Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Create Your Own SSL Certificate


thomasking

Recommended Posts

I know that this probably sounds cheap, but I don't feel like paying someone for an SSL certificate.

 

I know that you can create your own, and sign it yourself.

 

I know how to do this with linux.

 

What I am wondering, is does anyone have any experience with this? And with using it with osCommerce?

 

I think my greatest stumbling block will be my web host. I do not have ssh access, ftp only, and I dont think they are going to let me edit thier httpd.conf file. I am not real clear on how ssl works, I think all I have to do is just put the certificate in the directory and reference that directory as https://whatever/directory

 

I think what I am going to try to do is to build a web server strictly for secure stuff and host it myself (cable modem with DynDNS pointing to my subdomain) - it would only be in use when a customer was making a purchase, so if they are just browsing around the bandwidth would come from my outsourced host.

 

The bonus of this would of course be my customers credit card info would be on a server that * I * control, not my outsourced host.

 

Anyone have comments or suggestions I would love to hear them..

Link to comment
Share on other sites

I know that this probably sounds cheap, but I don't feel like paying someone for an SSL certificate.

 

Yes, it does sound cheap. If you're doing this for your own interest, fine.

 

If you're planning to use your self-signed cert for business transactions--forget it. The reason that you're paying for a cert is that a 'trusted' company (Thawte, Verisign, Geotrust, Commdo, etc.) guarantees that the name on the certificate belongs to the company that claims it.

"Buy the ticket, take the ride..." -HST

Link to comment
Share on other sites

customers will get errors stating the SSL cert is not from a trusted signature signing authority, so lots would then leave the site not purchasing, let along signing up

Link to comment
Share on other sites

customers will get errors stating the SSL cert is not from a trusted signature signing authority, so lots would then leave the site not purchasing, let along signing up

 

ok, say i do splurge and buy one, what about my customers data, how would i secure it if i had it stored on the mysql database? I have heard something about MCrypt... but then again, how am I going to recieve this data securely from my web host? it would just defeat the purpose if it was emailed to me...

 

forgive me for being a total newb

Link to comment
Share on other sites

the data on the web server is secure, unless you access via nonsecure modes.

you access the store admin via https and not http

the customer credit card info doesnt get emialed to u

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...