SSL Certificate Guide: Understanding and Managing Secure Connections for Your Website

SSL Certificate Guide: Understanding and Managing Secure Connections for Your Website

By Michael Thompson

December 17, 2024 at 03:10 AM

SSL certificates are automatically included with all properly assigned domains on Squarespace, providing enhanced security by preventing hackers from stealing information and securing connections. This protection applies to Squarespace domains, connected third-party domains, subdomains, and integrated domains.

To be eligible for SSL certification:

  • Third-party domains must be correctly connected
  • Squarespace domains must be assigned to a Squarespace site
  • Domain names must be under 64 characters

SSL Settings:

  1. Secure (Preferred)
  • Default setting for most sites
  • Redirects visitors to HTTPS
  • Includes HTTPS links in sitemaps
  • Improves SEO through HTTPS indexing
  • Requires SSL-compatible browsers
  1. Secure HSTS
  • Recommended additional security layer
  • Ensures encrypted connections
  • Prevents site spoofing
  • Eliminates "Your connection is not private" errors
  1. Insecure
  • Available for domains registered before October 2016
  • Allows both HTTP and HTTPS access
  • Includes HTTP links in sitemaps
  • Search engines index HTTP version

Web browser with security padlock

Web browser with security padlock

Technical Specifications:

  • Uses Let's Encrypt for DV SSL certificates
  • 2048-bit SSL encryption (except checkout pages)
  • TLS 1.2 for all HTTPS connections
  • Certificates auto-update every 90 days
  • No support for HTTP Public Key Pinning

Benefits:

  • Builds visitor trust
  • Prevents data theft
  • Potentially improves site speed
  • Enhances SEO performance
  • Secures form submissions and checkout processes

Important Notes:

  • SSL cannot be disabled but can be set to Insecure
  • Subdomains receive separate certificates
  • Login credentials are always encrypted regardless of settings
  • Third-party SSL certificates are not supported
  • Custom code may cause mixed content warnings

For certificate verification, look for:

  • URLs beginning with "https://"
  • Closed padlock icon next to URL
  • Valid certificate details in browser settings

Related Articles

Previous Articles