Menu
Quite simply, what is the criteria a website must meet for it to need SSL certificate?
Website is not ecommerce but will take user information, contact details and event information.
Even if not technically required does SSL just provide users with added 'trust' in the site?
Cheers
868
A website needs an SSL certificate in order to keep user data secure, verify ownership of the website, prevent attackers from creating a fake version of the site, and gain user trust. Encryption: SSL/TLS encryption is possible because of the public-private key pairing that SSL certificates facilitate.
SSL stands for Secure Sockets Layer and, in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details.
The easiest way to know if a site is SSL encrypted or not is to check its URL. The URL of the site should start with HTTPS. For more details about the site's security credentials, you can click on the padlock icon near the address bar and get more information on the site's SSL certificate details.
Typically, SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites. SSL Certificates bind together: A domain name, server name or hostname.
Use SSL when you are collecting sensitive information from your users, which (IMO) includes contact details. Personally I try and avoid submitting personal details about myself over an unencrypted channel.
In the end it's a judgement call. However, if you're collecting addresses, phone numbers, bank details, or anything that can be physically traced back to the user I'd recommend using SSL.
Obviously this only applies if your transport method is insecure (which the Internet, by definition, is). If you're running your website over an already-secure channel (like an internal network, where you trust your users, then there's not much point).
However, if you do decide to use SSL, make sure you get a valid, signed certificate! SSL without a signed certificate is kind of pointless, since it means your end users cannot trust the authenticity of the certificate. This unfortunately costs money, which is why many small websites don't bother.
SSL is all about trust - the certificates are signed by a "trusted" authority, so users can be sure that they are dealing with the proper certificate holders (as opposed to someone performing a man-in-the-middle attack). Obviously this trust is not ultimate - but it's an added step to providing a safe data channel for user information.
177
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
