SSL for everyone
In the title I wrote SSL but to be more precise it should be SSL/TLS certificate. This is because now if you obtaining ‘SSL’ certificate chances are that it will work.both with SSL and TLS protocols.
It’s time to change
No doubt that having a website served via HTTPS protocol makes sense. Especially when you dealing with passing sensitive data in such situations like filling forms. But if you have only simple information page you shouldn’t even bother. (Un)fortunately Google decided that it’s high time for make full transition to https:// everywhere.
Possible options of obtaining certificate
There are three types which have different level of assurance :
- Domain Validated (DV) SSL – they check your right to use a specific domain
- Organization Validated (OV) SSL – additionally check you/your company.
- Extended Validation (EV) SSL – even more checking (investigating) of you
When I was considering putting this blog to ‘green padlock waters’ I’ve started to seek the easiest/cheapest way. I came with those options:
Buy yourself
Not so long ago you had to buy those from one from certificate authority providers. There are many offers starting from 20$:
Game changer
Let’s Encrypt – free open source project, yes it’s free. If you manage server by your own you can simply install it.
When you’re running your site on shared hosting chances are that they offer SSL certificates as a free feature. There are some companies offering automatic implementation of Let’s Encrypt certificates:
Man-in-the-middle
Cloudflare, a CDN provider offers encryption for connection between them and the user. This solution in any case doesn’t improve security, but web browser display ‘https://’ url anyway.
Of course you can combine it with certificate on origin side issued by Cloudflare, or elsewhere.