When should you use SSL?

Discussion in 'Hosting Talk & Reviews' started by Wambo, Nov 29, 2015.

  1. Wambo

    Wambo New Member

    33
    2
    Jan 8, 2015
    When do you need to use it? What if your site isn't public facing is there any benefit in having an SSL?
     
  2. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,709
    May 13, 2013
    If you can deal with the cost and complexity of running SSL, by all means, do it for everything.
     
  3. kunnu

    kunnu Active Member Verified Provider

    166
    25
    Apr 29, 2013
    If your website is storing customer data then use SSL, You can also use SSL on forum/blog so user can search on your site without fear of data leak.
     
    Licensecart likes this.
  4. Licensecart

    Licensecart Active Member

    368
    119
    May 22, 2013
    Some people disagree with me but if you can get a dedicated IP or a host with a SNI you should always use SSL, it stops most MITM attacks and allows that extra confidence with the website.
     
    kunnu likes this.
  5. GalaxyHostPlus

    GalaxyHostPlus New Member Verified Provider

    16
    2
    Aug 27, 2015
    SSL shows website is trusted as webmaster care of taking secure of website also Google likes SSL for SEO so it will give better results than non SSL website.
     
  6. mitgib

    mitgib New Member Verified Provider

    284
    219
    May 15, 2013
    Explain what you mean here, to me I see this and instantly think marketing mumbo jumbo, the rest of your statement is spot on, to prevent MITM, SSL does not provide any actual security server side than that.
     
  7. Licensecart

    Licensecart Active Member

    368
    119
    May 22, 2013
    ok now would you buy from a provider who had SSL on their site or would you buy from a provider without SSL?


    You would probably go for the provider who has the SSL like most people including me.
     
    kunnu likes this.
  8. eva2000

    eva2000 Active Member

    327
    90
    May 22, 2013
    Last edited by a moderator: Nov 30, 2015
    iWF-Jacob, MikeA and Licensecart like this.
  9. Layershift Dora

    Layershift Dora New Member Verified Provider

    7
    0
    Sep 23, 2015
    It is generally recommended to use an SSL certificate on your site to increase users confidence ( SSL is an encryption technology used to protect sensitive information passed between a web server and a web browser). If your website doesn't have an SSL, browsers will display warning messages, some of the newer browser versions pro-actively encourage visitors to close the page


    There are many types of SSL certificates, depending on the validation type or the certificate type. The basic Domain Control Validated SSL certificates (which verify that the person who requests the certificate has “administrative” access to the domain ) are the cheapest ones and the easiest to validate and install on your domain. In the middle you have the Organisation Validates ones -  the certificate authority manually checks some business identity documentation to validate the organisation behind the domain. At the top you have the Extended Validation ones which turn the address bar green - this is of particular significance in e-commerce scenarios where this directly translates to a measurable increase in sales as a direct result of the increased customer confidence.


    There are also the single domain certificates - they cover a single domain, the multi-domain ones - which protect up to 210 domains hosted on a server and the wildcard ones - they protect all of the subdomains of your domain.


    Long story short, SSL certificates increase users confidence and it's good to have them.
     
  10. Layershift Dora

    Layershift Dora New Member Verified Provider

    7
    0
    Sep 23, 2015
    And, if you website is not public, it's good to have it on the important areas of your website, to encrypt the data - as an extra security measure - you can never be to precocious nowadays I guess. 
     
    Last edited by a moderator: Nov 30, 2015
  11. KuJoe

    KuJoe New Member Verified Provider

    1,759
    1,318
    May 17, 2013
    Yeah, because of all of those hackers on your intranet right? :)
     
    kunnu and Licensecart like this.
  12. Layershift Dora

    Layershift Dora New Member Verified Provider

    7
    0
    Sep 23, 2015
    Yeah, because of all of those hackers on your intranet right? :)


    :) If you have sensitive areas on your website (even if it's not public) it's recommended to encrypt the data between the server and your website -  it ensures that all data passed between them remains private and integral, as the communication is performed over the HTTPS protocol. It's not mandatory,but it is a plus, that's all.
     
  13. GIANT_CRAB

    GIANT_CRAB New Member

    525
    270
    May 21, 2013
    Any place that has login/registration or personal info. Sadly, LowEndTalk doesn't give 2cents/shits about TLS.


    Meh, they're not the only ones doing this...
     
    kunnu likes this.
  14. joepie91

    joepie91 New Member

    459
    328
    Jun 19, 2013
    Always. No exceptions. Let's Encrypt (which should be launching next month) will make this more feasible for free.
     
    Licensecart likes this.
  15. zionvps

    zionvps Member Verified Provider

    82
    7
    Apr 27, 2014
    SSL is so cheap these days you should implement it no matter what content you are hosting. Not only it encrypts the connection preventing MITM attacks but it increases the confidence even in a private website. Contrary to what others say, SSL is extremely easy to implement and it takes only minutes.
     
  16. risharde

    risharde Member

    48
    10
    Nov 20, 2015
    Thinking about the op's question, it would be useful even if on the intranet. Underestimating users on your network is the first flaw you can make. I would use it if the intranet site has confidential content and gives you the added confidence that connections between the server and users are encrypted.
     
  17. joepie91

    joepie91 New Member

    459
    328
    Jun 19, 2013
    Well, no, it's not easy (yet) - at least not to do it correctly. And it isn't exactly cheap either. I'm hoping that Let's Encrypt will resolve both of those issues.
     
  18. zionvps

    zionvps Member Verified Provider

    82
    7
    Apr 27, 2014
    @joepie91


    If you look in the right place you can get one for less than $5 a year.


    If you are running a web server manually, i assume you have a grasp of the configuration. Adding SSL support only requires 2-3 lines of code. If you want a better cipher strength you don't have to do a lot of research, just add the recommendations by ssllabs or mozilla. If you are using a panel like cpanel its point and click.


    In the website section you just have to make sure all the internal and external resources are loaded over https 
     
    Last edited by a moderator: Apr 30, 2017
  19. eva2000

    eva2000 Active Member

    327
    90
    May 22, 2013
    Licensecart likes this.
  20. Localnode

    Localnode New Member Verified Provider

    25
    2
    Nov 13, 2015
    Considering Letsencrypt is free - there is really no excuse to not use an SSL.


    Some people are hesitant with using an SSL but, the disadvantages of using SSL are few and the advantages far outweigh them.
     
    Licensecart likes this.