For those who do not know, SSL stands for Secure Sockets Layer, and is a security feature, supported by most web servers, that encrypts web data using HTTPS rather than HTTP. For normal web browsing, SSL will probably not make much of a difference, but we live in a time when dynamic web sites offer users constant interaction with the content and with other users. Because of this, personal information is regularly exchanged.
A Firefox extension called Firesheep recently revealed how vulnerable many of these interactive “Web 2.0” sites are. The extension gives anyone at a Wi-Fi hotspot the ability to intercept cookies from nearby users’ websites, such as Facebook. It only works on sites that do not use HTTPS when sending cookies over the web. Many of the sites use HTTPS for logins only but then switch back to HTTP, leaving cookies exposed and giving someone with Firesheep the ability to actually take over a user’s account. Because of this, SSL itself is very important.
An SSL certificate verifies that your site’s encryption is real and from a trusted source. If nothing else, it avoids the awful warning page that browsers display when they encounter invalid, untrusted, or expired certificates. If you run a dedicated server, it is crucial to have SSL enabled and available to any websites that need it. Although it requires a dedicated ip address and more bandwidth, privacy and security for users and customers is paramount and is well worth the cost.