You need to first purchase a secure certificate and then configure your site.

there is no other way.. to convert my website to https?

Well every website has the capacity to run in HTTPS mode, but if you don't have an SSL certificate installed on the server then it will pop a warning box to all visitors saying something like the SSL has expired.

You can view your site in secure mode though, just go to [example.com...] instead of http://www.example.com. You'll just get that very annoying message (which will scare away 99% of your customers if you are accepting credit card orders on your site).

[edited by: tedster at 5:36 pm (utc) on Jan. 19, 2005]
[edit reason] use example.com [/edit]

You purchase a security certificate and it is installed by a system administrator at the root level of the machine that is hosting your website.

When a page is requested, the secure certificate provides validation by the certifying service that you are who you say you are, and who is providing that verification (i.e., the company that you bought the cert from.)

Now. Here's the really IMPORTANT part. Depending on the quality and level of the cert, all data that is requested from or submitted to your domain is encrypted in transfer, usually in 64 bit or 128 bit (banking and military level) encryption. This means if a hacker intercepts or eavesdrops on this data transmission, they cannot decrypt it without obtaining the the security key that is part of your cert.

So no, there is no other way. :-D

Thank You guys, for the help and knwoledge

Verisign are one of the vendors who give the certificate, are there any other vendors too... let me kniow

Thawte is number two and they have a stong recognition and confidence rating - but a Google search will turn up many others.

You'll just get that very annoying message (which will scare away 99% of your customers if you are accepting credit card orders on your site).

Are we talking here about the shared certificated that hosting providers like ours sometimes provide? It does produce a scary warning but our Ameritrade account produces the same scary warning. It gives a valid https connection but must loose a lot of traffic for sites without the name recognition of an Ameritrade.

Your own certificate cost over $200 last time I checked. I'm wondering what most small sites do here.

I use goDaddy certificates if it's a site related to Internet Marketing or SEO or something like that. Main reason - almost everybody in those markets are familiar with goDaddy.

As for normal ecommerce sites, I would could with Verisign usually. They're the most trusted and known (they just cost alot more).

Geotrust certs range from $169 to $249.