Web sites and applications use SSL for security because it performs three vital roles:
- Encryption of data communication.
- Authentication of the server connection to ensure it’s the right server.
- Integrity of data transfer to detect when information is corrupted or altered.
SSL is relatively inexpensive, and should be included on most sites. Here are some cases where SSL is compulsory on a server:
- If you have a mobile app communicating with the server.
- Any situation where sensitive information is being communicated.
- If you have a payment gateway, or collect financial and/or personal information.
If you’re just hosting a marketing website then SSL is not required. It is worth considering however that the Google search engine rates SSL highly, so having a secure site may increase your ranking.
SSL works by installing a certificate (file) on the server that identifies it to a trusted third party. You can buy this file very cheaply online but you should only purchase one from a reputable provider. Some providers are not recognised as trusted authorities by all browsers and setups, and their certificates may negatively affect confidence and access to your site.
Fortunately there are many reputable providers that you can find online easily, or you can normally purchase one from your ISP at a competitive rate. If you’re planning to just run a web site hosted by your ISP then it is particularly convenient to get the certificate from them as they will also install it for you. If you’re purchasing a certificate to install on a server hosted by AWS or another third party hosting platform then you’ll provide that certificate to us during development and we’ll install it for you.
Before you buy a certificate you should ensure that the certification authority is well trusted. You should also consider:
- Do you need a certificate for a single site or a wildcard certificate? If your server consists of more than one instance, or if you plan to certify an app and a marketing website, then you will need a wildcard.
- Are you getting the recommended 2048 bit encryption? Some providers will sell 1024 bit encryption, which may be decrypted more easily and may jeopardise sensitive data.
You should also be aware that certificates need to be renewed periodically; you can purchase certificates that may be valid for 1 to 3 years, after which you will need to pay for renewal. As with to third party services we can help you purchase an SSL certificate, but you’ll want to know where it was purchased and for how much so you can maintain this critical part of your app business into the future.
The next section of recommended reading describes how we work, and starts with the topic why we are agile.