When should you use SSL?
- Thread starter Wambo
- Start date
Licensecart
Active Member
Some people disagree with me but if you can get a dedicated IP or a host with a SNI you should always use SSL, it stops most MITM attacks and allows that extra confidence with the website.
SSL shows website is trusted as webmaster care of taking secure of website also Google likes SSL for SEO so it will give better results than non SSL website.
Explain what you mean here, to me I see this and instantly think marketing mumbo jumbo, the rest of your statement is spot on, to prevent MITM, SSL does not provide any actual security server side than that.
Licensecart
Active Member
ok now would you buy from a provider who had SSL on their site or would you buy from a provider without SSL?
You would probably go for the provider who has the SSL like most people including me.
eva2000
Active Member
I use SPDY SSL or HTTP/2 SSL purely for pagespeed
see comparison tests at http://centminmod.com/http2-versus-spdy-nginx.html#http2version2 and https://h2ohttp2.centminmod.com/webpagetests1.html
Centmin Mod LEMP stack will soon get Letsencrypt free SSL integration http://centminmod.com/letsencrypt-freessl.html so Centmin Mod users can easily auto deploy a Nginx HTTP/2 based SSL site
see comparison tests at http://centminmod.com/http2-versus-spdy-nginx.html#http2version2 and https://h2ohttp2.centminmod.com/webpagetests1.html
Centmin Mod LEMP stack will soon get Letsencrypt free SSL integration http://centminmod.com/letsencrypt-freessl.html so Centmin Mod users can easily auto deploy a Nginx HTTP/2 based SSL site
Last edited by a moderator:
It is generally recommended to use an SSL certificate on your site to increase users confidence ( SSL is an encryption technology used to protect sensitive information passed between a web server and a web browser). If your website doesn't have an SSL, browsers will display warning messages, some of the newer browser versions pro-actively encourage visitors to close the page
There are many types of SSL certificates, depending on the validation type or the certificate type. The basic Domain Control Validated SSL certificates (which verify that the person who requests the certificate has “administrative” access to the domain ) are the cheapest ones and the easiest to validate and install on your domain. In the middle you have the Organisation Validates ones - the certificate authority manually checks some business identity documentation to validate the organisation behind the domain. At the top you have the Extended Validation ones which turn the address bar green - this is of particular significance in e-commerce scenarios where this directly translates to a measurable increase in sales as a direct result of the increased customer confidence.
There are also the single domain certificates - they cover a single domain, the multi-domain ones - which protect up to 210 domains hosted on a server and the wildcard ones - they protect all of the subdomains of your domain.
Long story short, SSL certificates increase users confidence and it's good to have them.
There are many types of SSL certificates, depending on the validation type or the certificate type. The basic Domain Control Validated SSL certificates (which verify that the person who requests the certificate has “administrative” access to the domain ) are the cheapest ones and the easiest to validate and install on your domain. In the middle you have the Organisation Validates ones - the certificate authority manually checks some business identity documentation to validate the organisation behind the domain. At the top you have the Extended Validation ones which turn the address bar green - this is of particular significance in e-commerce scenarios where this directly translates to a measurable increase in sales as a direct result of the increased customer confidence.
There are also the single domain certificates - they cover a single domain, the multi-domain ones - which protect up to 210 domains hosted on a server and the wildcard ones - they protect all of the subdomains of your domain.
Long story short, SSL certificates increase users confidence and it's good to have them.
And, if you website is not public, it's good to have it on the important areas of your website, to encrypt the data - as an extra security measure - you can never be to precocious nowadays I guess.
Last edited by a moderator:
> Yeah, because of all of those hackers on your intranet right?
If you have sensitive areas on your website (even if it's not public) it's recommended to encrypt the data between the server and your website - it ensures that all data passed between them remains private and integral, as the communication is performed over the HTTPS protocol. It's not mandatory,but it is a plus, that's all.
If you have sensitive areas on your website (even if it's not public) it's recommended to encrypt the data between the server and your website - it ensures that all data passed between them remains private and integral, as the communication is performed over the HTTPS protocol. It's not mandatory,but it is a plus, that's all.
GIANT_CRAB
New Member
Any place that has login/registration or personal info. Sadly, LowEndTalk doesn't give 2cents/shits about TLS.
Meh, they're not the only ones doing this...
Meh, they're not the only ones doing this...
SSL is so cheap these days you should implement it no matter what content you are hosting. Not only it encrypts the connection preventing MITM attacks but it increases the confidence even in a private website. Contrary to what others say, SSL is extremely easy to implement and it takes only minutes.
risharde
Member
Thinking about the op's question, it would be useful even if on the intranet. Underestimating users on your network is the first flaw you can make. I would use it if the intranet site has confidential content and gives you the added confidence that connections between the server and users are encrypted.
Well, no, it's not easy (yet) - at least not to do it correctly. And it isn't exactly cheap either. I'm hoping that Let's Encrypt will resolve both of those issues.
@joepie91
If you look in the right place you can get one for less than $5 a year.
If you are running a web server manually, i assume you have a grasp of the configuration. Adding SSL support only requires 2-3 lines of code. If you want a better cipher strength you don't have to do a lot of research, just add the recommendations by ssllabs or mozilla. If you are using a panel like cpanel its point and click.
In the website section you just have to make sure all the internal and external resources are loaded over https
If you look in the right place you can get one for less than $5 a year.
If you are running a web server manually, i assume you have a grasp of the configuration. Adding SSL support only requires 2-3 lines of code. If you want a better cipher strength you don't have to do a lot of research, just add the recommendations by ssllabs or mozilla. If you are using a panel like cpanel its point and click.
In the website section you just have to make sure all the internal and external resources are loaded over https
Last edited by a moderator:
eva2000
Active Member
Letsencrypt public beta is open now https://letsencrypt.org/2015/11/12/public-beta-timing.html get your SSL certificates !
