SSL certificates

Forum Moderators: buckworks

Message Too Old, No Replies

SSL certificates

spritch2

10:45 pm on Aug 3, 2004 (gmt 0)

i'm new to this & i'm in the middle of learning php, i've been to verisign and geotrust i think it is, but while these are quite happy to sell certificates they dont do much to explain how there used. can you answer me a couple of questions?

1 do u store this certificate in the directories of your site?

2 the browser downloads this certificate including a key so that information is encrypted? if so, how does it get decyphed?

3 if u use an online payment solution, can you do away with certificates?

just wondering
spritch2

camflan

12:33 am on Aug 4, 2004 (gmt 0)

Hi there,

The security cert protects your entire site. A key is generated by your server and then signed by one of the authorising agents like Verisign.

The browser does this automatically for you. once the cert is installed there is nothing else you need to do.

If you use a shopping cart you may need to use one. If you are taking credit card info on your site then you will want to have one. If you are using a third party gateway to take credit cards like PayPal then you probably wont need one as there will never be any credit card info going into your site.

An alternative to Verisign or Thwate is ComodoGroup. Much cheaper. Try their intsantssl option.

Thanks,
Cam

spritch2

2:09 am on Aug 4, 2004 (gmt 0)

thanks, i had a look at comodo and its got some info on how certificates are used, am i right in thinking you can only install certificates on servers as theres no mention of individual web sites?

cheers
s

camflan

2:17 am on Aug 4, 2004 (gmt 0)

You install the ssl cert on the server as far as I know where your web site is hosted and it will protect your site that way.

Thanks,
Cam

fhaws

2:22 am on Aug 4, 2004 (gmt 0)

camflan,

The link for instantssl is actually:
snipped

Thanks for the lead. Great prices on SSL

[edited by: DaveAtIFG at 2:51 am (utc) on Aug. 4, 2004]
[edit reason] No URLs please [/edit]

stevenmusumeche

6:43 pm on Aug 4, 2004 (gmt 0)

Just to let you know, I was unable to get a Komodo cert to work in a VPS environment. The company even logged into the server to set it up, but couldn't get it to work. They did refund my money and had good tech support.

chodges84

6:56 pm on Aug 4, 2004 (gmt 0)

right,

heres a question. If I were to buy some secure space from my Hosting company, would I still need a certificate?

Also which is better, ssl hosting or a certificate.

And if I wanted to take orders that way as opposed to using a gateway such as authorize.net (i.e collect the card numbers and key them into a machine), what would need to be certified, just the form page, a database?

If theirs one thing I've never understood it is SSL. I just use WP and their merchant facilities so I don't have to worry, but they might be wanting a website at where i work full time, and as they already pay loads for a merchant account they wont want to fork out any more.

Many thansk,
Craig

spritch2

1:24 am on Aug 5, 2004 (gmt 0)

hello craig,

i did a bit of reading into this the other nite, seems its the server thats certified and as a web developer you should'nt be concerned as its all done in the background, the browser detects the certificate enabling them to pass data encrypted to the server, although i'm not sure how you get the padlock to show, maybe all the pages covered by the certificate are located in thier own directory?

alot of hosts seem to offer blanket ssl which you connect to at the time of checkout, you can buy and use your own certificates provided your host provides you with your own ip, i think, and you'll still need to talk to them to set it up

hope i've been a help, i'n fairly new to ssl myself

spritch2