Big_Balou
msg:706331 | 1:03 am on May 16, 2005 (gmt 0) |
I would recommend going ahead and purchasing your own cert. At the same time I have to admit that when I first started I used my host's shared cert with no problems. If you search you can find some relatively good prices. Edited-Sticky me and I'll give you a starting point.....Looks like Corey Bryant gave you the same url I was thinking about in your other post on the subject - end Edited
|
joe1182
msg:706332 | 2:25 pm on May 16, 2005 (gmt 0) |
anyone else have any input?
|
lgn1
msg:706333 | 3:24 pm on May 16, 2005 (gmt 0) |
Shell out for your own certificate. You don't need to worry about certificate branding these days either so don't pay the big bucks for Verisign or Thawte, but don't go for the $29.95 special either. Find something in the middle price range that gives support, a bit of branding and the highest percentage of browser compatibility.
|
Corey Bryant
msg:706334 | 5:47 pm on May 16, 2005 (gmt 0) |
There used to be a great white paper on the net about the dangers of using a shared SSL. If the shared SSL is compromised - it could potentially cause a lot of problems for all the customers using it. Your own SSL is usually better. -Corey
|
john_k
msg:706335 | 6:38 pm on May 16, 2005 (gmt 0) |
From a functional stand-point, the primary issue is that you lose cookies because the shared SSL will be under a different domain. This is not too hard to get around by putting one or more identifiers on the query string. From a security stand-point, the danger of the SSL cert getting compromised is no different than the danger of the shared server getting compromised. Go with a reputable host and the shared environment is secure with in practical limits. Obviously a dedicated server would be better (provided you also have the resources to configure it to be and remain better!) From an image stand-point, some people wonder why the URL is different. For those that look for it, it might also convey a small shop or "second-tier" image. People can invent all kinds of reasons not to proceed with the check-out process. A shared SSL is an indication that you are operating in a shared host environment. That may be enough to cause some people to not register or to abandon their cart.
|
Corey Bryant
msg:706336 | 1:38 pm on May 17, 2005 (gmt 0) |
A shared SSL uses a server-wide URL instead of a customer specific domain. This is exactly the difference - its the ramifications of this that are not widely understood - single "point of failure" for all domains piggy backing off of a server-wide URL - What happens if someone gets access to the servers SSL private keys - how many domains are now compromised? How many potential credit cards are now exposed? This is the benefit of a private SSL vs a shared SSL - and hence why a shared SSL is an increased security risk. Additionally , SSL Private Keys are usually stored in an area which is accessible to the application. By utilizing a shared SSL certificate, the location of this encrypted file just cannot be as secure as a private SSL (ie - needs to be accessible in some manner by multiple applications) - the less "protected" this file is, the greater the chance of it being copied, altered or deleted - which ultimately increases your risk of SSL compromise. Safenet-Inc has some great resources on SSL. -Corey
|
joe1182
msg:706337 | 5:04 pm on May 17, 2005 (gmt 0) |
Thanks everyone. This was very helpful.
|
|
