Global Security Forum

 View Only
Expand all | Collapse all

Website security and ssl certificate

  • 1.  Website security and ssl certificate

    Posted Mon April 25, 2022 09:52 AM
    I want to secure my website. I read that it is good to have an ssl certificate on such a website. My hosting offers Let's Encrypt SSL. I read that this is not the best option. Can I choose it or is there something else better? How else could I secure the page? Of course, i want to protect against the most popular threats (which I don't know all of, I'm a beginner). Thank you for any advice and if I am in the wrong section, I apologize, but here I am also new and I do not know how to navigate this site.

    Izola Tinkle

  • 2.  RE: Website security and ssl certificate

    IBM Champion
    Posted Tue April 26, 2022 01:54 AM
    Edited by Lionel Clavien Tue April 26, 2022 01:56 AM
    Dear Izola,

    An SSL certificate won't protect your site from any attack. It is there to protect your customer data between their computers and your server, so that no one apart you and them can read it.

    Since a certificate is mostly a signed key store, what is technically important is that it uses modern encryption ciphers that are not easily breakable. In your case, Let's Encrypt (LE) perfectly fits the bill, as it uses such modern algorithms.

    Now, a certificate is also about trust from the customer. And this is where not all certificates are equal... Indeed, LE is a completely automated way to generate certificates, and it only verifies that you have access to the DNS of your website domain. This is a good start, but any bad actor can buy a domain, host malicious SW on it and protect it with LE. This is why you have what are called EV (extended validation) certificates, where the domain owner existence is validated as well as its business.

    This is probably what every e-commerce website site wants - what you seem to provide. This has a cost, but EV sites have also a higher ranking in at least Google Search. It all depends on your needs and means... ;) But rest assured that your site's current security (with LE) is already good enough to start a business.

    This page gives a short overview of the differences between LE, DV and EV.

    Hope this helps a bit...

    Lionel Clavien, PhD
    IBM Champion for Power
    CTO & Co-founder
    InnoBoost SA
    Lausanne, Switzerland