• Announcements

    • MannDude

      Current state of vpsBoard   02/04/2017

      Dear vpsBoard members and guests:

      Over the last year or two vpsBoard activity and traffic has dwindled. I have had a change of career and interests, and as such am no longer an active member of the web hosting industry.

      Due to time constraints and new interests I no longer wish to continue to maintain vpsBoard. The web site will remain only as an archive to preserve and showcase some of the great material, guides, and industry news that has been generated by members, some of which I remain in contact to this very day and now regard as personal friends.

      I want to thank all of our members who helped make vpsBoard the fastest growing industry forum. In it's prime it was an active and ripe source of activity, news, guides and just general off-topic banter and fun.

      I wish all members and guests the very best, whether it be with your business or your personal projects.

      -MannDude
Wambo

When should you use SSL?

61 posts in this topic

When do you need to use it? What if your site isn't public facing is there any benefit in having an SSL?

Share this post


Link to post
Share on other sites

If you can deal with the cost and complexity of running SSL, by all means, do it for everything.

Share this post


Link to post
Share on other sites

If your website is storing customer data then use SSL, You can also use SSL on forum/blog so user can search on your site without fear of data leak.

 

 

1 person likes this

Share this post


Link to post
Share on other sites

Some people disagree with me but if you can get a dedicated IP or a host with a SNI you should always use SSL, it stops most MITM attacks and allows that extra confidence with the website.

1 person likes this

Share this post


Link to post
Share on other sites

SSL shows website is trusted as webmaster care of taking secure of website also Google likes SSL for SEO so it will give better results than non SSL website.

Share this post


Link to post
Share on other sites
3 hours ago, Licensecart said:

allows that extra confidence with the website.

Explain what you mean here, to me I see this and instantly think marketing mumbo jumbo, the rest of your statement is spot on, to prevent MITM, SSL does not provide any actual security server side than that.

Share this post


Link to post
Share on other sites
2 hours ago, mitgib said:

Explain what you mean here, to me I see this and instantly think marketing mumbo jumbo, the rest of your statement is spot on, to prevent MITM, SSL does not provide any actual security server side than that.

ok now would you buy from a provider who had SSL on their site or would you buy from a provider without SSL?

You would probably go for the provider who has the SSL like most people including me.

1 person likes this

Share this post


Link to post
Share on other sites

I use SPDY SSL or HTTP/2 SSL purely for pagespeed

see comparison tests at http://centminmod.com/http2-versus-spdy-nginx.html#http2version2 and https://h2ohttp2.centminmod.com/webpagetests1.html

Centmin Mod LEMP stack will soon get Letsencrypt free SSL integration http://centminmod.com/letsencrypt-freessl.html so Centmin Mod users can easily auto deploy a Nginx HTTP/2 based SSL site :D

3 people like this

Share this post


Link to post
Share on other sites

It is generally recommended to use an SSL certificate on your site to increase users confidence ( SSL is an encryption technology used to protect sensitive information passed between a web server and a web browser). If your website doesn't have an SSL, browsers will display warning messages, some of the newer browser versions pro-actively encourage visitors to close the page

There are many types of SSL certificates, depending on the validation type or the certificate type. The basic Domain Control Validated SSL certificates (which verify that the person who requests the certificate has “administrative” access to the domain ) are the cheapest ones and the easiest to validate and install on your domain. In the middle you have the Organisation Validates ones -  the certificate authority manually checks some business identity documentation to validate the organisation behind the domain. At the top you have the Extended Validation ones which turn the address bar green - this is of particular significance in e-commerce scenarios where this directly translates to a measurable increase in sales as a direct result of the increased customer confidence.

There are also the single domain certificates - they cover a single domain, the multi-domain ones - which protect up to 210 domains hosted on a server and the wildcard ones - they protect all of the subdomains of your domain.

Long story short, SSL certificates increase users confidence and it's good to have them.

 

 

Share this post


Link to post
Share on other sites

And, if you website is not public, it's good to have it on the important areas of your website, to encrypt the data - as an extra security measure - you can never be to precocious nowadays I guess. 

Share this post


Link to post
Share on other sites
15 minutes ago, Layershift Dora said:

And, if you website is not public, it's good to have it on the important areas of your website, to encrypt the data - as an extra security measure - you can never be to precocious nowadays I guess. 

Yeah, because of all of those hackers on your intranet right? :)

2 people like this

Share this post


Link to post
Share on other sites

Yeah, because of all of those hackers on your intranet right? :)

:) If you have sensitive areas on your website (even if it's not public) it's recommended to encrypt the data between the server and your website -  it ensures that all data passed between them remains private and integral, as the communication is performed over the HTTPS protocol. It's not mandatory,but it is a plus, that's all.

Share this post


Link to post
Share on other sites

Any place that has login/registration or personal info. Sadly, LowEndTalk doesn't give 2cents/shits about TLS.

 

Meh, they're not the only ones doing this...

1 person likes this

Share this post


Link to post
Share on other sites

Always. No exceptions. Let's Encrypt (which should be launching next month) will make this more feasible for free.

1 person likes this

Share this post


Link to post
Share on other sites

SSL is so cheap these days you should implement it no matter what content you are hosting. Not only it encrypts the connection preventing MITM attacks but it increases the confidence even in a private website. Contrary to what others say, SSL is extremely easy to implement and it takes only minutes.

Share this post


Link to post
Share on other sites

Thinking about the op's question, it would be useful even if on the intranet. Underestimating users on your network is the first flaw you can make. I would use it if the intranet site has confidential content and gives you the added confidence that connections between the server and users are encrypted.

Share this post


Link to post
Share on other sites
20 hours ago, zionvps said:

SSL is so cheap these days you should implement it no matter what content you are hosting. Not only it encrypts the connection preventing MITM attacks but it increases the confidence even in a private website. Contrary to what others say, SSL is extremely easy to implement and it takes only minutes.

Well, no, it's not easy (yet) - at least not to do it correctly. And it isn't exactly cheap either. I'm hoping that Let's Encrypt will resolve both of those issues.

Share this post


Link to post
Share on other sites

@joepie91

If you look in the right place you can get one for less than $5 a year.

If you are running a web server manually, i assume you have a grasp of the configuration. Adding SSL support only requires 2-3 lines of code. If you want a better cipher strength you don't have to do a lot of research, just add the recommendations by ssllabs or mozilla. If you are using a panel like cpanel its point and click.

In the website section you just have to make sure all the internal and external resources are loaded over https 

Share this post


Link to post
Share on other sites

Considering Letsencrypt is free - there is really no excuse to not use an SSL.

Some people are hesitant with using an SSL but, the disadvantages of using SSL are few and the advantages far outweigh them.

1 person likes this

Share this post


Link to post
Share on other sites