Question

Photo of Jon Horton

5

Securing Rock with SSL

3

This is more of a suggestion than a question, but I just wanted to speak for a moment to the issue of security in Rock.

On our team, we've begun placing a high value on the security of our data. As developers, our people are entrusting us with their information, and we want to be good stewards of that information. One of the ways we've taken steps to do this is by securing any site we build with an SSL certificate. This is a simple, yet effective way to encrypt information as it travels through the internet. Not only does it encrypt user data, but there are also other benefits like Google using HTTPS as a search ranking signal

My suggestion is simple: as you install Rock and begin using it with actual information from people in your church, make sure you purchase and configure an SSL certificate before making it available at a publicly accessible domain. 

Prices range from $9–$100+ per year, and while the setup may seem daunting, there are plenty of helpful tutorials that walk you through the setup process. We currently use Namecheap to handle all of our SSL certs, but check with your current registrar to see if they offer SSL Certificates. If you're new to SSL, Google provides a detailed list of best practices

I hope this is a start on how to make Rock as secure as possible as we steward our people's information well. Let me know if you have anything to add!

Security
  • Derek Mangrum

    Derek Mangrum

    Like others have said, this is a great topic and very important to think about. I also wanted to mention the provider that we use, as I have had a fantastic experience with them. We use DigiCert (https://www.digicert.com/) for our UC certs for Exchange and our web server. They are super helpful, responsive, friendly, and make this difficult process very simple.

    • Photo of Frank Grand

      0

      Thanks for the suggestions Jon!

    • Photo of Matthew Meekins

      1

      Just curious... Did you use a wildcard certificate for the multiple subdomains?

      • Jim Michael

        Jim Michael

        I think a wildcard is a great idea since it (as you say) lets you secure any number of subdomains with the same cert. Way back in the day some devices had trouble with wildcard certs, but those days are long gone. We are big fans of Digicert here... not the cheapest, but great support and great instructions for creating and installing certs on just about any platform.

        • Trey Hendon III

          Trey Hendon III

          I fully agee with Jim. The only downside to a wildcard is it's price. If you can afford it, they provide the most flexibily further down the road when the need arises for additional Rock driven sites for special projects. For example, we're about to build a capital campaign web site and it can just use my existing cert and I don't have to buy a new certificate and install it in place of anything. Buying a traditional cert means you have to plan out any domains you might ever need for the life of the certificate.

        • Photo of Alex Aron

          0

          I remember how we encountered a similar problem. Then we also used the certificate of PositiveSSL WildCard from Comodo. But we were cheaper than namecheap. We bought it on the site: https://www.ssls.com/ssl-certificates/comodo-positivessl-wildcard

          It was cheap - only $74/yr!