First of all let’s briefly examine what SSL / TLS means. SSL stands for Secure Sockets Layer and was developed in the mid 90’s to serve as a security mechanism in the infancy of the internet. The main benefit SSL gave was to protect from ‘man in the middle’ attacks whereby somebody eavesdropping on a network connection could gather sensitive information (usernames, passwords, credit card details etc.) and also manipulate network traffic to trick clients into thinking they were talking to an authentic server and vice versa. SSL underwent a number of version updates over the years and in 2015 was replaced with TLS (Transport Layer Security). SSL & TLS are effectively the same concept, TLS is just a newer and more secure version of SSL – however SSL remains the most commonly used term for historical reasons.
So do you need an SSL / TLS certificate on your website? If you’re running an e-commerce website where customers can log in and pay for items on your site – you absolutely need a valid certificate. If you are the victim of a ‘man in the middle’ attack and you don’t have this protection, your customers sensitive information will be visible to the attackers – and that is very bad news for you and if you’re found to be negligent, will have serious legal consequences.
Continue Reading