sheltonjb Posted March 19, 2007 Posted March 19, 2007 Hi everyone as i'm only just making my first store i was wondering if someone could just explain how the SSL process works? Shelton Brown Web/Graphic Designer
vasttech Posted March 19, 2007 Posted March 19, 2007 SSL stands for Secure Sockets Layer. Basically it encrypts the connection between your website and the visitor so that no one can read the data being transferred between the two (i.e. that is why it is used on account pages and during checkout). You purchase a SSL certificate from either your web host or a third party like Comodo or Verisign. In theory they are all the same. The difference in price and brand is more about how much liability that company (i.e. Comodo, Verisign, GoDaddy, etc...) is willing to take on your site and how much investigation they do to insure that you are who you say you are. The more you pay for a certificate the more liability and assurance the company will back that certificate and it provides a comfort level to your customers that you are really a "true" business and not just some scam artist out there. Most web hosts are resellers of Comodo or GeoTrust certificates which are just fine for most e-commerce sites. Unless you are really processing hundreds of thousands of dollars worth of transactions on a daily basis there is no need to spend thousands of dollars on a certificate. Now with that said... (here's the catch). Since just about any Tom, Dick or Harry can purchase a certificate for a domain name without having to prove to much information regarding who they are or that they are the true owner of the domain many of vendors are starting to offer what they call EA certificates. EA stands for Extended Authority and basically will require your business to be a registered business that can be found in public government records (i.e. you are incorporated or an LLC or at least have a registered business with your state). With that in mind Internet Explorer 7 (and probably most web browsers that come out in the not so distant future) started at the beginning of the year displaying RED address bars if the certificates are not EA certificates. If it is an EA certificate it will display the address bar green. Eventually the goal is to move away from the older certificates to the new certificates. The real catch is that the EA certificates are rather expensive ($500-1000+ USD) and require a significant amount of documentation to receive. Again they are not required (yet) though. A good guide to understanding the workings and the process of SSL can be found on the Comodo website. They are probably the most popular and fall right in the middle of affordable. They offer several different levels of certificates (don't get the free one) for you to choose from. As for installing a certificate you purchase it all depends on where you host your website. In order to obtain the certificate you will need to have a Certificate Signing Request (CSR) generated before you can apply. The CSR is the key to the certificate and is unique to your domain, IP address, and server. Most web hosting companies will not let you generate your own CSR unless you have one of their upper level plans, so you will have to ask for them to do it for you. At the same time most reputable hosting companies will offer SSL certificates and install them for you so it is probably cheaper and easier to go through them for everything. Hope that helps a little. Jeff osCommerce Knowledge Base osCommerce Documentation Contributions
sheltonjb Posted March 20, 2007 Author Posted March 20, 2007 SSL stands for Secure Sockets Layer. Basically it encrypts the connection between your website and the visitor so that no one can read the data being transferred between the two (i.e. that is why it is used on account pages and during checkout). You purchase a SSL certificate from either your web host or a third party like Comodo or Verisign. In theory they are all the same. The difference in price and brand is more about how much liability that company (i.e. Comodo, Verisign, GoDaddy, etc...) is willing to take on your site and how much investigation they do to insure that you are who you say you are. The more you pay for a certificate the more liability and assurance the company will back that certificate and it provides a comfort level to your customers that you are really a "true" business and not just some scam artist out there. Most web hosts are resellers of Comodo or GeoTrust certificates which are just fine for most e-commerce sites. Unless you are really processing hundreds of thousands of dollars worth of transactions on a daily basis there is no need to spend thousands of dollars on a certificate. Now with that said... (here's the catch). Since just about any Tom, Dick or Harry can purchase a certificate for a domain name without having to prove to much information regarding who they are or that they are the true owner of the domain many of vendors are starting to offer what they call EA certificates. EA stands for Extended Authority and basically will require your business to be a registered business that can be found in public government records (i.e. you are incorporated or an LLC or at least have a registered business with your state). With that in mind Internet Explorer 7 (and probably most web browsers that come out in the not so distant future) started at the beginning of the year displaying RED address bars if the certificates are not EA certificates. If it is an EA certificate it will display the address bar green. Eventually the goal is to move away from the older certificates to the new certificates. The real catch is that the EA certificates are rather expensive ($500-1000+ USD) and require a significant amount of documentation to receive. Again they are not required (yet) though. A good guide to understanding the workings and the process of SSL can be found on the Comodo website. They are probably the most popular and fall right in the middle of affordable. They offer several different levels of certificates (don't get the free one) for you to choose from. As for installing a certificate you purchase it all depends on where you host your website. In order to obtain the certificate you will need to have a Certificate Signing Request (CSR) generated before you can apply. The CSR is the key to the certificate and is unique to your domain, IP address, and server. Most web hosting companies will not let you generate your own CSR unless you have one of their upper level plans, so you will have to ask for them to do it for you. At the same time most reputable hosting companies will offer SSL certificates and install them for you so it is probably cheaper and easier to go through them for everything. Hope that helps a little. Jeff Hi Jeff, Once again you've helped me out, thanks alot dude. I just need a little more about 'what' a certificate is. is a 'certificate' just a file? do you upload the certificate like any other file to your webspace? Shelton Brown Web/Graphic Designer
bill110 Posted March 20, 2007 Posted March 20, 2007 It is basically just code that encripts the info. Your host should have specific instructions for installing the certificate. If you purchase through your host they will usually install it for you so no need for you do do anything except set the path to the ssl (provided by your host) in the two configure.php files. and set enable SSL to true. Whoever you get your certificate thru will also supply a script to display their certificate seal on your site. My Contributions Stylesheet With Descriptions Glassy Grey Boxtops Our Products Meta Tags On The Fly Password Protect Admin "No matter where you go....There you are" - Buccaroo Bonsai
Recommended Posts
Archived
This topic is now archived and is closed to further replies.