When should you use SSL?

[NodeBlade]

There's a few CDN's that allow you to have your own custom SSL for no cost. KeyCDN and CDN77 are two that I know of.

Most provide a shared SSL too. 

 

[Bert]

The primary reason why SSL is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can understand it. This is important because the information you send on the Internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to. This protects it from hackers and identity thieves.

 

[layeronline]

If for intranet site, you may not need SSL, but for public facing sites, SSL is almost a must, especially if your site has login or customer data.

 

[DomainBop]

If for intranet site, you may not need SSL, but for public facing sites, SSL is almost a must, especially if your site has login or customer data.

If it's a company Intranet then you definitely need to offer your company's employees secure, encrypted, and authenticated services and internal sites...which means you use SSLs. Security on an Intranet is of extreme importance when you consider that on the typical Intranet critical company data (including financial data and personal data) is being transfered and shared amongst employees using applications like collaboration tools, project management sales/accounting/CRM tools, etc 


If it's an Intranet one option to save costs would be to issue self-signed certificates and then manually provision trust of those certs in your devices. Setting up a private certificate authority to issue SSLs for your company's Intranet-connected devices is probably the best option.  


Paid options would be using the same FQDN with all of your devices, if possible, and buy a wildcard cert. As of Nov 1, 2015 publicly trusted SSL certificates no longer support reserved IP addresses or internal server names (see https://cabforum.org/internal-names/ )so you must use a FQDN with all devices if you want to buy publicly trusted SSL's for your Intranet (a few vendors like GlobalSign are now offering special Intranet SSLs that are issued using non-public certificate authorities so they will work with reserved IPs and internal names).

 

[michyprima]

I prefer using SSL whenever I could, because of HTTP2, but I avoid using SSL for wide-audiences websites if it's not strictly needed (i.e. storing user data, processing payments etc) because there are still lots of clients out there not using SNI (Die XP, die!) and it would require you having a different IP address for each website and that's simply a waste of resources most of the times.


My blog, as an example, is a personal site, runs on SSL+HSTS, and I couldn't care less if it weren't available to someone, as it's just a blog. My company's main website, on the other end, is running on the same VPS, has SSL, but I configured nginx to serve its cert first if the client is not using SNI.


Another option is to use a single SSL cert for all websites, using wildcard certificates and/or multiple domains certificates but that may turn up expensive.

 

[VpsAG]

I recommend using it for everything. I am looking forward to a future where everything will use SSL.

 

[Jive]

I recommend using it for everything. I am looking forward to a future where everything will use SSL.

I stand by this as well. With the likes of Let's Encrypt and probably others providing SSL certificates for free we don't really have much reason not to use SSL.


Unless of course you're working for Big Corporate using 25 year old COBOL scripts to keep a company alive and with Java 6's incompatibility with SNI wreaking havoc when you're trying to connect to 3rd party APIs #sometimesthigsjustsuck


https://letsencrypt.org

 

[3v-manager]

SSL certificate is necessary for anyone who wants to protect your online business.
Any information send your customers through the website, whether it is a name, address, phone number and even more information on credit cards or bank accounts, should proceed in an encrypted form.
Availability of SSL-certificate on the site indicates that your site is safe.

 

[RombelIrk]

Besides, search engines prefer web-sites with SSL over the others.

 

[SafehouseCloud]

Today with free SSL certificates available I wouldn't even host a blog without SSL.

 

[qchost]

Today with free SSL certificates available I wouldn't even host a blog without SSL.

Same - there is no reason not to use SSL..

 

[WiredBlade]

If you are storing customer data or any sort of personal information, you will have to use SSL since the risk of information leak is just too high. And it is good for SEO purposes as well. A single domain validation SSL certificate costs only $20/year so it is a small price to pay.

 

[SLL - Conor]

I would say its recommended that you use it where you can and certainly essential to use SSL where there is a transmission of sensitive/personal data (EG: login details).

 

[Walnuthost]

When do you need to use it? What if your site isn't public facing is there any benefit in having an SSL?

More than protecting sensitive information, using SSL can also help you gain the trust of your customer. Customers will most likely trust your website when they see a lock icon or a green bar or other visual cues that their connection is secured.

 

[Nogics Technologies]

I recommend every site to go for SSL/TLS encryption as it make your members logins and data secured/encrypted. Now a days you will see plenty of sites who do not process payments online but still using SSL/TLS Certs. Yes with SSL the connection speed becomes slow but it's worth to be secured instead of offering higher page load time

 

[jeff2600]

Always. It's easy to implement, it's dirt-cheap (or even free) and it offers a (slight) boost in Google rankings. So why NOT to use SSL?

 

[buildmyblock]

ssl should be used all the time even if a website isn't public facing there is always the possibility that someone could root your pc and monitor your connections / packets to sniff out certain things always be 

 

[copperhost]

when you want site to be more secure and highly recommended when you are selling a product or products

 

[AdvanceSolution]

SSL seal is kind of trustworthy website in web world  also you  will get advantage in Seo. 

 

[AlphaNine_Vini]

I bring trust for user user. If you have credit card payment facility within your website . Then it become necessary to have a SSL . It cost a year. Its worthy to purchase one.