking “Citibank”