Is openSSL necessary for a commercial Certificate?
I am planning on obtaining a commercial certificate to enable running HTTPS on Ubuntu 18 and Apache.
Is it necessary to install openSSL to support this?
If I will not be doing encryption dependent activities, like credit card payments, do I need a commercial cert?
Also, in that case, do I need to run HTTPS at all?
2 Replies
You write:
I am planning on obtaining a commercial certificate to enable running HTTPS on Ubuntu 18 and Apache.
Why? Do you like spending your money on frivolous things ;-) See below…
Is it necessary to install openSSL to support this?
Generally, no. You do need some kind of encrypted transport mechanism though. Generally gnutls is all you need for this. YMMV though….some Linux packages have OpenSSL as a dependency so you may end up installing it whether you want to or not.
If I will not be doing encryption dependent activities, like credit card payments, do I need a commercial cert?
No…just use LetsEncrypt. It's free & it works great. I've been using it for https and submission for years. See:
Their certs are also as good as commercial certs. Their trust starts with the Digital Signature Trust Co. (DST) Root CA X3. See:
https://ssl-tools.net/subjects/6ff4684d4312d24862819cc02b3d472c1d8a2fa6
DST is in the banking industry.
If you have an existing site, the LetsEncrypt certbot will re-configure it to use https and redirect all http requests to your site through https.
Also, in that case, do I need to run HTTPS at all?
Some of the search engines lower your SEO ratings if you don't use https. If you don't care about that, then just use http. I run two sites on GoDaddy that are just all static pages so there's really no need for https. However, if your site has dynamic content in either direction, https is a good idea…especially since you can get it for free with LetsEncrypt.
-- sw
Thank you!