ssl for ecommerce.....hrms

[Technetium]

is it required?
where do you get?
how much for basic, or what, ugh, info...link plz, anything

oh btw:

morning

 

[Technetium]

hrMmmmmmmmmm
I'm not sure if I made myself clear with 14 views and not ONE REPLY SLACKERS WAKE HT EFUCK UP

so, I was told I needed a certifaget for starting a small online store, is this true, if so linkage plz

 

[BEAST420]

to enable ssl on your website you need a ssl certificate. You can get them from Verisign, Thawte and a few other places. Install the certficate, then rtfm on how to enable ssl through your webserver package.

 

[PEnNyWiSe]

You can buy an ssl licence from verisign.

 

[Technetium]

the question is: is it required?

 

[Imposter]

What do you mean, required? There's no law that says you have to have it that I know of. But consumers want to have a safe place to shop, and ssl gives them that.

 

[BEAST420]

to do true SSL a certificate is REQUIRED. SSL provides encryption, which you cannot get without a certificate.

 

[[MoM] Gort]

the question is: is it required?

To have an online business? No.

To offer secure transactions? Yes.

 

[Imposter]

Ya but you can generate your own certificate.

 

[Technetium]

shit.
the damn things are like 800 dollars.

theres no other way for secure transactions?

 

[Imposter]

Ya but you can generate your own certificate.

 

[Technetium]

link/more info..and is it legal?

 

[Technetium]

I'm talking to meh supervisor sitting across from be about it, he supposedly knows everything, he's "mcse certified"..he claims its illegal to do that and theres no other way around it.

 

[Imposter]

No, its not illegal to generate your own certificate. Netscape has a proggy to do it back when we were using iplanet at my old job. The thing is people who go to your website will get a warning saying the certificate is not recognized as being from any certificate authority their computer is set to recognize. They can click ok and still go on with ssl, no problem. It only costs money to buy one from a recognized authority.

 

[Technetium]

ok, so my options are:

1) fuck online ordering and throw up a phone number for phone orders
2) buy SSL certificate and put ssl on and have customers happy and non scared
3) use a unrecognized certificate and have customers thinking wtfs
4) ctrlk

hrm.
does the majority of ecommerce use ssl?
this is not going to be an exactly huge site, maybe 30-40 small items(jewlery).

 

[Imposter]

5) Just don't use ssl.

 

[Technetium]

wouldnt that be 3?

 

[Imposter]

No, an unrecognized cert is still SSL. I'm saying just have a normal webpage. You don't have to have ssl to sell shit.

 

[Technetium]

oh, and if not using SSL, does that not leave high risk of my megahurtz getting STOLED?

well, cc #'s mainly, fuck the megahurtz.

 

[Imposter]

I don't know about high risk. I think SSL just encrypts the packets between the user and the server. So if a hacker is sniffing a server between you and the customer they may be fucked. Perhaps you could use a javascript md5() algorithm to encrypt the info at the customer side and then decode it at your side? Not sure how that works.

So yes your risk would be higher, but I wouldn't say its huge.