The cheapest you can find is a Comodo SSL certificate thru namecheap.com bout 9.99/year , or free with a domain registration or transfer. Course keep in mind your domain needs to have a unique IP address that no one else shares, this means shared hosting is out of the question for an SSL certificate. A valid SSL certificate basically puts the padlock on your site when a user visits a https:// address , which verifies the identity of the domain, and that the domain matches the IP address on record, as well as encrypting user's communication to and from the website so that they are less likely intercepted by an easedropper. I recently installed a SSL certificate on kblinker, if you goto https://www.kblinker.com you should see a padlock somewhere ( in safari in the upper right corner ). It'll basically verify the ownership and IP of that domain, as well as allow up to 256kbit encryption on any communication to and from the site. I haven't done anything useful with it yet, but will be using it to process orders directly on the site. Generally speaking you fill out some information regarding your domain (can't do subdomains just the main domain or a single subdomain unless you get the wildcard cert at bout 150/year), it sends an email to the domain's technical contact with the certificate request code, that goes back into the SSL provider, then it emails back out your certificate which you paste into cpanel or webhost manager (you may have to have your hosting provider do this for you) which then attaches the SSL certificate to that domain. And remember, the domain/account must have it's own unique IP address.
that answers most of my questions, Problem for me is i'm currently using shared hosting, guess i'll have to upgrade my hosting so there is some sort of universal "SSL code" which people resell? for instance, did Namecheap make their own ssl, or ar they reselling other SSL? I guess these are more conceptual questions though.
They're reselling Comodo and Geotrust SSL certs http://www.namecheap.com/learn/other-services/ssl-certificates.asp Often times you can find it cheaper that way than going to the guys direct (which usually requires some kind of bulk). Though if you're not already with namecheap for domain registrar, they're not a bad company at all, and using SWITCH2NC as a promo code you can get domain transfers for 6.99$ which will include whois privacy and an SSL Cert, just gota get a VPS or dedicated hosting or ask your provider if they can give you a unique IP (normally requires least VPS).
Ok, i get that Someone on another forum was talking about "green bar SSL" whats difference between that and normal?
"green bar" aka "EV SSL" aka Extended Validation SSL, which you can get from places like Godaddy at 199/year but only for US locations. And they have to verify your place of visit, even visit it to make sure its a physical place of business before they'll give you the SSL cert. Your typical SSL certificate secures your site's connection with your visitor, and verifies at the very least the domain/IP as being your own. Anything more expensive typically adds on personal or company ID.
interesting, interesting indeed. Would they visit your server or your office? So does that mean i live outside US and all offices will be outside US, i can't get greenbar ssl?
Office, they basically want to verify that your business is an actual establishment in the US that a customer could visit. Mainly the only places I've seen with the green bar thus far are banks, utility companies, financial companies (paypal etc), I don't see most of the brick and motar stores bothering (walmart, best buy, etc don't have the green bars for their SSL just your standard padlock)
The question is why you need SSL certificate. You can issue very own SSL certificates signed by your own Certification Agency you can establish in an hour or so. You can even issue client certificates for your clients to authenticate them in communication with your server. If you need instructions/description PM me.
SSL Certificates are generally good for user-to-site security. I mainly use Comodo SSL as it comes free with a domain registration on namecheap, and supports 256bit AES encryption for visitor-to-site communication. Mainly useful for logins, online ordering and purchases, site administration and so forth. Basically anything you wouldn't want to risk a communication interception between you and the target, the certificates also helps against phishing attacks when the domain don't match the certificates (But as you said someone could create their own certificate for their specific site, but such a certificate could quickly be revoked in the event of scam complaints) But for anything else, not normally needed.
If you want just to encrypt communication and/or authenticate clients you should create own CA, create server certs signed by that CA and issue client certs providing them to clients upon clients registration. This can be done for free on your own. The other thing comes when you need authenticate yourself against others services. You have to possess(purchase) client certificate signed by CA trusted by your peer. Sometimes those CA's created by peers themselves like you would do as a server.
Ok, while that works for encryption, what I don't like is that any visitor going to https://domain.com , is going to get a notice on their screen telling them that "this certificate was signed by an unknown authority".
oh, thats ok then, i just wanted greenbar because its more visible. I have most of the information i wanted, thanks!
Basically the same as ignoring the warning and just saying 'always trust', as opposed to a visitor visiting a site with a certificate already trusted without a user's action.
Not even close. If you setup their root cert as trusted CA you CAN check if the site you are visiting is using a cert issued by that CA. And hence the site is not a fake. At least the CA confirms that. If you ignore the warning you cant be sure that the site you are visiting is the site it claims. Even if the site's cert says it is signed by that CA you still have to verify it somehow on your own. The only method is again by means of downloading original CA's root cert and applying verification process. If you really do not care what site you are sending your sensitive info to, then yes, it's almost the same.