利用者:SinkTeets407
Should you manage a site that exchanges private information with the site users, such as an e-Commerce site, you probably realize that you ought to be using the Secured Socket Layer (SSL). SSL enables a secured, encrypted, connection between your web server and also the user's browser. This requires that you get the SSL Certificate.
But there are a lot of SSL Certificate providers with a variety of choices. Certificate providers charge varying prices each year for various products. If you have multiple web sites the costs can also add up.
However, there are free Certificates available. They offer a safe and secure, encrypted connection much like other SSL Certificates. So, why should you pay when you are able make use of a free certificate?
Good question!
All things being equal, free is my personal favorite price range!
It is extremely tempting to choose the free "self-signed" Certificates and it could be all you need. On the other hand, everyone knows about what happens when you're penny wise!
When a user connects for an SSL site a note is sent with the certificate information required to setup the secured connection. It must range from the name from the certificate "signer" which is either:
the creator of the certificate (self-signed) or a 3rd party known as a Certificate Authority.
Certificates Authority provides assurances that the site the consumer thinks they're connecting to is actually that website. There are scams where hackers trick users into thinking they are attached to one site and they're actually communicating with another. Users may provide personal and financial information to criminals involved in fraud. Self-signed certificates leave your users vulnerable to these predators.
Due to this, most browsers will display an alert message that the site might be unsecure. The user can bypass the message, however it does not leave the consumer having a warm and fuzzy feeling concerning the site. And the message is correct. In case your site has been hacked by a scammer your users are in peril if they proceed.
So, when in the event you use self-signed certificates?
I would only use them on internal web site, intranet sites. For instance, for those who have labs which are testing sites that require SSL you can save some money by utilizing self-signed certificates.
I would never make use of a self-signed certificate on the internet, "customer facing" as we say. The risk is just not worth it and also you risk alienating your users. If you are a commercial site servicing customers, that free certificate will finish up being very expensive.