thomasking Posted June 5, 2005 Share Posted June 5, 2005 I know that this probably sounds cheap, but I don't feel like paying someone for an SSL certificate. I know that you can create your own, and sign it yourself. I know how to do this with linux. What I am wondering, is does anyone have any experience with this? And with using it with osCommerce? I think my greatest stumbling block will be my web host. I do not have ssh access, ftp only, and I dont think they are going to let me edit thier httpd.conf file. I am not real clear on how ssl works, I think all I have to do is just put the certificate in the directory and reference that directory as https://whatever/directory I think what I am going to try to do is to build a web server strictly for secure stuff and host it myself (cable modem with DynDNS pointing to my subdomain) - it would only be in use when a customer was making a purchase, so if they are just browsing around the bandwidth would come from my outsourced host. The bonus of this would of course be my customers credit card info would be on a server that * I * control, not my outsourced host. Anyone have comments or suggestions I would love to hear them.. Link to comment Share on other sites More sharing options...
bglkk Posted June 5, 2005 Share Posted June 5, 2005 I know that this probably sounds cheap, but I don't feel like paying someone for an SSL certificate. <{POST_SNAPBACK}> Yes, it does sound cheap. If you're doing this for your own interest, fine. If you're planning to use your self-signed cert for business transactions--forget it. The reason that you're paying for a cert is that a 'trusted' company (Thawte, Verisign, Geotrust, Commdo, etc.) guarantees that the name on the certificate belongs to the company that claims it. "Buy the ticket, take the ride..." -HST Link to comment Share on other sites More sharing options...
Guest Posted June 5, 2005 Share Posted June 5, 2005 customers will get errors stating the SSL cert is not from a trusted signature signing authority, so lots would then leave the site not purchasing, let along signing up Link to comment Share on other sites More sharing options...
thomasking Posted June 5, 2005 Author Share Posted June 5, 2005 customers will get errors stating the SSL cert is not from a trusted signature signing authority, so lots would then leave the site not purchasing, let along signing up <{POST_SNAPBACK}> ok, say i do splurge and buy one, what about my customers data, how would i secure it if i had it stored on the mysql database? I have heard something about MCrypt... but then again, how am I going to recieve this data securely from my web host? it would just defeat the purpose if it was emailed to me... forgive me for being a total newb Link to comment Share on other sites More sharing options...
Guest Posted June 5, 2005 Share Posted June 5, 2005 the data on the web server is secure, unless you access via nonsecure modes. you access the store admin via https and not http the customer credit card info doesnt get emialed to u Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.