• Announcements

    • MannDude

      Current state of vpsBoard   02/04/2017

      Dear vpsBoard members and guests:

      Over the last year or two vpsBoard activity and traffic has dwindled. I have had a change of career and interests, and as such am no longer an active member of the web hosting industry.

      Due to time constraints and new interests I no longer wish to continue to maintain vpsBoard. The web site will remain only as an archive to preserve and showcase some of the great material, guides, and industry news that has been generated by members, some of which I remain in contact to this very day and now regard as personal friends.

      I want to thank all of our members who helped make vpsBoard the fastest growing industry forum. In it's prime it was an active and ripe source of activity, news, guides and just general off-topic banter and fun.

      I wish all members and guests the very best, whether it be with your business or your personal projects.

      -MannDude
Wambo

When should you use SSL?

61 posts in this topic

12 hours ago, Localnode said:

There's a few CDN's that allow you to have your own custom SSL for no cost. KeyCDN and CDN77 are two that I know of.

Most provide a shared SSL too. 

Share this post


Link to post
Share on other sites

The primary reason why SSL is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can understand it. This is important because the information you send on the Internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to. This protects it from hackers and identity thieves.

Share this post


Link to post
Share on other sites

If for intranet site, you may not need SSL, but for public facing sites, SSL is almost a must, especially if your site has login or customer data.

Share this post


Link to post
Share on other sites
2 hours ago, layeronline said:

If for intranet site, you may not need SSL, but for public facing sites, SSL is almost a must, especially if your site has login or customer data.

If it's a company Intranet then you definitely need to offer your company's employees secure, encrypted, and authenticated services and internal sites...which means you use SSLs. Security on an Intranet is of extreme importance when you consider that on the typical Intranet critical company data (including financial data and personal data) is being transfered and shared amongst employees using applications like collaboration tools, project management sales/accounting/CRM tools, etc 

If it's an Intranet one option to save costs would be to issue self-signed certificates and then manually provision trust of those certs in your devices. Setting up a private certificate authority to issue SSLs for your company's Intranet-connected devices is probably the best option.  

Paid options would be using the same FQDN with all of your devices, if possible, and buy a wildcard cert. As of Nov 1, 2015 publicly trusted SSL certificates no longer support reserved IP addresses or internal server names (see https://cabforum.org/internal-names/ )so you must use a FQDN with all devices if you want to buy publicly trusted SSL's for your Intranet (a few vendors like GlobalSign are now offering special Intranet SSLs that are issued using non-public certificate authorities so they will work with reserved IPs and internal names).

Share this post


Link to post
Share on other sites

I prefer using SSL whenever I could, because of HTTP2, but I avoid using SSL for wide-audiences websites if it's not strictly needed (i.e. storing user data, processing payments etc) because there are still lots of clients out there not using SNI (Die XP, die!) and it would require you having a different IP address for each website and that's simply a waste of resources most of the times.

My blog, as an example, is a personal site, runs on SSL+HSTS, and I couldn't care less if it weren't available to someone, as it's just a blog. My company's main website, on the other end, is running on the same VPS, has SSL, but I configured nginx to serve its cert first if the client is not using SNI.

Another option is to use a single SSL cert for all websites, using wildcard certificates and/or multiple domains certificates but that may turn up expensive.

Share this post


Link to post
Share on other sites

I recommend using it for everything. I am looking forward to a future where everything will use SSL.

1 person likes this

Share this post


Link to post
Share on other sites
12 minutes ago, VpsAG said:

I recommend using it for everything. I am looking forward to a future where everything will use SSL.

I stand by this as well. With the likes of Let's Encrypt and probably others providing SSL certificates for free we don't really have much reason not to use SSL.

Unless of course you're working for Big Corporate using 25 year old COBOL scripts to keep a company alive and with Java 6's incompatibility with SNI wreaking havoc when you're trying to connect to 3rd party APIs #sometimesthigsjustsuck

https://letsencrypt.org

1 person likes this

Share this post


Link to post
Share on other sites

SSL certificate is necessary for anyone who wants to protect your online business.
Any information send your customers through the website, whether it is a name, address, phone number and even more information on credit cards or bank accounts, should proceed in an encrypted form.
Availability of SSL-certificate on the site indicates that your site is safe.

Share this post


Link to post
Share on other sites

Besides, search engines prefer web-sites with SSL over the others.

1 person likes this

Share this post


Link to post
Share on other sites

Today with free SSL certificates available I wouldn't even host a blog without SSL.

1 person likes this

Share this post


Link to post
Share on other sites
6 hours ago, SafehouseCloud said:

Today with free SSL certificates available I wouldn't even host a blog without SSL.

Same - there is no reason not to use SSL..

Share this post


Link to post
Share on other sites

If you are storing customer data or any sort of personal information, you will have to use SSL since the risk of information leak is just too high. And it is good for SEO purposes as well. A single domain validation SSL certificate costs only $20/year so it is a small price to pay.

Share this post


Link to post
Share on other sites

I would say its recommended that you use it where you can and certainly essential to use SSL where there is a transmission of sensitive/personal data (EG: login details).

Share this post


Link to post
Share on other sites
On 11/28/2015 at 8:39 PM, Wambo said:

When do you need to use it? What if your site isn't public facing is there any benefit in having an SSL?

More than protecting sensitive information, using SSL can also help you gain the trust of your customer. Customers will most likely trust your website when they see a lock icon or a green bar or other visual cues that their connection is secured.

Share this post


Link to post
Share on other sites

I recommend every site to go for SSL/TLS encryption as it make your members logins and data secured/encrypted. Now a days you will see plenty of sites who do not process payments online but still using SSL/TLS Certs. Yes with SSL the connection speed becomes slow but it's worth to be secured instead of offering higher page load time

Share this post


Link to post
Share on other sites

Always. It's easy to implement, it's dirt-cheap (or even free) and it offers a (slight) boost in Google rankings. So why NOT to use SSL?

Share this post


Link to post
Share on other sites

ssl should be used all the time even if a website isn't public facing there is always the possibility that someone could root your pc and monitor your connections / packets to sniff out certain things always be 

Share this post


Link to post
Share on other sites

when you want site to be more secure and highly recommended when you are selling a product or products

 

Share this post


Link to post
Share on other sites

SSL seal is kind of trustworthy website in web world  also you  will get advantage in Seo. 

Share this post


Link to post
Share on other sites

I bring trust for user user. If you have credit card payment facility within your website . Then it become necessary to have a SSL . It cost a year. Its worthy to purchase one. 

Share this post


Link to post
Share on other sites