I'm toying with the idea of using HTTPS for my site when I redesign it. At very least the forum. The site will also consist of a central authentication login which the forum will be one of many things that uses that same login, so idealy I need to secure anything else (different sub/domains) that uses a login form. Goal is to not send the user login through clear text, obviously.
Been looking up certs real quick and there's a lot of different features and prices. Given I want to secure multiple sub/domains, possibly servers, but am not a high profile e-commerce site, what is my best bet? I'm thinking just paying for multiple single domain certs and basically getting the cheapest I can find. Any features I should look for to ensure I have? Most of the sub domains are on the same server but there is the possibility that changes. But if I get individual certs then I should not have to worry about that right, I'd just generate a new cert when I switch servers?
There are also free options like Let's Encrypt, is that worth looking at or am I better off going with one of the more known/trusted CAs like Comodo?
Also if I want to secure an internal communication channel, ex: one server using HTTP queries to another server, I can use self signed for that right? I have a game server which I will want to tie the login to the central authentication system, so I'm thinking it would probably just use a http query string with a reply that says if it's valid or not and possibly other info, which I obviously would want to encrypt.
Moved to Networking - Programming Moderator Ken g6
Been looking up certs real quick and there's a lot of different features and prices. Given I want to secure multiple sub/domains, possibly servers, but am not a high profile e-commerce site, what is my best bet? I'm thinking just paying for multiple single domain certs and basically getting the cheapest I can find. Any features I should look for to ensure I have? Most of the sub domains are on the same server but there is the possibility that changes. But if I get individual certs then I should not have to worry about that right, I'd just generate a new cert when I switch servers?
There are also free options like Let's Encrypt, is that worth looking at or am I better off going with one of the more known/trusted CAs like Comodo?
Also if I want to secure an internal communication channel, ex: one server using HTTP queries to another server, I can use self signed for that right? I have a game server which I will want to tie the login to the central authentication system, so I'm thinking it would probably just use a http query string with a reply that says if it's valid or not and possibly other info, which I obviously would want to encrypt.
Moved to Networking - Programming Moderator Ken g6
Last edited by a moderator: