Using SSL for encryption is a nice way to avoid people sniffing passwords when one for instance logs into admin panels. However there’s a non-trivial prerequisite to setting up SSL: obtaining a SSL certificate .

The certificates use a tree like structure of trust where most browsers by default trust certain root certificate authorities. It costs money to be included in their tree of trust, an alternative is to become your own certificate authority and sign your own SSL certificate. The downside is that someone who uses the self signed certificate (when visiting the encrypted site) won’t be able to trust that the certificate really belongs to the person that it claims to belong to, but that’s not a problem if the encrypted site is a bunch of admin panels that only we are supposed to be able to access.

For some additional security one can also use a double sided SSL identification, where both the client and server authenticate themselves with SSL certificates (requiring two certificates, but that’s not a problem since we’re making our own), providing an additional layer of security.