SSL Certificate

[el_hombre123]

Hey FL,

Just out of curiosity, I am just about done with a web app.. This is my first app for production..

Quickly, should I even bother with an ssl certificate (unproven product still, gonna launch soon)?

Thanks..

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[Tiger TT]

Check this out:

https://googlewebmastercentral.blogspot.com.tr/2014/08/https-as-ranking-signal.html

Also recently Google has included "https" in its guidelines:

https://support.google.com/webmasters/answer/35769?hl=en

 

[el_hombre123]

Check this out:

https://googlewebmastercentral.blogspot.com.tr/2014/08/https-as-ranking-signal.html

Also recently Google has included "https" in its guidelines:

https://support.google.com/webmasters/answer/35769?hl=en

cool this helps, I was not aware of this... Do you know of any website where I could get a trustworthy "cheap" cert? I know trustworthy and cheap don't go well together, but you know how it is in the startup unproven phase. Lol..

 

[rblitz]

I wouldn't just consider it for the sake of page ranking.
If you offer some sort of signup/login process, I definitely would make sure that the connection is established over https.

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[Brett877]

I would recommend doing it, because if you decide not to and it booms big people may be reluctant to try it and by the time you implement it you may have lost their trust.


From a more technical side:

Use it for testing purposes, would have to see your app take off and then you go to make it more secure and something breaks because it does work with the encryption (have seen this happen before)


My 2 cents.

 

[el_hombre123]

I wouldn't just consider it for the sake of page ranking.
If you offer some sort of signup/login process, I definitely would make sure that the connection is established over https.

definitely gonna allow people to log on and have users... thanks ..

 

[el_hombre123]

I would recommend doing it, because if you decide not to and it booms big people may be reluctant to try it and by the time you implement it you may have lost their trust.


From a more technical side:

Use it for testing purposes, would have to see your app take off and then you go to make it more secure and something breaks because it does work with the encryption (have seen this happen before)


My 2 cents.

I was sort of thinking that as well... Better safe than sorry.

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[MarkNNelson]

Depending on the subject of your site (i.e. Assuming it's not financial in nature), you could probably get by with a low-end one from namecheap or sslcertificate.com. The majority of your users aren't likely to check to see who your issuer is.

 

[Tiger TT]

cool this helps, I was not aware of this... Do you know of any website where I could get a trustworthy "cheap" cert? I know trustworthy and cheap don't go well together, but you know how it is in the startup unproven phase. Lol..

Here is a cheap one:

https://www.namecheap.com/security/ssl-certificates/comodo/essentialssl.aspx

As far as I know, this one works with mobile browsers. Just make sure
to ask about this before you buy it.

There are cheaper ones, but they don't have mobile support. Don't use them.

 

[el_hombre123]

cool. Definitely gonna go with the low end for the startup.. Not in the financial industry.. Thanks guys, I really appreciate your help..

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[Newpollz]

Always, always, always use SSL. Encryption is the ONLY PROTECTION you have (or provide) on the internet.

 

[Tiger TT]

Always, always, always use SSL. Encryption is the ONLY PROTECTION you have (or provide) on the internet.

This is not true. SSL is just one of the
security layers you can provide.

SSL secures data only while it's being transferred
between your device and the server.

It also protects you from "man in the middle" attacks:

https://en.wikipedia.org/wiki/Man-in-the-middle_attack

But if your computer is infected with a virus or a trojan
then you're not protected.

If the server is hacked, then you're NOT PROTECTED.

So a site owner should also make use of these 3 services:

1. Malware monitoring
2. File integrity monitoring
3. Website Firewall

So this way you can have some layers of security
on the server side.

And there are also security best practices.

 

[Newpollz]

This is not true. SSL is just one of the
security layers you can provide.

SSL secures data only while it's being transferred
between your device and the server.

It also protects you from "man in the middle" attacks:

https://en.wikipedia.org/wiki/Man-in-the-middle_attack

But if your computer is infected with a virus or a trojan
then you're not protected.

If the server is hacked, then you're NOT PROTECTED.

So a site owner should also make use of these 3 services:

1. Malware monitoring
2. File integrity monitoring
3. Website Firewall

So this way you can have some layers of security
on the server side.

And there are also security best practices.

I said it was the only protection we have on the internet. I was referring to your personal data, not ids, firewalls, anti-viruses who most of all operate at the os level (snort, iptables etc).

Remember the heartbleed incident?

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[Newpollz]

Try looking at wireshark packets without SSL encryption, you can see everything in clear text. And don't think it's only mim attacks, exploits can be launched remotely. With all the zero-days out there, trust me encryption until the arrival of quantum computers will still be the best and only form of security.

 

[Newpollz]

Think about it, even the NSA and GCHQ need to ask permission for encryption keys (like with the recent incident with Apple)

They got your windows 10 backdoored to the bone. They got ALL of your information but they can't decrypt that 256 bit key!

 

[Tiger TT]

I said it was the only protection we have on the internet. I was referring to your personal data, not ids, firewalls, anti-viruses who most of all operate at the os level (snort, iptables etc).

When you say "internet" it's a very broad concept, so
that's why I wanted to reply.

I just want to make sure that no one feels a false
sense of security just because a site provides
"https" connection.

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[Newpollz]

When you say "internet" it's a very broad concept, so
that's why I wanted to reply.

I just want to make sure that no one feels a false
sense of security just because a site provides
"https" connection.

Yeah, you're right. It doesn't.

 

[el_hombre123]

This is not true. SSL is just one of the
security layers you can provide.

SSL secures data only while it's being transferred
between your device and the server.

It also protects you from "man in the middle" attacks:

https://en.wikipedia.org/wiki/Man-in-the-middle_attack

But if your computer is infected with a virus or a trojan
then you're not protected.

If the server is hacked, then you're NOT PROTECTED.

So a site owner should also make use of these 3 services:

1. Malware monitoring
2. File integrity monitoring
3. Website Firewall

So this way you can have some layers of security
on the server side.

And there are also security best practices.

This is as good as gold.. Thanks once again.

 

[Delmania]

Check out Let's Encrypt. It believe all 3 major browser makes added it as a root CA, and it's currently on 10% of all https servers.

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.