Questions about SSL for web pages

T

Thank The Cheese

Registered
Hello everyone.
Now that I am getting the hang of PHP and MySQL, the websites I am designing are getting more and more complicated, and sooner or later I will be creating a website that needs a secure page for sensitive data entry.

Today I've been investigating how one goes about this, and have learnt that SSL is what I need. So the next step is how do I set up SSL, and does it cost money?

My research brought me to VeriSign, but I nearly fell off my chair when I saw their prices ($814 for 1 year!). Is that what I would need to buy?

I have an account with A Small Orange, and the cPanel contains a SSL Manager section:


cpanel.jpg


So I"m wondering if perhaps I can do it all myself provided I can learn how to generate a Private Key, or if this SSL Manager is only to set things up AFTER you have paid a company like VeriSign.

Any help greatly appreciated :)
 
There's other Certifying companies out there, so you might be able to find a better price. Two other reputable ones I know of are Thawte and Digicert ($99).

Any way you go, it will cost money unless you utilize the provider's certificate (not sure if ASO allows this) or create your own, which kind of defeats the purpose. If its for a commercial site (doing commerce of some kind), then you definitely want to spend the money to get one from a trusted provider (to avoid those warning in user's browser).


You'll also need to get a dedicated IP from ASO ($2 per IP/month) if you haven't already.
 
Thanks for the info mdnky.
Yes, I figured I probably would have to spend money, just wasn't expecting quite so much. $99 sounds far more reasonable. And anyway, whatever it costs, I can just factor that in to the quote.

great stuff :)
 
There are lots of providers of lower cost ssl certificates. The Geotrust one is pretty common. It's about $50 per year and lots of people sell them. I think that Geotrust was recently purchased by Verisign. There are even cheaper ones, shop around.

Also: Many hosting companies offer free use of an ssl proxy (shared ssl). That means they have servers which are ssl enabled which pass traffic to and from the server you're actually based on. For dedicated ssl (https://yourdomain.com) you will need a dedicated IP which may incurr another charge from the hosting company.
 
Comodo has a service called "Positive SSL" which is about $20 a year. It's basically the same thing as VeriSign provides for insane prices, except the name. The security is the same, and the certificate is automatically trusted.
If your looking to pay some extra buck for a fancy badge, Thawte is also a recognised certificate provider.
 
Thank The Cheese said:
wow, great info. Thank you.

So why is VeriSign so expensive? Just because they are well known and can get away with it?
Click to expand...
More or less.

Originally they were the only issuers (monopoly) and they played the game for all it was worth. And made a bunch of money. Now they offer extras like guarantees and indemnities for the sites which the have their certs on, which no one really cares about. And just try to collect if something should go wrong.

They do verify ownership of the website and do credit checks and things on the owners (making you jump through hoops) but the people shopping on ssl secured sites don't really know the difference or care.

They're just playing on their name at this point. It's like selling a Ford for the price of a Ferrari but their Ferrari is merely a re-badged Ford.

Like I said upstream I think they purchased GeoTrust not too long ago, you can Google on that.
 
You must log in or register to reply here.
Back
Top