ralphje
msg:3504551 | 12:32 pm on Nov 14, 2007 (gmt 0) |
My experience with this is: The more you pay for the certificate, the more widely trusted and recognized it is. VeriSign, for example, is widely known, but also very expensive. However, if you only have to use it for security and not for banking or something, I'd choose for the cheaper certificates, but you'd better wait for a real answer, since I'm not really sure.
|
jadedev
msg:3505240 | 12:32 am on Nov 15, 2007 (gmt 0) |
my cart routes customers to paypal when they area reay to pay, they actually keep they card details into paypal, not my site but paypal needs a SSL certificate. So in this instance, I don't really want to pay big mobs of money
|
vincevincevince
msg:3505277 | 1:30 am on Nov 15, 2007 (gmt 0) |
So long as the domain name matches, most browsers don't inform your visitor about which company a certificate is issued by, they just put up their visual feedback for a secured connection. I would expect visitors informed enough to check the certificate details would also be informed about the range of providers.
|
jadedev
msg:3505416 | 4:18 am on Nov 15, 2007 (gmt 0) |
has anyone read this?
[apache-ssl.org...] It has a section on creating your own key? So does that mean we don't have to buy an SSL certificate anymore?
|
vincevincevince
msg:3505450 | 5:50 am on Nov 15, 2007 (gmt 0) |
You have always been able to create your own certificate (self sign certificates) and they have been fine for encrypting connections. The problem is that they don't try to identify whether you are who you say you are and for that reason they will pop up warning boxes if you use them to allow web-browser connections.
|
jadedev
msg:3505463 | 6:06 am on Nov 15, 2007 (gmt 0) |
if that is the case, would I have problem interfacing my cart to payment service provider like paypal?
|
vincevincevince
msg:3505466 | 6:14 am on Nov 15, 2007 (gmt 0) |
If you did that, your cart normally would not collect high security data, just a list of products. You would then send the cart to PayPal, who would handle your customer directly over their own SSL connection. In that way, all parts of the process which require high security have it.
|
jadedev
msg:3505479 | 6:40 am on Nov 15, 2007 (gmt 0) |
exactly my thoughts, that is why I am paying them higher transaction fees but I get to sleep better at night knwoing no credit card details are held in my server and it all hells break loose, my customers are not put in any risk.
|
vincevincevince
msg:3505489 | 7:00 am on Nov 15, 2007 (gmt 0) |
Be sure to point out that payments are handled by a secure server when you get to the cart point. Some users may notice you are not transferring them yet and worry it will never happen. Personally I think it's nice to have a cheap SSL certificate for my cart anyway. For $15 or so a year if it only increases sales by one it's probably worth it.
|
WW_Watcher
msg:3506216 | 11:08 pm on Nov 15, 2007 (gmt 0) |
jadedev The time you spent asking & discussing the question, cost you more than just buying the SSL cirt and moving on. ya missed a dollar, waiting on a dime. WW_Watcher
|
jadedev
msg:3506273 | 1:05 am on Nov 16, 2007 (gmt 0) |
ha ha, that' true. I am educating myself to be a web master. If I don't ask/read/research, then I won't learn and I won't get any better.
|
|
