Secure Web Hosting with SSL certificates

Secure Web Hosting with SSL certificates

Let’s talk about SSL certificates.

SSL certificates are used to authenticate the identity of a website to visiting browsers. The certificate, which contains the web server’s public key, will be used by the browser to authenticate the identity of the web server and encrypt the information for the server using SSL technology. Information is kept secure during transmission since the web server is the only entity that can decrypt the information (being the only one with access to its private key). Thus, it offers online users/customers proof that the information they provide when transacting business with your site will not be viewed, intercepted or altered by others.

There are a number of ways to secure an SSL certificate for your site.

1. Some hosts make available their SSL certificates for customers to use, and this is known as shared SSL. It typically takes three forms:
   • wild card certificate pointing at the customer’s document root
   • standard certificate with a user path directory
   • standard certificate accessible from the hosting companies available package shopping cart.

   While probably cheaper, a downside of this is that it is not your company’s name that will appear in the certificate, but rather your host’s.

2. You could purchase your own SSL certificate with a True Business ID for your domain. While more expensive than the first option, it does remove any doubt from your customers’ minds about which company they’re doing business with.

   There are several companies selling SSL certificates but the more popular ones are:

   • Verisign
   • Thawte
   • InstantSSL (from Comodo Group)
   • Entrust
   • Baltimore (sold SSL products to Betrusted.com)
   • GeoTrust

   So which is the best? Here are some articles and forum threads to help you.

   • WebHostingTalk – How should SSL be priced?
   • WebHostingTalk – SSL Certificates and the Process By Which They Are Obtained
   • WebHostingTalk – SSL Certificates (Technical & Security Issues)
   • WebmasterWorld – Ecommerce — SSL certificate providers again
   • Where Should I Get My SSL Certificate?
   • SSL Providers – Who they are

   If you don’t have time to go through all those sites, here’s a summary to help you make your decision:

   • providers were typically evaluated based their SSL certificates’ ubiquity and price, as well as trust in the company
   • Thawte & Verisign offer the most expensive certificates but are the most ubiquitous
   • GeoTrust’s are the cheapest but questions were raised regarding the its ‘practice’ of issuing certificates without verification of a company’s identity, as well as which browsers have chain issues
   • GeoTrust certificates have ubiquity problems and are not compatible with MSNTV, Opera and IE4, but is used by OpenSRS
   • Comodo (InstantSSL) have complaints about spamming
   • Comodo and GeoTrust have the same root certificates from Baltimore

   Added information may be seen at Which SSL, however, I must caution you though that the site is powered by Comodo so I’m not quite sure about the information’s bias (if there is).

   If, on the other hand, you don’t feel like shelling out money to buy an SSL certificate,

3. You could issue a self-signed SSL certificate.

   Some forum threads and articles that may help are:

   • WebHostingTalk – Question about self signed SSL certs…
   • SSL Certificate Generation
   • Re: [SLUG] Webmail and self signed SSL certificate