Aug 16, 2011

How secure is SSL? Is it worth the cost and the hassle?

Our CEO wants us to add HTTPS:// to every public-facing webpage. To do so, we'll need to install SSL certificates on our site. I think it's not a bad idea, but how secure are SSL certificates? Is it worth the hassle or cost in time and money to set this up?

SSL (Security Socket Layer) Certificate when installed on a web server, activates the https protocol and allows secure connections from a web server to a web user. the major reason of SSL is to maintain privacy and to provide security over sensitive information that shared over the Internet so that only the recipient can view it. A Certificate Authority provides digital certificates to individuals or organizations on verifying their identity. SSL encrypts a connection between the server and the browser. This allows private information to be communicated without problems of eavesdropping or message forgery. SSL binds a domain name, server name and the identity of the organization.

Hence investing on SSL certificate will help to fight the hassle.

Setting up security certificates is certainly not very painstaking in Server 2008/R2. The only issue I have a concern with is the certificate authorities themselves do not have any way to verify that banks and online ordering systems are handling SSL in a proper manner. Web browsers do not necessarily require SSL on many sites, and it's relatively easy for DNS hackers to fake a Visa website to steal customer information.


The value of SSL can be judged by how important your customers think it is for orders to be secure (very) and if not having it leads to fewer sales and less customer data capture. Since your boss requires it, I'd go ahead and do it, but be warned -- SSL is easily hacked and in December 2008 and March 2011, two top-tier SSL certificate providers were hacked (VeriSign & Comodo). If the SSL certificate authorities cannot keep their own sites secure, it's difficult to believe that SSL is a secure technology that people should bother using.

Answer this