Jump to content

SSL (HTTPS)

ajnl

By ajnl
in Internet, Network & Security

 Share

Recommended Posts

ajnl Enthusiast

ajnl

Posted
Posted

Is it worth while to get SSL for a personal site?

 

Is it possible to get SSL for free, or are all the "free" ones scams?

 

What other measures can I take to ensure my website is protected? (I already password protected most of the directories)

DogPatch Newbie

DogPatch

Posted
Posted (edited)

No, its not worth it. All it does is encrypt data to and from the site, and I only recommend using SSL for sites that deal with personal information like bank details and addresses.

 

Like on my Store, the only pages that have SSL are the ones that deal with credit cards and bank information.

 

You can use cloudflare and use their SSL.

 

but SSL is known to slow down sites.

 

What is your site about ?

What  are you running (like Wordpress, Joomla, Drupal...) ?

Edited by DogPatch
Quovadis Newbie

Quovadis

Posted
Posted

SSL is protocol with data encryption. Basicly the sender encrypt it and the receiver decrypts it using the "key" they share which ensures only the receiver can interpret it.

 

IMO it should only be worth if there is data sent by client/server that you want to guarentee at most that the "inbetween actors" aren't able to interpret. (ISP , network admin of a workplace, etc)

ex: credit card , social security numbers , etc

 

I only have basic knowlege of networking (I admin our Virtual Machine running CENTOS6 @ work) since I am a programmer.

From what I understand anyone should be able to setup SSL pretty easily on their server by installing a few packages and configuring a few files (and port fowarding and etcs on router).

That is of course if you have access to your server.

 

Is it home hosted , do you pay for a dedicated machine or do you pay direcly for an hosting package?

 

If it is the 3rd, you have good chances that your provider will be making you pay more $$$ for those services.

 

 

As of the rest it depends on which type of website you have. What kind of server treatment happens on it? Databases?

 

Basic security would be to securing your website against Javascript code injections , mysql injections ,brute force ftp/sftp/ssh login

 

 

If you send me your website URL I can always have a fast look on most important things.

DogPatch Newbie

DogPatch

Posted
Posted

From what I understand anyone should be able to setup SSL pretty easily on their server by installing a few packages and configuring a few files (and port fowarding and etcs on router).

 

SSL Costs money.

they can be cheap - https://www.namecheap.com/security/ssl-certificates/comodo.aspx

Or very expensive - http://www.digicert.com/ssl-certificate-comparison.htm

 

Or use cloudflares free one -  Just noticed that cloudflare only include ssl in their paid plans.

 

 

Is it worth while to get SSL for a personal site?

 

Honestly I don't think it is worth it for a personal site.

Quovadis Newbie

Quovadis

Posted
Posted

SSL Costs money.

they can be cheap - https://www.namecheap.com/security/ssl-certificates/comodo.aspx

Or very expensive - http://www.digicert.com/ssl-certificate-comparison.htm

 

Or use cloudflares free one -  Just noticed that cloudflare only include ssl in their paid plans.

 

 

 

Honestly I don't think it is worth it for a personal site.

 

Wait this isn't SSL , SSL is a protocol , it's free to use to anybody.

 

Your links points to SSL certificates.

 

Theres a big differance between Self Signed SSl and Certified SSL but still, both are still SSL.

DogPatch Newbie

DogPatch

Posted
Posted

Wait this isn't SSL , SSL is a protocol , it's free to use to anybody.

 

Your links points to SSL certificates.

 

Theres a big differance between Self Signed SSl and Certified SSL but still, both are still SSL.

 

I don't like Self Signed SSL and don't recommend it.

Honestly the Certified SSL is so cheap, that if you are going to use SSL you might as well do it properly. Its only $9 a year.

 

Self signed SSL is only recommended for test/development sites. Also visitors to your site will get a warning about the SSL certificate, which you don't want your visitors to see.

Seggy Newbie

Seggy

Posted
Posted

 

It depends. SSL, the protocol, itself does not cost money. You can easily use your own server key and self-sign the certificate. All this really does is tell a browser is that "Yes, this website has verified that the certificate they presented has been signed by them and they are who they say they are." It's useful for testing and also if you don't have a need for verification by a trusted certificate root, such as Verisign.

 

What costs money is the verification by a company, such as Verisign. The certificates you get can be signed by third party entities. Thus, your certificate can be signed by a company like Verisign saying that, "Yes, we verify that the certificate presented to this browser, with the signatures, is in fact a genuine certificate that we have signed." You can, in fact, have certificate chains. So if you have a certificate that has been signed by Verisign, but then you can use that certificate to sign other certificates. If a user indicates that they trust Verisign, the fact that your certificate (that was signed by Verisign) is used to sign another certificate establishes a chain.

 

As to the performance issue. In years past, SSL was a pretty CPU intensive process. Most operators would only encrypt the parts that needed it. With hardware these days, it's not such a huge overhead. This is why Google or Facebook are fine with using SSL for their entire sites. In the past, they too didn't use SSL for everything.

  • Like 2
  • 1 year later...
menatwork Newbie

menatwork

Posted
Posted

I'm not one to bump old topics - but in case you're still interested - Seggy is correct, it's not that expensive on today's hardware.

 

Furthermore, you can get a free certificate from StartSSL (which will show up on most browsers as certified) - though, there are some catches - if you need it re-issued, you'll need to pay.

 

On the other hands, there's also an interesting project coming up: https://letsencrypt.org in September 2015; which will essentially issue "free" certificates to anyone. ( https://letsencrypt.org/howitworks/ )

Bow_In_Honor Newbie

Bow_In_Honor

Posted
Posted (edited)

I'm not one to bump old topics

Then don't. I see you are new to the forums, but you shouldn't be bumping age old topics just because you have some knowledge of the subject. Post whoring isn't going to get you a higher admin status, and quite frankly, it's annoying.

Edited by Bow_In_Honor
menatwork Newbie

menatwork

Posted
Posted

Then don't. I see you are new to the forums, but you shouldn't be bumping age old topics just because you have some knowledge of the subject. Post whoring isn't going to get you a higher admin status, and quite frankly, it's annoying.

 

Hold off on your assumptions for a second. If you've looked at my post history you'll know I'm generally trying to help. I've got level 7, that's plenty for me (the only two reasons I got platinum VIP is to help F|A and to not get kicked for inactivity when spec [it's annoying whilst smoking]) so I'm not "Post whoring" and I'm not trying to get a higher level of admin. I'm merely trying to help people.

 

In this case, I bumped it because I wanted to share the information about letsencrypt - so that people looking at this later (either when browsing the forum or if they got here via Google) can easily find it - and furthermore, the startssl link - on top of that, I also see that Quovadis replied with Cloudflare - and as said earlier in this topic; it's for paid users only - except, now it's for free users too.. so, that might also be useful information for people who are looking at this.

 

I don't know about you but isn't it generally a good idea to update information after it becomes obsolete? ;-)

 

Anyway, I'm sorry if it was against the rules; but please, it's not all about levels and the likes.

Bow_In_Honor Newbie

Bow_In_Honor

Posted
Posted (edited)

Hold off on your assumptions for a second. If you've looked at my post history you'll know I'm generally trying to help. I've got level 7, that's plenty for me (the only two reasons I got platinum VIP is to help F|A and to not get kicked for inactivity when spec [it's annoying whilst smoking]) so I'm not "Post whoring" and I'm not trying to get a higher level of admin. I'm merely trying to help people.

 

In this case, I bumped it because I wanted to share the information about letsencrypt - so that people looking at this later (either when browsing the forum or if they got here via Google) can easily find it - and furthermore, the startssl link - on top of that, I also see that Quovadis replied with Cloudflare - and as said earlier in this topic; it's for paid users only - except, now it's for free users too.. so, that might also be useful information for people who are looking at this.

 

I don't know about you but isn't it generally a good idea to update information after it becomes obsolete? ;-)

 

Anyway, I'm sorry if it was against the rules; but please, it's not all about levels and the likes.

Yeah I've seen your post history, and it's pretty sparadic to me, seeing how you've been here three days(no introduce post), and your excuse about "wanting to update people about letsencrypt and people who google it" is pretty lame excuse. Anyone with access to a browser could look up that information without help of your post. And the reason Quovadis replied is because YOU BUMPED THE POST. That's why you shouldn't bump year old posts. Please explain to me how you are helping when you are bumping posts long gone dead? We aren't a information storage server, we are a forum that keeps everything fresh.

Edited by Bow_In_Honor
menatwork Newbie

menatwork

Posted
Posted (edited)

Well it's not an excuse but an explanation; anyway, I'll refrain from 'bumping' in the future, sorry.

 

(edit: I've made an introduction post, though - the reason why I didn't is because I'm not good at writing about myself in such a context.. but there it is).

Edited by w00tw00t
Heretic121 Newbie

Heretic121

Posted
Posted (edited)

I'm not one to bump old topics - but in case you're still interested - Seggy is correct, it's not that expensive on today's hardware.

 

Furthermore, you can get a free certificate from StartSSL (which will show up on most browsers as certified) - though, there are some catches - if you need it re-issued, you'll need to pay.

 

On the other hands, there's also an interesting project coming up: https://letsencrypt.org in September 2015; which will essentially issue "free" certificates to anyone. ( https://letsencrypt.org/howitworks/ )

 

Thank you for the information, w00t, however please don't bump old topics. Anything over a couple of months is probably a bad idea :)

If you really wanted to share the information then perhaps creating a new topic, and then linking to this one, might have been better?

 

Yeah I've seen your post history, and it's pretty sparadic to me, seeing how you've been here three days(no introduce post), and your excuse about "wanting to update people about letsencrypt and people who google it" is pretty lame excuse. Anyone with access to a browser could look up that information without help of your post. And the reason Quovadis replied is because YOU BUMPED THE POST. That's why you shouldn't bump year old posts. Please explain to me how you are helping when you are bumping posts long gone dead? We aren't a information storage server, we are a forum that keeps everything fresh.

 

[PM sent instead]

 

EDIT: Oh, and // Locked.

Edited by Heretic121
  • Like 2
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept