Security and privacy

SSL Certificate

Picture of Doug Bell
SSL Certificate


I am runing Moodle and have a SSL certificate. It is coming up for renewal. I was wondering if it is necessary. I was running credit cards, but have switched to PayPal for the processing. Any one know if it is a necessary item for Moodle?




Average of ratings: -
Dan at desk in Moodle HQ, Perth
Re: SSL Certificate
Core developersMoodle Course Creator Certificate holdersMoodle HQPlugin developersTesters

Hi Doug,

I'm not quite sure if I understand your question.

It is not enforced to run Moodle behind SSL, but is recomended for security. How you purchase the certificate doesn't really have anything to do with Moodle.

Average of ratings: -
Picture of Jerry West
Re: SSL Certificate


SSL certificates encrypt the conversation between browser and web server (e.g. Apache).  Moodle does not know (though I dare say it can find out) if it is running on over http: or https:.  If you are using Paypal then they will be using their own SSL certificate to protect that conversation.  If you are not collecting sensitive data you do not need an SSL connection.

Having said that you might choose to keep the certificate going as it may help project a professional image of your service to your customers.  It shows you take confidentiality seriously.  It also helps prevent "man in the middle" attacks such as from the Firefox addon "Firesheep" (or whatever the latest variant is called) whereby snoopers can steal login credentials and impersonate students on your site.  Why they would want to do this is beyond me smile.

Hope this helps,

Average of ratings: Useful (1)