Which SSL?

Forum Moderators: phranque

Message Too Old, No Replies

Which SSL?

jadedev

12:18 am on Nov 14, 2007 (gmt 0)

Hi Guys,

I am shopping for an SSL cert so that my shopping cart can interact with PayPal. I understand SSL has to be installed on the Apache side.

All I need is to certify only my domain name. ie.

www.mydomain.com.au
www.mydomain.com.au/mycart
www.mydomain.com.au/mycart/product
www.mydomain.com.au/mycart/checkout, etc etc

There are so many provider on the net, price ranging for $15 to over $100. So which one should I buy?

ralphje

12:32 pm on Nov 14, 2007 (gmt 0)

My experience with this is:

The more you pay for the certificate, the more widely trusted and recognized it is. VeriSign, for example, is widely known, but also very expensive.

However, if you only have to use it for security and not for banking or something, I'd choose for the cheaper certificates, but you'd better wait for a real answer, since I'm not really sure.

jadedev

12:32 am on Nov 15, 2007 (gmt 0)

my cart routes customers to paypal when they area reay to pay, they actually keep they card details into paypal, not my site but paypal needs a SSL certificate. So in this instance, I don't really want to pay big mobs of money

vincevincevince

1:30 am on Nov 15, 2007 (gmt 0)

So long as the domain name matches, most browsers don't inform your visitor about which company a certificate is issued by, they just put up their visual feedback for a secured connection. I would expect visitors informed enough to check the certificate details would also be informed about the range of providers.

jadedev

4:18 am on Nov 15, 2007 (gmt 0)

has anyone read this?
[apache-ssl.org...]

It has a section on creating your own key? So does that mean we don't have to buy an SSL certificate anymore?

vincevincevince

5:50 am on Nov 15, 2007 (gmt 0)

You have always been able to create your own certificate (self sign certificates) and they have been fine for encrypting connections. The problem is that they don't try to identify whether you are who you say you are and for that reason they will pop up warning boxes if you use them to allow web-browser connections.

jadedev

6:06 am on Nov 15, 2007 (gmt 0)

if that is the case, would I have problem interfacing my cart to payment service provider like paypal?

vincevincevince

6:14 am on Nov 15, 2007 (gmt 0)

If you did that, your cart normally would not collect high security data, just a list of products. You would then send the cart to PayPal, who would handle your customer directly over their own SSL connection. In that way, all parts of the process which require high security have it.

jadedev

6:40 am on Nov 15, 2007 (gmt 0)

exactly my thoughts, that is why I am paying them higher transaction fees but I get to sleep better at night knwoing no credit card details are held in my server and it all hells break loose, my customers are not put in any risk.

vincevincevince

7:00 am on Nov 15, 2007 (gmt 0)

Be sure to point out that payments are handled by a secure server when you get to the cart point. Some users may notice you are not transferring them yet and worry it will never happen.

Personally I think it's nice to have a cheap SSL certificate for my cart anyway. For $15 or so a year if it only increases sales by one it's probably worth it.

WW_Watcher

11:08 pm on Nov 15, 2007 (gmt 0)

jadedev

The time you spent asking & discussing the question, cost you more than just buying the SSL cirt and moving on.

ya missed a dollar, waiting on a dime.

WW_Watcher

jadedev

1:05 am on Nov 16, 2007 (gmt 0)

ha ha, that' true.

I am educating myself to be a web master. If I don't ask/read/research, then I won't learn and I won't get any better.

Which SSL?

jadedev

ralphje

jadedev

vincevincevince

jadedev

vincevincevince

jadedev

vincevincevince

jadedev

vincevincevince

WW_Watcher

jadedev

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week