Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
Saurabh Jain Posted November 27, 2010 Posted November 27, 2010 I am Looking to setup VPS SSL certifications , is it needed? This was as hidden cost me... If I have three website do we need individual ssl? Please advise Regards saurabh jain
Mat B Posted November 27, 2010 Posted November 27, 2010 SSL certificates are optional, but highly recommended - as they are needed for encrypting information between the browser and server. Most people only use this with Nexus and/or login. You will need one certificate for each and every site you are running which you wish to encrypt, and you will need a separate dedicated IP address for each as well. Personally, I use Comodo InstantSSL because they're like really cheap - IPS doesn't at this time recommend or endorse any suppliers.
yacenty Posted January 19, 2011 Posted January 19, 2011 is possible to enable ssl only for login page?
Gary. Posted January 20, 2011 Posted January 20, 2011 Yes you can , But I do not suggest you use it for IPB, You do know that SSL with querys will slow the hell out of the page load, I'm not talking 1 or 2 seconds either. I tested via several sites on one of our boxes, Each on loads in around 0.5 seconds, Then we tested via SSL and it went to 10 seconds. Then your forcing all users to browse via https://yourdomain.com
ᴡᴅツ Posted January 24, 2011 Posted January 24, 2011 It's impossible to only require SSL for the login page and nexus transaction?
Collin S. Posted January 25, 2011 Posted January 25, 2011 It's impossible to only require SSL for the login page and nexus transaction? It's possible.... it's a built in feature. Require SSL for login and require SSL for checkout in each app.
Mat B Posted January 25, 2011 Posted January 25, 2011 Yes you can , But I do not suggest you use it for IPB, You do know that SSL with querys will slow the hell out of the page load, I'm not talking 1 or 2 seconds either. I tested via several sites on one of our boxes, Each on loads in around 0.5 seconds, Then we tested via SSL and it went to 10 seconds. Then your forcing all users to browse via [url="https://yourdomain.com"]https://yourdomain.com[/url] This is simply not true. Several sites on my own hardware are loading in half a second flat, even over SSL. I would suggest that if your sites are loading in 10 or more seconds over SSL, you should investigate your server configuration - many customers (including me) are using IPB quite happily with SSL logins and checkouts.
cargelock Posted January 27, 2011 Posted January 27, 2011 You could always make your own self-signed certs. :lol: But also comodo are doing free stuff at the moment, not sure how long for though, might have finished already.
Robulosity2 Posted January 27, 2011 Posted January 27, 2011 You could always make your own self-signed certs. :lol: But also comodo are doing free stuff at the moment, not sure how long for though, might have finished already. Self Signed Certificates are NOT recommended for any check out or page that requires SSL encryption to work correctly.. Sorry, any one who see's the "Oh faeces" SSL icon on in their browser should just stop the check out.. Certificates are two faced they validate the owner/site for at least some trustworthiness and make sure the domain/chain is correct. In terms of SSL requirements Dedicated IP (or a shared server Certificate which can be an annoyance) And if your seeing a noticable performance hit when using SSL, you should probably inspect your Web Server configuration as I suspect it (or your host) is not playing nicely with how it manipulates 443 traffic.. Also, it's a good idea if your going to be doing email from the same server to ensure you have TLS enabled
Gary. Posted January 27, 2011 Posted January 27, 2011 This is simply not true. Several sites on my own hardware are loading in half a second flat, even over SSL. I would suggest that if your sites are loading in 10 or more seconds over SSL, you should investigate your server configuration - many customers (including me) are using IPB quite happily with SSL logins and checkouts. For logins and checkouts yes, I mean for full forums and using .htaccess to re-write the page links. I did get it to work, But it was sluggish for me, But the login and purchace pages were fine, I did read through my post again and I explained it wrong, But to confirm use ssl globally, Still same speed or will there be decrease like we experienced.
Solo Drakban Posted February 15, 2011 Posted February 15, 2011 For logins and checkouts yes, I mean for full forums and using .htaccess to re-write the page links. I did get it to work, But it was sluggish for me, But the login and purchace pages were fine, I did read through my post again and I explained it wrong, But to confirm use ssl globally, Still same speed or will there be decrease like we experienced. The forums (and every other webserver) I run are SSL exclusively (including images, etc), there is no option for non-SSL traffic (any non-SSL requests are automatically redirected to SSL before being passed to the application layer for handling) and there is no slowdown, nor any additional server load really. Also make sure your webserver has keepalive enabled for SSL traffic and the keepalive timeout is not set particularly low (I have mine set for 2 minutes). SSL has to do handshaking for every TCP connection, so if you don't have keepalive enabled then every connection to your server has to re-negotiate the SSL session which can lead to perceived slowdowns. If the browser can utilize the same TCP socket via keepalive then each subsequent request is virtually no slower than non-SSL traffic.
cargelock Posted February 20, 2011 Posted February 20, 2011 Self Signed Certificates are NOT recommended for any check out or page that requires SSL encryption to work correctly.. Sorry, any one who see's the "Oh faeces" SSL icon on in their browser should just stop the check out.. Certificates are two faced they validate the owner/site for at least some trustworthiness and make sure the domain/chain is correct. IMO I wouldn't say that self-signed is a bad option for a general forum or any other form of general traffic, if it were that big a deal then self-signed certs wouldn't have been a part of SSL in the first place. For monetary transactions, it's a different story, but then the onus is on the user, not the website.
Mat B Posted February 21, 2011 Posted February 21, 2011 IMO I wouldn't say that self-signed is a bad option for a general forum or any other form of general traffic, if it were that big a deal then self-signed certs wouldn't have been a part of SSL in the first place. For monetary transactions, it's a different story, but then the onus is on the user, not the website. Many browsers make it extremely onerous to access websites with self-signed certificates. Firefox, as an example, makes you sit through no less than 3 warning screens! No, self-signed is hardly a good option.
Guest Posted February 21, 2011 Posted February 21, 2011 Certain hosting providers and domain registrars (like NameCheap) will give you SSL certificates for free. Never use a self-signed certificate for a public-facing web site.
cargelock Posted February 22, 2011 Posted February 22, 2011 Many browsers make it extremely onerous to access websites with self-signed certificates. Firefox, as an example, makes you sit through no less than 3 warning screens! No, self-signed is hardly a good option. That's hardly a reason to not use one, as it only asks you once and from thence forth you have the option to trust it or not (forever or not). If we're going to speak about trustworthiness, then why would you blindly trust any SSL certificate? EG; why do people blindly accept secure logins on SSL certificates? What gain do they have if their data gets stolen? If they had monies stolen during a financial transaction, then that is a different story, but there isn't (or at least would be very very hard) to get compensation for having your login credentials stolen. You say many browser make in onerous to browse a self-ssl cert site, but imo all browsers should make ALL sites extremely onerous when it says its secure instead of letting the user blindly accept a site as trustworthy. (I bet half the users who login to a secure site dont even look at the cert or the url or scan the page for "giveaway signs" or even look for the lock or other indicators, they just do what they do, and pray) But as I have already said, most sites like commodo give away free ssl certs anyway, at least for a year free anyway, so it's all just theory.
Fishfish0001 Posted February 22, 2011 Posted February 22, 2011 Comodo's Free Certs are only for 90 days, and are ment primarily for testing SSL on your server or how it works.
Mat B Posted February 27, 2011 Posted February 27, 2011 Comodo's Free Certs are only for 90 days, and are ment primarily for testing SSL on your server or how it works. $5 per year worth is pretty much free.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.