jjshell — 2012-04-26T01:34:13-04:00 — #1
I've started looking at installing SSL for one of my projects. I must admit that I am more confused now than when I started (too many possibilities).
All I want is:
a) protect my login system (no cc business, just encrypt pwd).
b) my users don't have to accepts a certificate, click on stuff to access my website. There's just the https://. Boom.
What would you do?
logic_earth — 2012-04-26T03:23:32-04:00 — #2
You need to talk with your host. Having an SSL cert requires a few extra things like a dedicated IP address allocated for your domain.
dklynn — 2012-04-26T19:22:05-04:00 — #3
Following up on l_e's post, you can self-sign a cert (if your login members don't care about "approved" certificates) and there are many tutorials on that. It's probably a bit easier to do it with cPanel (actually, WHM) but you can also install a secure server (certificate) with direct access to your VPS.
jjshell — 2012-04-27T14:41:09-04:00 — #4
I talked my host. I can choose any certificate I want.
Does anyone have experience with openssl? http://www.openssl.org/
As I said, I don't want users to click on alert messages when accessing my site. So the certificate has to be trusted by browsers. I don't think it's the case with self-signed certificates, am I correct?
dklynn — 2012-04-27T22:09:31-04:00 — #5
By definition, a self-signed cert will generate a warning.
OpenSSL is a known source and reputable.
FWIW, many hosts will offer a discounted price (due to quantity) for SSLs from various CAs (Certificate Authorities).
jjshell — 2012-04-28T18:29:11-04:00 — #6
But will OpenSSL generate a warning or not? That's what I haven't been able to figure out.
jjshell — 2012-04-30T16:41:46-04:00 — #7
Ok, I am looking at this page: http://www.thawte.com/ssl/index.html
Here again, I have a hard time figuring out which option suits best my need. As I said:
1) I want an https:// protocol without the user having to click on anything.
2) I need subdomains to be covered as well.
Would SSL123 Certificates be enough? What are exactly the advantages of SSL Web Server Certificates beside being usable over more than one domain (is it like having four certificates for the price of one)?
dklynn — 2012-04-30T19:02:28-04:00 — #8
Thawte certificates are good but the ones on your linked page are unrealistically expensive. Do a search for Certificate Authority and look at the various CAs products. If all you want is something which will not trigger a warning, just get the cheapest one you can find (from a reputable CA).
If you have a good host, they'll often act as agents for CAs and offer very inexpensive certs - in the under $50 range!
jjshell — 2012-05-01T01:08:54-04:00 — #9
I've searched and compared many CAs product, but they're all pretty much in the same range.
I can't believe the open source community hasn't come up with a free solution... Or a very cheap one. That would be awesome.
My provider doesn't offer discount.
- Can anyone think of a backup plan or will I have to pay full price?
- I'm still not usre if OpenSSL will generate a warning or not.
- If not, can I install OpenSSL on any host (as in shared one)?
dklynn — 2012-05-01T04:02:00-04:00 — #10
There ARE less expensive CA's than Thawte and many agents (subcontractors, if you will) who will discount based on multiple sales for the CA.
Your OpenSSL "solution" is not a solution at all. It allows your server to have an SSL cert but you've still got to install the cert. If it's self-signed, it'll throw a warning (because browsers will not recognize the CA) so you're back at actually searching for SSLs at a reasonable price. If you still have problems, I'd been a reseller a few years ago (for my clients, of course) but may be able to re-start something for you. I'd have to add-on the cost of my time and effort, though, so you'd be better off using a search engine to find inexpensive CAs.
jjshell — 2012-05-01T15:16:29-04:00 — #11
Thanks a lot dklynn. Everything is clear now.
If it is not, I will post again. I'll try to find something that at a reasonable price (any recommendations?). If I'm stuck, I'll ask you to do the job (through the market place, obviously )
dklynn — 2012-05-01T19:05:43-04:00 — #12
I don't use the Marketplace. Try a PM and I'll e-mail you back. However, I'm sure you'll find some reasonable prices with your search.