Late last night (technically it was early this morning) I posted about a ton of server problems I was having. I am happy to say that they all seem to be fixed! This is good because now I can move on, and get back to the important stuff.
Today I want to talk a little bit about SSL. SSL makes your connection to a server much more secure. If somebody performs some sort of attack on your network, if you are connecting to websites using SSL, the attacker won’t be able to see any useful information. If you are connecting without SSL, they can potentially see every single bit of data that is transferred. Yikes!
So, how do you know if you are using SSL. The easiest way to tell if you are using SSL is to check the address bar. Most web browsers will show a small padlock next to the URL if you are connected to SSL. Depending on what website you are connecting to, and if that website has a verified organization, you may also see a green box that shows the name of the company. If you don’t see either of these things, you probably aren’t connecting using SSL. Below are three examples.
Another easy way to tell if you are connected with SSL is to check the actual URL itself. If the URL starts with “https://” that means you are probably using SSL to connect. If it starts with “http://” or nothing at all (some browsers hide it) it means you are probably connected without SSL.
This SSL thing is great! Why doesn’t everyone use it? Well, it’s a little more complicated than that. In order to activate SSL, you need to get an SSL certificate. Getting a certificate is easy, but it needs to be signed by a verified authority in order for browsers to actually recognize it, or you will just see an error like the one below. Most browsers will still let you connect, but the option to do so will be somewhat hidden. You can self-sign certificates, but if you do, they won’t be recognized by the browser. Unfortunately, getting signed SSL certificates can be quite expensive, and it also takes some time. Authorities that give you signed SSL certificates charge quite a hefty fee. StartCom (AKA StartSSL) does hand out signed certificates for free, but you still have to go through several tedious steps to verify that you own the domain, you are running the website, and it often takes them a couple hours to actually send you the generated certificate. I definitely appreciate what StartCom is doing, because it makes it possible for me to have SSL on darkrealmgaming.com, and soon here, despite the fact that I don’t have the money for SSL certificates.
Another problem with SSL is that many webhosts don’t support it at all, or at least not on their cheaper plans, which most people have. For example, GoDaddy’s economy shared hosting does not support SSL at all. Luckily, I have their deluxe hosting, which does include support for SSL, among other things. Additionally, many other services also do not support it, like Google Blogger and Tumble.
I am a bit of a security nut, so I like to run as much traffic as possible through SSL. darkrealmgaming.com uses SSL by default, and soon, the same thing will happen here too. SSL is a bit of a pain to set up, but it is definitely worth it to make your data, and your users’ data private.
I will have the SSL certificate set up here in a few days, so check back!
TL;DR: Security stuff.