Thread: Secure your website .
View Single Post
  #4 (permalink)  
Old 07-23-2007, 12:42 AM
Thesa's Avatar
Thesa Thesa is offline
AffiliateBOTster
  
Join Date: May 2007
Posts: 102
Thesa is on a distinguished road
Default More on SSL
Need for SSL

- The clients/visitors feel secure in dealing with secure sites. Ninety-three percent of online shoppers surveyed by VeriSign (a CA issuer) reported that they felt it important for an e-commerce site to include a trust mark of some kind on their site.

- If the personal data is hacked and misused in any manner, the victims can resort to legal process which can mean loss of face, trust and confidence in business.

- A research suggests that having a recognizable SSL certificate may, in fact, have a direct correlation to increased e-commerce sales. Customers are more comfortable shopping on those sites and have fewer abandoned shopping carts and better repeat purchases.

Caution:

SSL does not protect server or software installed from attacks/malicious hacks, which can be protected by firewalls, virus checkers, Apache and IIS user and password protection for directories and files.


Ways to obtain a SSL Certificate

(A) Can buy one from a certificate vendor (encryption type of 40-bit, 128-bit and 256-bit are offered, please check out with the sites for latest updates):

- Verisign (www.verisign.com)

- Comodo (aka: InstantSSL) (SSL Certificate Free SSL Secure Server SSL Certificate Comodo SSL™ , www.comodogroup.com)

- Thawte (www.thawte.com): Web Server Certificates and 128-bit SuperCert

- GoDaddy SSL (www.godaddyssl.com): Turbo, High-Assurance, Wildcard

- GeoTrust (GeoTrust: SSL Certificates From a Leading Certificate Authority or RapidSSL: Free SSL Certificates, Wildcard SSL, QuickSSL )

- Baltimore (Baltimore.com: Your on-line destination for information on Baltimore hotels, restaurants, tickets, and businesses.)

- Entrust (PKI, (Public Key Infrastructure), Outsourced and Managed PKI Software Services by Entrust. Entrust Provides Multi-Factor Authentication and Strong Two Factor Authentication for Online Transactions. Entrust's Internet Transaction Monitoring Platform p)

- ipsCA (SSL Certificates SSL Wildcard SSL Free Certificates SSL Server Certificate 256 bits)


(B) Can sign certificate oneself via both open source and proprietary tools; might save time and expenses of going to certificate vendor. Though, not recommended, as similar to issuing oneself a license that has not been verified/recognized by some central authority, Also, data might be encrypted, a warning shall indicate that certificate is not recognised.


(C) If own a server, require to generate a CSR (Certificate Signing request) – a block of encoded data generated by web server and contains necessary details about domain and organization. If on a shared hosting, requires the host to raise a CSR
Reply With Quote