Why Hosting has to use SSL Certificates ?

Why Hosting has to use SSL Certificates ?

 

SSL secures your website by encrypting the data send and received and it cannot be read by a third party

 

It can be used the free one that generate without Certificates ?

and its will still secure, so why Certificates ?

 

Your english is really really hard to understand.

basically, a SSL certificate allows the web visitor to connect to your web server with a SSL connection - Secure Socket Layer.

Wikipedia.org can explain it better.

I highly recommend that you do a lot of research before starting a hosting business. ( if you are )

 

The self-signed (free) certificates are just as secure as CA-signed certificates. The only difference is that the self-signed ones will pop up an alert message on your visitor's browsers that says that the certificate is untrusted. If you have a CA (like Verisign or GeoTrust) sign your certificate (and pay for this privilege) then your visitors won't get this alert in their browser.

Since I wouldn't trust Verisign with my phone number, let alone my credit card number, I don't see much advantage in buying SSL certificates but my users and bosses are a different matter so I do what is best for them.

 

To buy SSL Certificate Should I buy it from domain provider ? or i can buy from any provider ?

 

You might want to search around for a trusted provider to use, but I guess you could buy it from the same place as your domain provider if you want.

 

provide your own ssl certificate. free

 

Hello,

Self-Signed Certificates should not be used on any customer-facing site as they can mke your site look like a scam. Most modern browsers will give TONS of Security Errors and this can turn away users.

You can get SSL Certificates for around $10-$50 per year, however you will also need a DEDICATED IP Address from your host to install it.
​

 

I don't have a problem on browser for self sign cert. I have done test thoroughly on several popular browser eg: firefox, opera, safari everything looks good it just that there is popup for it.

 

Firefox 3 (or was it 3.5 ?) started getting a lot more insistent about self-signed certificates.

To start with you get a big fat warning page that looks almost identical to their other error pages such as the "domain not found" error and the "not redirecting properly" error. There's a link you can click that says "I understand the risks" which then exposes a button which says "Make an exception". From here you get a popup with information on the site and the certificate. The "Trust certificate" button is greyed out. You have to click a button near the top labeled "Get certificate" which then enables the "Trust certificate" button. It's now a four-click process rather than the one-click it used be.

I think Chrome is one-click but it also has a big scary warning page rather than a simple, ignorable popup.

I don't have any problems with self-signed certs either, but apparently Firefox does.

 

I notice this too and if you get the cheap ssl cert that being offered on NameCheap firefox still think that the sll cert is some what is fake. Is firefox signing up with ssl cert provider to promote ssl cert product?

 

Certain certificate authorities pay Mozilla to have their root certificates included in Firefox (and all the other major browsers). If a certificate authority comes along that doesn't pay, any certificates bought from that CA will cause a security alert in your browser. So in that sense, yes, Firefox has an incentive to make self-signed certificates look really bad. On the other hand, this alert is exactly the alert you will see if someone is trying to do a man-in-the-middle attack between you and Gmail by hijacking your DNS requests. If Gmail suddenly started popping up big scary alerts like this it would (should) make you suspicious. So in that sense, Firefox are just trying to make their users more secure.

That said, there's a trick that caught me out recently where the certificate the CA sends you is not signed directly by their root certificate but by an intermediate certificate that was signed by their root certificate. If this is the case, they would have sent you a "bundle" certificate along with your actual certificate which you need to install in your website. Apache has an SSL_Bundle directive but for other servers like nginx you can simply concatenate the bundle certificates on to the end of your main certificate.

Without this bundle of certificates, browsers will still throw errors.

 

I see so this means Comodo have to pay mozilla to get their ssl cert to be listed as safe on Firefox? I do read about the MITM attack but I have no clue about what actually happen that make Comodo is not Positive SSL is not white listed on Firefox.

On Mozilla blog : http://support.mozilla.com/tiki-vie...e=commentDate_asc&forumId=1&time_control=3600