hi,
any advice on who to buy SSL certificats from and how to install them?
my site is hosted on a dedicated linux box for which I have root access.
i’m not sure if there is much difference between the cheap and the
expensive suppliers.
does it matter who you choose?
are they hard to install?
all advice much appreciated…
-john
Hey John,
I launching an internet e-commerce site where we will be taking
payments. I’ve been doing a lot of research on this.
I spoke to Verisign and Thawte (owned by Verisign) who have this
technology to step up old browsers to 128 bit encryption if they are
lower. That service costs $600 with Thawte and $1000 with Verisign.
There normal SSL service is a few hundred dollars less.
In any case, NO the ssl certificate authorities don’t really matter. You
want to make sure that its well known so that browsers don’t popup a
certificate acceptance notice.
With that said, we went with comodo at instantssl.com, you can even get
the plan to step people up to 128 bit for like 250 which is much
cheaper.
Verisign was the first and most recognized, but for now my company
probably won’t even put up the SSL logo.
Now, if you are doing something small, just go with a comodo’s lowest
plan which is around $100, MOST browsers are 128bit and higher anyways.
Hope this helps. -Aryk
Aryk G. wrote:
Hey John,
I launching an internet e-commerce site where we will be taking
payments. I’ve been doing a lot of research on this.I spoke to Verisign and Thawte (owned by Verisign) who have this
technology to step up old browsers to 128 bit encryption if they are
lower. That service costs $600 with Thawte and $1000 with Verisign.There normal SSL service is a few hundred dollars less.
In any case, NO the ssl certificate authorities don’t really matter. You
want to make sure that its well known so that browsers don’t popup a
certificate acceptance notice.With that said, we went with comodo at instantssl.com, you can even get
the plan to step people up to 128 bit for like 250 which is much
cheaper.Verisign was the first and most recognized, but for now my company
probably won’t even put up the SSL logo.Now, if you are doing something small, just go with a comodo’s lowest
plan which is around $100, MOST browsers are 128bit and higher anyways.
Hope this helps. -Aryk
cheers:)
i got stung for a huge Verisgn fee many years ago and I was wondering if
there was anything missing if I went with one of these $100
certificates, but if they’re all much the same then that’s great.
when i buy it, is there much to do to install it?
-john
I’ve been using certs from godaddy for several years on multiple
projects. No problems yet. For Rails projects, I use pound as a front
end that handles the encryption/decryption, and then passes the rest of
the processing off to mongrel or lighttpd. It’s fairly easy to setup if
you’re familiar with SSL. The pound mailing list would also be a good
source of assistance if needed. The godaddy instructions that come with
the certificates did NOT include instructions for installation with
pound the last time I bought one 6 months ago.
Aryk G. wrote:
Now, if you are doing something small, just go with a comodo’s lowest
plan which is around $100, MOST browsers are 128bit and higher anyways.
Hope this helps. -Aryk
I’ve been using godaddy’s $19.99/year certs for several years on
projects with users with all kinds of browsers. I really don’t see any
reason why anyone would spend several hundred (or even one hundred)
dollars when they don’t need to. I would strongly recommend against
Verisign for anything and everything they offer.
Jon G. wrote:
Aryk G. wrote:
Now, if you are doing something small, just go with a comodo’s lowest
plan which is around $100, MOST browsers are 128bit and higher anyways.
Hope this helps. -ArykI’ve been using godaddy’s $19.99/year certs for several years on
projects with users with all kinds of browsers. I really don’t see any
reason why anyone would spend several hundred (or even one hundred)
dollars when they don’t need to. I would strongly recommend against
Verisign for anything and everything they offer.
$20 a year sounds good to me! i’ve just had a look at their site and I
think i’ll go with them…
thanks
-john
nick wrote:
what do you think about create a own SSL certificate ?
That’s perfectly fine - for testing or, perhaps, internal-only use. For
a real site, you need a cert signed by a CA who’s cert comes with the
user’s browser, else you’ll get security warnings (any anybody with any
sense won’t start typing in their credit-card info if that happens =)
what do you think about create a own SSL certificate ?
Benjamin Ritcey wrote:
That’s perfectly fine - for testing or, perhaps, internal-only use. For
a real site, you need a cert signed by a CA who’s cert comes with the
user’s browser, else you’ll get security warnings (any anybody with any
sense won’t start typing in their credit-card info if that happens =)
godaddy are recognized from browsers?
but if you don’t need credit card but just a SSL for login ? it’s always
a secure connection, also if it’s own made, obviously if someone has to
pay it’s different… 
nick wrote:
godaddy has a CA cert in Firefox, not sure about IE - they’re claiming
99% browser recognition.
If SSL is just for login, it’s still a bad idea to self-sign - again,
it’s fine for dev/internal-only site, but for a “real” site, users may
(rightfully) think their credentials are trying to be hi-jacked.
If you are doing internal-only apps w/ SSL, your best bet is to
generate your own CA cert & have it installed in the end user’s browsers
Benjamin Ritcey wrote:
nick wrote:
godaddy has a CA cert in Firefox, not sure about IE - they’re claiming
99% browser recognition.If SSL is just for login, it’s still a bad idea to self-sign - again,
it’s fine for dev/internal-only site, but for a “real” site, users may
(rightfully) think their credentials are trying to be hi-jacked.If you are doing internal-only apps w/ SSL, your best bet is to
generate your own CA cert & have it installed in the end user’s browsers
- that way you can use that to generate multiple legitimate site certs.
ok, thanks… i think I’ll use godaddy too
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs