When you Google this question you get many different answers, but this answer of Google Developers answers it for me in short (click the link for more details):
- HTTPS protects the integrity of your website/APEX app
- HTTPS protects the privacy and security of your users
- HTTPS is the future of the web; many new technologies only work with https (for example Service Workers; you can read more about Service Workers and APEX in my presentation)
Before websites had an HTTP portion and an HTTPS portion, which became active when you would login to the site, but nowadays everything is under HTTPS. Google will actually rank your site higher when it's using HTTPS. Look at the sites you visit; many of them will now use HTTPS as a default.
HTTPS on localhost
If you're developing locally, you don't really need HTTPS on localhost, but I still like to have that.
Here're the steps I did in Chrome on my Mac (OSX) to get the nice green lock when developing locally (works also with APEX Front-End Boost)
- In the address bar, click the little lock with the X. This will bring up a small information screen. Click the button that says "Certificate Information."
- Click and drag the certificate image to your desktop.
- Double-click it. This will bring up the Keychain Access utility. Enter your password to unlock it.
- Be sure you add the certificate to the System keychain, NOT the login keychain.
- After it has been added, double-click it.
- Expand the "Trust" section. "When using this certificate," set to "Always Trust"
- Close Keychain Access and restart Chrome, and your self-signed certificate should be recognized now by the browser.
For years I've been using SSL certificates ordered from Godaddy, but depending the certificate you get, it might not be that cheap. The APEX R&D website is a multi-site certificate - the same certificate is used for the APEX Office Print website.
But there's some good news... you can get SSL for free too (and it's very easy to do!), thanks to Letsencrypt. I used Letsencrypt to protect the Euro2016challenge.eu APEX app/website for example.
Here's the Getting Started Guide from Let's Encrypt. This is the command I used (after installing the package):
./letsencrypt-auto certonly --webroot -w /var/www/euro2016 -d euro2016challenge.eu -d www.euro2016challenge.eu
If you're not yet on https with your APEX app/site, I would definitely recommend looking into it :)