you need to have ssl cert and have the communication occur under https. It is the communication that needs to be secured first.

What do you plan on doing with the card info after that?

It's for a small e-shop and I want to use Ogone e-Terminal, which is cheaper than e-Commerce. I will have to enter manually the credit card info at the Ogone website, but then I first have to collect it. How can I securely collect it?

as I mentioned you will need to have a secure certificate for one. Check with your host and see if they offer any certs and if they can help you to install one.

After that you need a secure method of storing them as they can not be emailed given that email is about as un secure as you can get. Most of the time they can be stored in a database. If you are on a shared host that is another issue since cc numbers sitting around in a db is not great.

You could have an admin interface (via https again) that gets all the credit card info out of the database and then allows you to download it onto your local machine. Once you check the info has been properly moved to your machine it should then be removed from the database so it can not be compromised.

The machine you download it onto will also have to be protected or the files can be deleted once you have processed the card.

I am trying to set up SSL. I get two option:
- Use generic SSL Certificate (free)
- Generate a Certificate Signing Request (CSR)

Genetic certificate works like this: To get to the "secure" area of your site, go to
[securewebexchange.com...]
Place any files you need to use over SSL in the "/secure" and "/secure-cgi-bin" directories that have been created for you in your home directory.

Which option is the best?

One is probably a shared certificate provided by your shared hosting provider. The latter will be your very own for your own domain. The difference is going to be the message the end user is going to receive from their browser when the site certificate is different than the domain.