SSL Certificate

SSL Certificate

by Doug Bell -
Number of replies: 2

Hello,

I am runing Moodle and have a SSL certificate. It is coming up for renewal. I was wondering if it is necessary. I was running credit cards, but have switched to PayPal for the processing. Any one know if it is a necessary item for Moodle?

 

Thanks

Doug

Average of ratings: -
In reply to Doug Bell

Re: SSL Certificate

by Dan Poltawski -

Hi Doug,

I'm not quite sure if I understand your question.

It is not enforced to run Moodle behind SSL, but is recomended for security. How you purchase the certificate doesn't really have anything to do with Moodle.

Average of ratings: -
In reply to Doug Bell

Re: SSL Certificate

by Jerry West -

Doug,

SSL certificates encrypt the conversation between browser and web server (e.g. Apache).  Moodle does not know (though I dare say it can find out) if it is running on over http: or https:.  If you are using Paypal then they will be using their own SSL certificate to protect that conversation.  If you are not collecting sensitive data you do not need an SSL connection.

Having said that you might choose to keep the certificate going as it may help project a professional image of your service to your customers.  It shows you take confidentiality seriously.  It also helps prevent "man in the middle" attacks such as from the Firefox addon "Firesheep" (or whatever the latest variant is called) whereby snoopers can steal login credentials and impersonate students on your site.  Why they would want to do this is beyond me smile.

Hope this helps,
  Jerry

Average of ratings: Useful (1)