SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Enthusiast Kisan's Avatar
    Join Date
    Jun 2003
    Location
    India
    Posts
    95
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Shared Certificate

    I am using shared certificate provided by my ISP.

    How safe is shared certificate? Can I ask CC info on shared certificates?

    I get a security alert when accessing https:// pages.

    It says
    1. the cert. is from a trusted certifying authority
    2. Cert. date is valid
    but the last one is a bit worrying
    3. name on the cert. is invalid or does not match with the name of the site.

    Is it possible to get rid of the third alert which has an ! mark?

    Kisan Bhat

  2. #2
    Texan at Heart Corey Bryant's Avatar
    Join Date
    Sep 2003
    Location
    Castle Rock, CO
    Posts
    2,491
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It is usually OK but when you say that it is invalid - that can be problematic. Something might be in your coding & everything is not being called securely. Was that the last bit a bit worrying?

  3. #3
    SitePoint Wizard silver trophy
    beley's Avatar
    Join Date
    May 2001
    Location
    LaGrange, Georgia
    Posts
    6,117
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    The reason that you are getting that message is because your host registered the certificate with a different domain name than the name you are typing. It will still work, and as long as you get the lock data is sent encrypted. However, this will be a major detterent to your potential customers.

    Most shared SSL certificates can be used through the hosts' domain.

    I.e. https://www.hostdomain.com/~youraccount/file.html

    instead of

    https://www.yourdomain.com/file.html

    They should both pull up the same file.

  4. #4
    SitePoint Member
    Join Date
    Dec 2003
    Location
    Montreal
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I confirm that the reason is the one explained above .. it simply depends on the name (domain) the certificate was registered for.

    I worked as a business developer for an e-retailer of electronics and gadgets here in Montréal and they wouldn’t invest in their own certificate. (I.e. having a shared one)

    Although I proved it statistically that they are loosing one of every 3 final purchase decisions a cause to the certificate alert that pops up.
    They try to overcome that by explaining in big font and illustrated page the security alert but no one give the time to read.

    Being at the edge of placing an order is a unique moment that was due to a planned processes of informing, convincing and pushing for an action, yet, online shoppers are extremely sceptical when it comes to security issues even if they have Zero fraud liability!

    My advice; get your own certificate.

  5. #5
    SitePoint Enthusiast Kisan's Avatar
    Join Date
    Jun 2003
    Location
    India
    Posts
    95
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am a web developer and also host virtual domains for my clients. My ISP has provided me a shared certificate which is shared by virtual domain on my server.

    Some of my clients would not like to invest on certificates. They try to compare with other service providers who are giving them FREE.

    It looks like I have to include in my design cost. One with SSL and without SSL.

    Kisan Bhat

  6. #6
    SitePoint Wizard LiquidReflex's Avatar
    Join Date
    Aug 2003
    Location
    Minnesota
    Posts
    1,861
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    The only way to make it totally error free is to have your own certificate registered with your domain and ensure all of your graphics and files are in the secure directory.

    In my experience, when it comes to e-commerce sites, gaining the customers' trust and making them feel secure about ordering on your site is a top priority. Of course, some people don't take notice of things like the errors and such, but for people that are already worried about security on the web, any sort of error or warning will scare them off. They want to see the little padlock in the bottom corner of the browser, they don't want a "warning" window popping up, and it helps if the checkout process is all the same as your site (ie. not obviously hosted somewhere else).

    The cost will be more, but depending on your product, you could easily make up that cost with just a few orders that would have normally turned away because they didn't feel secure.
    Kevin Hauge : Modern Leaf Design : Follow Us on Facebook
    Client Axis v.08 - client / project management script


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •