Search the Community
Showing results for tags 'ssl'.
In my current website project, I would like to design a secure area for members. I have built basic login systems before, but I want to build something more secure this time. One of the things I would like to do it route requests using the HTTPS protocol. In my research on how to do this, I have been starting to learn about SSL certificates. As I understand it, in order to create an SSL encrypted connection that users can be confident in, I must purchase a certificate from a certificate authority (CA). I am questioning whether I really need to do this, though. Neither money nor information that is extremely sensitive would be handled in the secure area. The purpose of the website is of a nature that membership would be restricted to those personally acquainted with me, so it's not like they would be using a website with some vague "entity" operating it. They could trust me. Would that make it safe for me to use a self-signed SSL certificate? My only suspicion is that a hijacker could potentially inject a new SSL certificate (not sure if this is possible...) and trick users since neither his nor mine would be signed by a trusted CA. I could just get a cheap certificate, but I would like to avoid spending money on this if I don't have to. Maybe a free certificate would be okay? I'm not sure. What do you think is the best course of action for my situation?