About SSL Certificate

Status
Not open for further replies.
You should have some kind of transport security for sensitive information.

That being said, SSL is SSL.... from a technical point of view (so even a self signed one would work).

From a TRUST and User Point of view that is different.
-> You want some sort of Trust thru chain signing. (https://en.wikipedia.org/wiki/Chain_of_trust)

This can either be done by commercial entities specialized in Certificates or by going with a provider (free) such as LetsEncrypt. (https://letsencrypt.org/).

Extended Validation == More Trust?
With commercial services you can go for what is known as extended validation. Here you get a more involved process...
Check out the following link to see if it makes sense for your applciation: https://medium.com/@munteanu210/all...d-validation-ev-ssl-certificates-9be258c31e29
 
SGraf said:
You should have some kind of transport security for sensitive information.

That being said, SSL is SSL.... from a technical point of view (so even a self signed one would work).

From a TRUST and User Point of view that is different.
-> You want some sort of Trust thru chain signing. (https://en.wikipedia.org/wiki/Chain_of_trust)

This can either be done by commercial entities specialized in Certificates or by going with a provider (free) such as LetsEncrypt. (https://letsencrypt.org/).

Extended Validation == More Trust?
With commercial services you can go for what is known as extended validation. Here you get a more involved process...
Check out the following link to see if it makes sense for your applciation: https://medium.com/@munteanu210/all...d-validation-ev-ssl-certificates-9be258c31e29
Click to expand...
you clearly need to learn about how things work.
self-signed SSLs DO NOT work in the eyes of browsers
 
easyhostmedia said:
you clearly need to learn about how things work.
self-signed SSLs DO NOT work in the eyes of browsers
Click to expand...

First and foremost please read and think before you type.
The appearance of the posts i have read from you this far simply does not give off a professional experience.
This is for two reasons:
1) You cherry pick one phrase from a post ignoring context of the text with extra information/clarification around it.
2) You seem to have the habit of trying imply that others are worse or less knowledgeable than you. Which really just gives off an an unprofessional vibe.

The best part is that again FROM A TECHNICAL PERSPECTIVE your post is wrong...

So lets look at that statement:

self-signed SSLs DO NOT work in the eyes of browsers
Click to expand...
You can validate this claim by setting up a self signed certificate on your webserver and accessing the server via your browser. YES you will get a warning, that you will have to accept. BUT it will result in an SSL CONECTION.
If it would not work -> the result would be no ssl-conection.

If you had read my post further or and given it more than 1 thought, you would have also noticed the next lines:
From a TRUST and User Point of view that is different.
Click to expand...
Because the reason the browser gives you a warning on self-signed certs is not for a technical reason, but for because those certificates are hard to trust (as no validation of any kind has been performed).
 
SGraf said:
First and foremost please read and think before you type.
The appearance of the posts i have read from you this far simply does not give off a professional experience.
This is for two reasons:
1) You cherry pick one phrase from a post ignoring context of the text with extra information/clarification around it.
2) You seem to have the habit of trying imply that others are worse or less knowledgeable than you. Which really just gives off an an unprofessional vibe.

The best part is that again FROM A TECHNICAL PERSPECTIVE your post is wrong...

So lets look at that statement:


You can validate this claim by setting up a self signed certificate on your webserver and accessing the server via your browser. YES you will get a warning, that you will have to accept. BUT it will result in an SSL CONECTION.
If it would not work -> the result would be no ssl-conection.

If you had read my post further or and given it more than 1 thought, you would have also noticed the next lines:

Because the reason the browser gives you a warning on self-signed certs is not for a technical reason, but for because those certificates are hard to trust (as no validation of any kind has been performed).
Click to expand...
I have worked in the hosting business since 1999 and know all about SSLs
maybe you should read these

Certificate Not Trusted | View Security Certificate Errors

www.digicert.com www.digicert.com


Browser displays connection untrusted error - Google Search Appliance Help

Summary: When accessing the search appliance over HTTPS, the browser shows a warning such as "The site's security certificate is not trusted!" (Google Chrome) or "This Connection is Untrusted" (M
support.google.com

It is common knowledge for years Self Signed certs are not trusted as they are not assured by any CAs
 
Again i ask you to prove the claim that you made:

self-signed SSLs DO NOT work in the eyes of browsers
Click to expand...

What you have just posted is just a more long version of what i wrote:

From a TRUST...Point of view that is different.
Click to expand...
However from a technical perspective It would be possible to establish an ssl-secured connection.

and none of the links you provide dispute that in any way...

wich brings us back to my point of: read and think before typing....
 
SGraf said:
Again i ask you to prove the claim that you made:



What you have just posted is just a more long version of what i wrote:


However from a technical perspective It would be possible to establish an ssl-secured connection.

and none of the links you provide dispute that in any way...

wich brings us back to my point of: read and think before typing....
Click to expand...
So when you have self-signed SSL and you visit a website, you get a warning that the site is not trusted, and you are given a choice to continue or leave. Most consumers will leave as they have been told it's not a trusted website and those that continue will still be wary as how do they know the site is secure as minutes earlier they were told it's not a trusted website.
I don't need to prove anything as this is how self-signed certificates work.
 
easyhostmedia said:
So when you have self-signed SSL and you visit a website, you get a warning that the site is not trusted, and you are given a choice to continue or leave. Most consumers will leave as they have been told it's not a trusted website and those that continue will still be wary as how do they know the site is secure as minutes earlier they were told it's not a trusted website.
I don't need to prove anything as this is how self-signed certificates work.
Click to expand...

Lets pick this apart...
you get a warning that the site is not trusted
Click to expand...
correct. See my initial post about trust....
This however does not mean, that "doesn't work" from the browsers perspective -> as YOU claimed. It simply means that there is not adequate trust/validation.
Is it good for business? - No
Does it work from a technical perspective - YES

So you could have saved yourself all this energy if you read my initial post correctly...

Most consumers will leave as they have been told it's not a trusted website
Click to expand...
Absolutely. Again, this was not my initial argument you had an issue with...

Sticking with this for a moment, if you scroll up, you will see that i even suggested a solution for avoiding this issue => going with letsencrypt.


---
I don't need to prove anything as this is how self-signed certificates work.
Click to expand...

Lack of trust from a browser is not a "self signed" certificate problem as you are incorrectly claiming. Or being unable to establish a secure connection due to the certificate. Its a problem with the Browser not having a clear and trusted "chain of trust".

In fact quite a few Browser and OS vendors have removed certificate authorities from their "trust stores". Which in turn would also pop up "trust" warnings for certificates validated by those.
Example: https://wiki.mozilla.org/CA:Symantec_Issues
 
SSL stands for Secure Socket Layer. Most web hosts provide the Let's Encrypt SSL free of cost. Even you can also get the Free SSL yourself. Free SSL needs to be renewed every 60 days.

The paid ones start from $8-$10
 
I'd somehow managed to completely miss this little argument about self-signed SSL, which all seems a bit pointless.

SGraf said:
You can validate this claim by setting up a self signed certificate on your webserver and accessing the server via your browser. YES you will get a warning, that you will have to accept. BUT it will result in an SSL CONECTION.
If it would not work -> the result would be no ssl-conection.
Click to expand...

That is technically true, as long as HSTS is not enabled on the domain, in which case the browser will refuse to connect with a self-signed cert.

I'm really not sure there is much practical point though, I can see in testing how a self-signed cert might be vaguely useful, but in a live site it should NEVER be used .
 
The bottom line is that there are multiple free cert authorities, with the most known being Let's Encrypt.

If your host is not offering you free certs (which cost them nothing and are incredibly easy to implement) then you should probably be looking elsewhere for hosting.

These free certificates will be just fine for the vast majority of small sites, but if you are part of a big company, store sensitive data on your server, handle card transactions yourself, or similar circumstances then you should look at something with a higher validation level.

As an aside, someone earlier in the conversation also quite rightly pointed out that although we all use the term 'SSL certificate' what we are actually talking about most of the time is a 'TLS certificate'.

As a second aside (yes, I'm just typing as I'm thinking), you should make sure that your host is disabling the oldest TLS (and SSL) versions unless you explicitly need them, because they are not secure. I wrote a blog post about this last year with a bit more on why: https://s-4.host/why-we-disable-tls-1-0-1-1/
 
S4 Hosting said:
The bottom line is that there are multiple free cert authorities, with the most known being Let's Encrypt.

If your host is not offering you free certs (which cost them nothing and are incredibly easy to implement) then you should probably be looking elsewhere for hosting.

These free certificates will be just fine for the vast majority of small sites, but if you are part of a big company, store sensitive data on your server, handle card transactions yourself, or similar circumstances then you should look at something with a higher validation level.

As an aside, someone earlier in the conversation also quite rightly pointed out that although we all use the term 'SSL certificate' what we are actually talking about most of the time is a 'TLS certificate'.

As a second aside (yes, I'm just typing as I'm thinking), you should make sure that your host is disabling the oldest TLS (and SSL) versions unless you explicitly need them, because they are not secure. I wrote a blog post about this last year with a bit more on why: https://s-4.host/why-we-disable-tls-1-0-1-1/
Click to expand...
Yes, not a fan of self-signed certificates, and yes free SSLs are fine for small websites and blogs, but if you have a commercial website taking card details then you should be paying for an SSL. I am sure any commercial website operator can afford $10 a year, if they cant then they should close their business down as it must not be making money.
 
An SSL certificate is a form of digital certificate that enables an encrypted link and provides authentication for a website. SSL (Secure Sockets Layer) is a security protocol that is widely used on e-commerce sites and pages where users must submit personal or credit card details.
 
SSL certificate is used to encrypt internet traffic and makes it secure. If you purchased SSL certificate for your domain then it provides you authentication for your website.
 
Status
Not open for further replies.

Supporters

Back
Top