SSL Certificates are becoming a popular trend for popular websites and blogs. Although there is more ignorance and hype being circulated about the whole web encryption system, webmasters and visitors feel psychologically more secure when they have an HTTPS URL. You may call it the placebo effect or overzealous security, but all in all, SSL does no harm even if it is not required. Encrypting URLs and internet traffic goes a long way in making the internet feel safer and deter the bad guys. This article explains some common myths about the magic or misconceptions attached to having a secure HTTPS URL.
SSL Certificates are expensive
SSL Certificates are available in different varieties for different prices. There is a type which is sure to fit each type of person and each organizations requirement. After Facebook made it compulsory to use an https:// URL to setup Facebook Apps, SSL certificate sales got a boost. A basic SSL Certificate with Domain validation costs a couple of dollars a year. An extended validation one will cost a few hundred dollars a year. This cost excludes the cost of a Dedicated IP Address and the hosting space of course. The Dedicated IP Address can cost anywhere between $20 to $100 per year. While the cost of an SSL Certificate directly may not be expensive, you must factor in overheads like Bandwidth, CPU / Memory Resources and Web Server limitations to
SSL Certificates will prevent hacking
SSL Certificates will not prevent or deter a hacker from exploiting weak code or vulnerable software on your website. SSL Certificates simply act as a secure pipe or secure tunnel through which data flows, preventing any middle-man to intercept the traffic and identify what is being sent. SSL does not keep a check on both the ends of the pipe or tunnel and does not cover protection of a browser at the client end or database at the server end. Hence, if your passwords are stored in an un-encrypted manner in your MySQL database, and for some reason your database is compromised, then having SSL will have no effect in protecting your database information.
SSL will not have any effect on SEO
You must note that SSL may make the website marginally slower especially when loading a page for the first time. This may exponentially be a problem and may require the tweaking of settings on your web server. However, Google recently announced that it will give preference to URLs starting with HTTPS, in its search results, in an endeavor to make the internet a safer and secure place and encourage online merchants to secure the flow of data and sensitive information. If you consider giving both these factors equal weightage, then they both cancel out each other, leaving the impact on Search Engine Rankings (either positive or negative) to be negligible.
You need a separate IP Address for every https subdomain
SSL Certificates are of many types and with many different features to suit your budget. Usually an SSL Certificate will cover only 1 fixed URL I.e. https:// your_domain.com. The normal SSL Certificates will not even cover [https://www.your_domain.com. To encrypt a sub domain or even a URL with www. you will need to take an additional certificate and register that URL with the Certificate issuing company (Certifying Authority). The problem arises when you have multiple sub-domains and want to encrypt the traffic on all of them. Well, in that case you will need to take a WildCard Certificate. The Wildcard certificate, as the name suggests, will encrypt all traffic for the primary domain and also traffic on every sub-domain of that primary domain I.e. *.your_domain.com. It is called a WildCard certificate, because it represents the wildcard character * which indicates anything and everything.
SSL Certificates are difficult to manage or migrate
SSL Certificates may be a tad bit confusing to install at first, but most web hosting control panels have a GUI interface to allow you to generate and import new public and private keys with ease. Change of your web hosting server or change of your dedicated IP Address invalidates your certificate. You can always request a re-issue of the certificate by visiting the Certifying Authority’s website and completing their online form. Most providers instantly issue a fresh certificate which you can put in to your new server and resume business as normal.