Best Practices for SSL Certificate Renewal

Best Practices for SSL Certificate Renewal

What is an SSL Certificate and why do you need one?

Website security is of paramount importance today.  with Hostsailor you should know Best Practices for SSL Certificate Renewal. Hackers focus on websites, particularly ones that keep financial information, with the intention of stealing information for later use or sale.   While the main focus is on financial data, other targets include the theft of commercially confidential data and the placement of malware on the website.

The FBI has noted a significant increase in website attacks, both in frequency and ferocity since the start of the pandemic.

SSL Certification adds a level of security to websites by supplying authentication information so the user knows they are browsing the correct site, not a spoofed one. It also encrypts communications between the user’s browser and the website and displays a padlock on the browser bar.  Finally, it means that the website URLs have the https:// prefix instead of http://.

What is the recommended SSL version?

The most widely-used version of the SSL/TLS protocol at present is TLS 1.2.  The latest version, TLS 1.3,  is already supported by major web browsers in their current versions.  Implementing TLS1.3 is recommended.  TLS 1.2 is adequate for now but will need to be upgraded to 1.3 in the future when 1.2 is deprecated.

The answer to this question is to implement TLS 1.3, thereby implementing SSL in it’s latest incarnation.

You should also note that SSL and TLS are used almost interchangeably.  While most descriptions use SSL, they really mean TLS. So, for SSL, read TLS when it comes to website security.

What is the better, TLS or SSL?

Simply put, TLS is better.

TLS, as the name suggests is a more recent version of SSL, fixing some security vulnerabilities that were uncovered in SSL.

Currently, all SSL releases have been deprecated since 2015, with the current version not supported.  TLS has replaced SSL since around 2000 for all practical purposes and is currently at version 1.3.

Most browsers support TLS.

One point to note is that there’s no such thing as just an SSL certificate or just a TLS certificate, and you don’t need to worry about replacing your SSL certificate with a TLS certificate.

Should You Use TLS or SSL? Is TLS Replacing SSL?

TLS has been replacing SSL since the turn of the millennium.

As noted above, all public releases of SSL are deprecated because of known security vulnerabilities in them. As such, SSL has not been a fully secure protocol since 2019.

What is more reliable SSL or HTTPS?

This is not really a valid question.  You can’t have https:// without having SSL/TLS implemented as a certificate on your website.   If you stick to the latest version of TLS, you will have a reliable security solution implemented on your website.

Some TLS/SSL Best Practices

  • Don’t delay renewal. If you don’t renew your certificate or have your managed service provider do it for you, you run the danger of losing your site’s security certification and it potentially becoming unavailable,   Most current browsers will issue a security warning for non-https websites, and potential customers may not be allowed to proceed to them.
  • Review website performance. In the past, mixed content sites where JavaScript, CSS files and images were accessed using SSL/TLS to maximise website performance.  This is no longer acceptable and can lead to browser security warnings.  SEO can also be affected.   Mixed content should be eliminated.
  • Secure cookies. Using secure cookies can increase site security and prevent malicious actors from attacking the site.  Setting the SECURE flag in cookies means that they are transmitted over the SSL/TLS secure channel.  It can also be useful to prevent clients from accessing cookies by setting the HttpOnly  Another thing to think of is setting the SameSite flag to prevent cross-site use of cookies.
  • Third Party Code. Using third-party code libraries has inherent dangers.  You can inadvertently introduce vulnerabilities and malware by installing code of unknown origin.   All third-party code must be tested in a sandbox, insulated from production systems, and in general accessed using an https:// prefix.

It may save development time and cost to use third-party code libraries, but you must assess the risk versus reward ratio of so doing.

  • Be alert. It is essential to stay up to date with new vulnerabilities and [possible countermeasures.  New threats appear every day, and if you have migrated some systems and websites to the Cloud, you have increased your vulnerability surface area considerably.

 

A useful site to bone up on SSL/TLS topic can be found here, and it also has a compatibility database where you can check certificate and browser version compatibility.

HostSailor offers a comprehensive range of services around SSL/TLS certification.  Read more here, and if you just want to have an informal chat, contact us here.

  • Share:
Send a Message