SSL Certificate?

alex0 · Oct 10, 2013

:help:

Hi guys,
I have a query.

Is the SSL Certificate enough to secure a site?

Well, I am planning to create a site which will have online transactions. I am not sure which option to go for securing the site for transactions. Is there any alternative for it, which is more secure ?:dknow:

Any suggestions/guidance would be appreciated.
Thank You in advance.:thumbup:

Alex - A2 Hosting · Oct 10, 2013

If your asking this it might be better to seek a full server management company who understands what needs to be done and how to do it.

Essentially it sounds like you need to be PCI compliant which has a number of requirements, you can find these vi a quick Google search though just an SSL certificate isn't going to do the job in terms of what is required.

Rado_Ch · Oct 11, 2013

It does depend exactly what transactions you will accept, what method of payments, would you store the details afterwards etc... An SSL might not be enough, but you will definitely need one.

The SSL gives the needed credibility of your business in the eyes of your customers. It shows them that you take care all their transactions and details to be encrypted and this is really the least you can do for them.

If you would be processing credit cards, you would also need a merchant account with a trusted partner and a good vendor. There is a cool article in WikiHow on this subject - you can check here. :rolleyes2

qchost · Oct 12, 2013

Are you talking about card transactions? You should also be PCI compliant..

easyhostmedia · Oct 12, 2013

qchost said:
Are you talking about card transactions? You should also be PCI compliant..

Only if you are planning top take the card details yourself. if you use a third party like paypal where you never get to see or store the cc numbers then you dont need to be PCI compliant, but best speak to your payment providers as i know 2co still requests their clients to be PCI complaint, but to cover them you can get a Comodo Instant SSL and opt for the free HackerGuardian, which do daily PCI scans and this is ample for 2co

komodovpn · Oct 12, 2013

If you're handing any sort of online transactions that would involve your visitors/customers entering ANY personal information then getting an SSL installed on the site should be bare minimum.

Now, what comes next totally depends on how you intend on accepting payments. If you're going to be saving personal/financial details (eg. cc numbers) on your own website/databases then you should opt to find a PCI compliant host, or a provider that can offer this type of management service.

If you're simply going to be accepting payments via a third party processor (eg. PayPal, Stripe) then PCI compliance may not be required since these processors already have these things in place.

Back to the SSL. You may ask, "does it matter which SSL certificate I buy?" On the grand scheme of things, just about any standard Domain Validation SSL will do the trick. But if you're looking to increase customer's confidence and earning their trust then it may be worth it to invest in a SSL that is issued by a CA that is better known (eg. Symantec, GeoTrust). If you're a registered business, you may opt to get a organization validation SSL or Extended Validation SSL (the one with the green bar) that can further help boost your customers' confidence in your website and business when shopping online.

easyhostmedia · Oct 13, 2013

komodovpn said:
If you're going to be saving personal/financial details (eg. cc numbers) on your own website/databases then you should opt to find a PCI compliant host, or a provider that can offer this type of management service.

If you are going to give information out then give the correct information

If the host is PCI compliant on his site this makes not difference to you as its YOUR website that needs to be PCI Compliant, this is never part of a hosts managed services. If you google PCI Compliant providers you will see many , buts its not a cheap process.

komodovpn said:
Back to the SSL. You may ask, "does it matter which SSL certificate I buy?" On the grand scheme of things, just about any standard Domain Validation SSL will do the trick.

Yes you can use any Domain Validation SSL ( comodo positive SSL/Rapid SSL), but you can get an organization validation SSL (Comodo Instant SSL) which will include free hackerguardian which does PCI daily scans. to get an Extended Validation SSL (the one with the green bar) Extended Validation SSL (the one with the green bar) you must be a Limited company and the domain must also be registered to the ltd company along with many other requirements which they are strict on.

alex0 · Oct 15, 2013

Thank you so much for your valuable suggestions and advice friends. Appreciate it!

SkylarM · Oct 15, 2013

easyhostmedia said:
If you are going to give information out then give the correct information

If the host is PCI compliant on his site this makes not difference to you as its YOUR website that needs to be PCI Compliant, this is never part of a hosts managed services. If you google PCI Compliant providers you will see many , buts its not a cheap process.

Yes you can use any Domain Validation SSL ( comodo positive SSL/Rapid SSL), but you can get an organization validation SSL (Comodo Instant SSL) which will include free hackerguardian which does PCI daily scans. to get an Extended Validation SSL (the one with the green bar) Extended Validation SSL (the one with the green bar) you must be a Limited company and the domain must also be registered to the ltd company along with many other requirements which they are strict on.

Pay quite a bit for that green bar unfortunately.

easyhostmedia · Oct 15, 2013

SkylarM said:
Pay quite a bit for that green bar unfortunately.

Normally yes, but sometimes Comodo give free EV upgrades with certain SSL certificates.

But it is a long and complicated process to get an EV activated

SkylarM · Oct 15, 2013

easyhostmedia said:
Normally yes, but sometimes Comodo give free EV upgrades with certain SSL certificates.

But it is a long and complicated process to get an EV activated

Ah didn't know they did that.

easyhostmedia · Oct 15, 2013

SkylarM said:
Ah didn't know they did that.

yes if you get their Instant Pro SSL they give you the free upgrade, but

your business has to be listed on http://www.dnb.co.uk
the domain has to be registered in the name of the company
any images on your site must be under https
you cannot have ordinary http links on your sites, they all have to be https.

these are only the things i can remember off the top of my head, their are many more requirements.

02Hosting · Oct 16, 2013

SSL certicficates don't seem to protect the site normally they just make the site look more trustworthy its normally better for flash websites to make users feel more safer as they browse your site, but don't count on this i'm not the best with this as i haven't had one yet.

easyhostmedia · Oct 16, 2013

02Hosting said:
SSL certicficates don't seem to protect the site normally they just make the site look more trustworthy its normally better for flash websites to make users feel more safer as they browse your site, but don't count on this i'm not the best with this as i haven't had one yet.

I would suggest that you check on what an SSL certificate purpose is otherwise hosting is not a business for you.

SSL certs are not designed to protect any website. They are their to encrypt personal details/ CC/DC details etc. that users place in shopping carts etc. on websites

read up on this at

https://www.globalsign.co.uk/ssl-information-center/what-is-an-ssl-certificate.html

http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html

02Hosting · Oct 16, 2013

easyhostmedia said:
I would suggest that you check on what an SSL certificate purpose is otherwise hosting is not a business for you.

SSL certs are not designed to protect any website. They are their to encrypt personal details/ CC/DC details etc. that users place in shopping carts etc. on websites

read up on this at

https://www.globalsign.co.uk/ssl-information-center/what-is-an-ssl-certificate.html

http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html

I know i thought so but thanks for the links all i really know about SSL certificates is that they don't protect your site normally if i use a site with a SSL certificate it makes it look safer although i know it doesn't affect that.

asifarasool · Oct 28, 2013

All better answers have come up.

4D Hosting · Oct 30, 2013

if you mix SSL with PCI compliance then you should be ok. If we are talking about customer perceptions in terms of buying SSL does tend to instill a little more trust.

2funhosting · Dec 5, 2013

SSL stands for secure Socket Layer. It encrypts your data which no hacker can see what your browser sends to he server nor what the browser send to the server. SSL certificate use for secure but specially which sites used for e-commerce and face book apps. Its feel very trustworthy to the visitors when they visit the sites.

ayanhost · Dec 7, 2013

can you tell me are you registered company and what card processing method you are using.

ksubedi · Dec 30, 2013

Looks like everyone here answered your question already, but ssl basically just encrypts the data that is sent to and from your server to the client's browser. If you are going to be making transactions i would recommend using a third party processor like BrainTree or Stripe since they will have worked on the security on their side and they will be PCI compliant.

SSL Certificate?

New member

Active member

New member

Account Disabled

Well-known member

New member

Well-known member

New member

New member

Well-known member

New member

Well-known member

New member

Well-known member

New member

New member

New member

New member

New member

New member

Forum supporters

Forum statistics