The benefits of using an SSL certificate are many in this day and age, the immediate boost to your website is the trust gained by users that data entered on the website is secure. This is why bank websites use SSL and Site Seal to display a green padlock, and the name of the business in the address bar. This shows that the site is secure, and that the user has landed on the correct website. As many unscrupulous criminals create fake websites that are intending to steal users passwords and usernames by tricking them into entering this information on a fake website. It would be very difficult to impersonate a banking site totally, as stealing the keys and creating a site with the same SSL key as say commbank.com.au would be extremely hard to do. Someone thought they managed this with Google websites, but this was not the case. Just a misunderstanding of how certificates can be setup in the wild. This is written about here: https://news.ycombinator.com/item?id=10030820. So having a SSL certificate for your website is very secure. It is generated using a private key, and would not be much use without that key. A user may get information from a website about the SSL configuration easily.
Just use the sslscan utility available for Linux.
jason@Yog-Sothoth:~$ sslscan microsoft.com Version: 1.11.5 OpenSSL 1.0.2n 7 Dec 2017 OpenSSL version does not support SSLv2 SSLv2 ciphers will not be detected OpenSSL version does not support SSLv3 SSLv3 ciphers will not be detected Testing SSL server microsoft.com on port 443 TLS renegotiation: Secure session renegotiation supported TLS Compression: OpenSSL version does not support compression Rebuild with zlib1g-dev package for zlib support Heartbleed: TLS 1.2 not vulnerable to heartbleed TLS 1.1 not vulnerable to heartbleed TLS 1.0 not vulnerable to heartbleed Supported Server Cipher(s): Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256 Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 1024 bits Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 1024 bits Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 1024 bits Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 1024 bits Accepted TLSv1.2 256 bits AES256-GCM-SHA384 Accepted TLSv1.2 128 bits AES128-GCM-SHA256 Accepted TLSv1.2 256 bits AES256-SHA256 Accepted TLSv1.2 128 bits AES128-SHA256 Accepted TLSv1.2 256 bits AES256-SHA Accepted TLSv1.2 128 bits AES128-SHA Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256 Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 1024 bits Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 1024 bits Accepted TLSv1.1 256 bits AES256-SHA Accepted TLSv1.1 128 bits AES128-SHA Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256 Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 1024 bits Accepted TLSv1.0 256 bits AES256-SHA Accepted TLSv1.0 128 bits AES128-SHA SSL Certificate: Signature Algorithm: sha256WithRSAEncryption RSA Key Strength: 2048 Subject: *.microsoft.com Altnames: DNS:microsoft.com, DNS:*.microsoft.com, DNS:xbox.com, DNS:*.microsoft.it, DNS:*.live.com, DNS:*.windowsmobile.com, DNS:myservice.xbox.com, DNS:microsoftlinc.com, DNS:*.azure.net, DNS:microsoft.cz, DNS:*.msdn.com, DNS:*.microsofthealth.com, DNS:winhec.net, DNS:winhec.com, DNS:microsoft.eu, DNS:windows.com, DNS:*.gigjam.com, DNS:gigjam.com, DNS:*.microsoftband.com, DNS:*.windows.com, DNS:*.surface.com, DNS:*.microsoft.ca, DNS:*.microsoft.cz, DNS:*.microsoft.de, DNS:*.microsoft.eu, DNS:*.microsoft.jp, DNS:*.microsoft.pl, DNS:*.microsoft.ru, DNS:*.windowscatalog.com, DNS:*.microsoftgamestudios.com, DNS:*.biztalk.org, DNS:*.microsoftlearning.net, DNS:*.microsoftlearning.org, DNS:*.mslearning.com, DNS:*.mslearning.org, DNS:*.msdnmag.com, DNS:*.partnersinlearning.com, DNS:*.msdntv.com, DNS:*.microsoftwindows.com, DNS:*.windows.biz, DNS:*.gamevoice.com, DNS:*.lastdeveloper.com, DNS:*.partnerguide.com, DNS:*.microsoftitacademy.com, DNS:*.sharepoint.net, DNS:*.msdn2.com, DNS:*.msdnwiki.com, DNS:*.clientsecurity.com, DNS:*.clientsecurity.net, DNS:*.clientsecurity.org, DNS:*.windowsdefender.com, DNS:*.windowsdefender.org, DNS:*.windowsdefender.net, DNS:*.embeddedresourceguide.com, DNS:*.windowspowershell.org, DNS:*.microsoftdynamics.com, DNS:*.mysharepointcommunity.com, DNS:*.windowsembeddedpartners.com, DNS:*.windowsembeddedpartner.com, DNS:*.microsoftsurface.com, DNS:*.sysinternals.com, DNS:*.startupcenter.com, DNS:*.mobilepcpartners.com, DNS:*.businessreadylicensing.com, DNS:*.sharepointpedia.com, DNS:*.windowsembedded.com, DNS:*.mssharepointcommunity.com, DNS:*.vssdk.com, DNS:*.msdngeekspeak.com, DNS:*.appreadiness.com, DNS:*.mywindowsmobile.com, DNS:*.vort-ex.com, DNS:*.azure.biz, DNS:*.retailexperiencecenter.com, DNS:*.getie.com, DNS:*.microsoftbizspark.com, DNS:*.netfx.com, DNS:*.powerpoint.com, DNS:*.deployoffice.com, DNS:*.hyper-v.com, DNS:*.developonbingmaps.com, DNS:*.fuselabs.com, DNS:*.officewebapp.com, DNS:*.mymicrosoft.com, DNS:*.macoffice.com, DNS:*.powerpointlive.com, DNS:*.scriptjunkie.com, DNS:microsoft.az, DNS:microsoft.be, DNS:microsoft.by, DNS:microsoft.ca, DNS:microsoft.ch, DNS:microsoft.cl, DNS:microsoft.de, DNS:microsoft.dk, DNS:microsoft.ee, DNS:microsoft.es, DNS:microsoft.fi, DNS:microsoft.ge, DNS:microsoft.gr, DNS:microsoft.hu, DNS:microsoft.is, DNS:microsoft.it, DNS:microsoft.jp, DNS:microsoft.lt, DNS:microsoft.lu, DNS:microsoft.lv, DNS:microsoft.md, DNS:microsoft.pl, DNS:microsoft.pt, DNS:microsoft.ro, DNS:microsoft.rs, DNS:microsoft.ru, DNS:microsoft.se, DNS:microsoft.si, DNS:microsoft.tv, DNS:microsoft.ua, DNS:microsoft.uz, DNS:microsoft.vn, DNS:microsoft.cat, DNS:*.powerpointradio.com, DNS:imaginecup.pl, DNS:*.imaginecup.pl, DNS:*.microsoftlinc.com, DNS:windows.nl, DNS:*.windows.nl, DNS:hololens.com, DNS:*.hololens.com, DNS:microsoftedge.com, DNS:*.microsoftedge.com, DNS:windowsmarketplace.com, DNS:*.windowsmarketplace.com, DNS:microsoftcloud.com, DNS:*.microsoftcloud.com, DNS:surface.com, DNS:*.winhec.com, DNS:*.winhec.net, DNS:msdn.com Issuer: Microsoft IT TLS CA 5 Not valid before: Apr 9 18:37:24 2018 GMT Not valid after: Apr 9 18:37:24 2020 GMT |
This utility returns the SSL configuration of the website. That would be very useful information. Another good benefit of having SSL configured on your website is the small boost in search engine rankings. One cheap way to get an SSL configuration for your website is to use Cloudlfare to protect your website. Not only do you get DDOS protection for your site, as well as protection from some scanning attacks, a SSL certificate may be configured on your site. With WordPress, this may cause problems due to mixed content warnings. Of course you need to edit the config and database of WordPress to change the URL to https, but some content on your site may still be served by http. This plugin for WordPress will fix this problem. SSL Insecure Content Fixer. get it here: https://en-au.wordpress.org/plugins/ssl-insecure-content-fixer/. This is the best way to fix a WordPress website and make it entirely served by HTTPS. This will increase trust in your website. Everyone is moving to SSL, and it is not good to be left behind these days.
TLS 1.3 is the most secure configuration at the moment. This provides very good security for your website.
The image above shows the site security padlock in the address bar. Click the information icon to get full information on the SSL setup and this will assure you that the website is properly secured with a signed key.
This is what a website looks like when it is not properly configured with a TLS cert.
