Welcome to WebmasterWorld Guest from 54.145.166.247

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Which SSL?

   
12:18 am on Nov 14, 2007 (gmt 0)

5+ Year Member



Hi Guys,

I am shopping for an SSL cert so that my shopping cart can interact with PayPal. I understand SSL has to be installed on the Apache side.

All I need is to certify only my domain name. ie.

www.mydomain.com.au
www.mydomain.com.au/mycart
www.mydomain.com.au/mycart/product
www.mydomain.com.au/mycart/checkout, etc etc

There are so many provider on the net, price ranging for $15 to over $100. So which one should I buy?

12:32 pm on Nov 14, 2007 (gmt 0)

5+ Year Member



My experience with this is:

The more you pay for the certificate, the more widely trusted and recognized it is. VeriSign, for example, is widely known, but also very expensive.

However, if you only have to use it for security and not for banking or something, I'd choose for the cheaper certificates, but you'd better wait for a real answer, since I'm not really sure.

12:32 am on Nov 15, 2007 (gmt 0)

5+ Year Member



my cart routes customers to paypal when they area reay to pay, they actually keep they card details into paypal, not my site but paypal needs a SSL certificate. So in this instance, I don't really want to pay big mobs of money
1:30 am on Nov 15, 2007 (gmt 0)

WebmasterWorld Senior Member vincevincevince is a WebmasterWorld Top Contributor of All Time 10+ Year Member



So long as the domain name matches, most browsers don't inform your visitor about which company a certificate is issued by, they just put up their visual feedback for a secured connection. I would expect visitors informed enough to check the certificate details would also be informed about the range of providers.
4:18 am on Nov 15, 2007 (gmt 0)

5+ Year Member



has anyone read this?
[apache-ssl.org...]

It has a section on creating your own key? So does that mean we don't have to buy an SSL certificate anymore?

5:50 am on Nov 15, 2007 (gmt 0)

WebmasterWorld Senior Member vincevincevince is a WebmasterWorld Top Contributor of All Time 10+ Year Member



You have always been able to create your own certificate (self sign certificates) and they have been fine for encrypting connections. The problem is that they don't try to identify whether you are who you say you are and for that reason they will pop up warning boxes if you use them to allow web-browser connections.
6:06 am on Nov 15, 2007 (gmt 0)

5+ Year Member



if that is the case, would I have problem interfacing my cart to payment service provider like paypal?
6:14 am on Nov 15, 2007 (gmt 0)

WebmasterWorld Senior Member vincevincevince is a WebmasterWorld Top Contributor of All Time 10+ Year Member



If you did that, your cart normally would not collect high security data, just a list of products. You would then send the cart to PayPal, who would handle your customer directly over their own SSL connection. In that way, all parts of the process which require high security have it.
6:40 am on Nov 15, 2007 (gmt 0)

5+ Year Member



exactly my thoughts, that is why I am paying them higher transaction fees but I get to sleep better at night knwoing no credit card details are held in my server and it all hells break loose, my customers are not put in any risk.
7:00 am on Nov 15, 2007 (gmt 0)

WebmasterWorld Senior Member vincevincevince is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Be sure to point out that payments are handled by a secure server when you get to the cart point. Some users may notice you are not transferring them yet and worry it will never happen.

Personally I think it's nice to have a cheap SSL certificate for my cart anyway. For $15 or so a year if it only increases sales by one it's probably worth it.

11:08 pm on Nov 15, 2007 (gmt 0)

5+ Year Member



jadedev

The time you spent asking & discussing the question, cost you more than just buying the SSL cirt and moving on.

ya missed a dollar, waiting on a dime.

WW_Watcher

1:05 am on Nov 16, 2007 (gmt 0)

5+ Year Member



ha ha, that' true.

I am educating myself to be a web master. If I don't ask/read/research, then I won't learn and I won't get any better.