Web sites and applications use SSL for security because it performs three vital roles:
SSL is relatively inexpensive, and should be included on most sites. Here are some cases where SSL is compulsory on a server:
If you’re just hosting a marketing website then SSL is not required. It is worth considering however that the Google search engine rates SSL highly, so having a secure site may increase your ranking.
SSL works by installing a certificate (file) on the server that identifies it to a trusted third party. You can buy this file very cheaply online but you should only purchase one from a reputable provider. Some providers are not recognised as trusted authorities by all browsers and setups, and their certificates may negatively affect confidence and access to your site.
Fortunately there are many reputable providers that you can find online easily, or you can normally purchase one from your ISP at a competitive rate. If you’re planning to just run a web site hosted by your ISP then it is particularly convenient to get the certificate from them as they will also install it for you. If you’re purchasing a certificate to install on a server hosted by AWS or another third party hosting platform then you’ll provide that certificate to us during development and we’ll install it for you.
Before you buy a certificate you should ensure that the certification authority is well trusted. You should also consider:
You should also be aware that certificates need to be renewed periodically; you can purchase certificates that may be valid for 1 to 3 years, after which you will need to pay for renewal. As with to third party services we can help you purchase an SSL certificate, but you’ll want to know where it was purchased and for how much so you can maintain this critical part of your app business into the future.
The next section of recommended reading describes how we work, and starts with the topic Why we are agile.