I am new to SSL certs and have a question about what pages it needs to be used on. I will be having a login form on every page so does this mean every page needs to use SSL even before a user has logged in? Or maybe a login page can be without SSL and is directed to an SSL page before logging in the user. I think with this solution though the initial login POST information would be sent to the login page unsecured?
You could have the login form POST to SSL.
Personally, I would put the whole site behind SSL.
If you are putting a login form on every page then every page should be SSL.
Alternative is to iframe the login box from SSL but this may not identify to the visitor that the page is secure or just have a Login link that directs to a login page which is SSL.
Remember that one half of the reason for using SSL is so that people can confirm that the form they are about to fill out is actually on the site they think it is on.
Ok, maybe i'll just have a link to a login page that is under SSL. Thanks for the input!
I think SSL is slower than normal. So making every page to use SSL may be a bad for ranking? I read this somewhere and went against using it for all my pages.
Anyone able to provide a comment on this?
SSL has noting to so with SEO. And most certainly will not effect SEO. I swear not everything on the web has to somehow be "SEO" related.
Now, as long as a form submits to a page that is behind a secure connection (HTTPS) then the forms contents is encrypted before sending. The form itself does not need to be on a secure page. However, if you have the ability to enable SSL for all pages, you might as well. (Now unless you have large amount of traffic...thats another concern, SSL will require more processing time for the server.)
SSL may work well for SEO but it will slow down the site - especially when the user first enters your site and the secure handshake happens the delay might be a few seconds depending on the connection speed. This might be important for you - if people find your site in a search engine and click the link you probably want them to see your site as soon as possible before they get impatient. I wouldn't use SSL for all of the site unless it's a banking system or some other system with confidential information. If you want the login to be secure then I think it's best to do it on a separate SSL page (so people are certain they are under SSL) and then redirect them back to where they came from.
Come on, SSL is not that slow...the handshaking is not going to chase people away. It barely takes an extra second. Now if your site is that poorly optimized then you have other troubles.
You are correct - SSL will not be slow for most people. But try browsing connected through a mobile phone in a remote location and you will feel the handshake lag.
Mobile browsing in a remote location is already super slow even without SSL. Majority of people will already be used to the slowness that current mobile browsing suffers from. Grasping at straws here, trying to satisfy an edge case.
You could make whole site with SSL. But do you actually need this? I mean, Do your users keep some privacy info on your website?:)
Well they do if the pages all use a login form as is the case here.
The pages with the login form need to use SSL so that the person can check they are on the right site before trying to login. The page that then calls and all subsequent pages need SSL so that the data can be encrypted.
So with the particular situation being discussed it is essential that all the pages use SSL.
SSL does not cause performance issues. As for SEO, why would having additional website security hamper SEO efforts? If anything it will be a boost.
If you are using a login form than every page should be secured with SSL otherwise your customers will feel unsecured to fill the form.
And if you have a online portal to sell something products or services than your payment gateway must have secured with SSL certificates.
As per my opinion it is more beneficial to protect all webpages with SSL Certificate security. Or you can create login form on separate HTTPS URL and put it on each page.
well, I'd go with whole site SSL instead of separate HTTPS URL on each page, sparing myself the trouble
For my blog i have SSL from namecheap, and to answer your question i also recommend SSl for the entire website since it eliminates any unsecure loopholes.
No it does not. SSL only makes the connection between the server and the client secure. It does not make your web site secure.