Note to mods: I consider this form the best place for this because even though it is about security, it is mostly about business. Anyways, I have been considering buying some SSL for my business site, but I have little experience with it. I currently only use Paypal on my site to not have any liability, but have been thinking of accepting other payment methods like credit cards right on the site with SSL. Here are my questions that maybe you can answer: 1. If a regular person is visiting my site, would he or she care, or even know, if I have SSL? 2. Is it worth me having some extra liability to allow customers to pay right on my site, without having to go to a separate site like Paypal. 3. What is the difference between all the different versions of SSL I keep seeing. E.g., GoDaddy offer three different kinds of SSL. From what I understand, you either have a direct encrypted connection or you don't... 4. Where are some good places to buy SSL certificates? (Thanks to this site I can get 25% off GoDaddy.) 5. Anything else I should know? Thanks!
If a person visit a page on your site, they know if it does have SSL by looking at the security lock shown. Also url chages to https:// from http://. If you don't make lot of transaction its not worth of the hassle.
I consider PayPal the hassle and will never work with them. It's very worth it to have a real merchant account. Varying degrees of protection for you and your customers. Having an SSL that guarantees your customers are protected against fraud for up to $1,000,000 is nice and makes it easier for them to buy with you. THe logos are different and what the logo means/does makes a difference. Get it from your ISP, even if it's going to save you money to go elsewhere, this is only my opinion though and NOT required. Yep, you're going to need a static IP for your domain to get a SSL certificate, which is going to cost around $50 or so. www.yoursite.com and yoursite.com are NOT the same on SSL, so use a mod rewrite to make it one way or the other. Good luck
i've run paypal on some sites forever and it's worked like a charm as i've basically outsourced all secure data to them. on others where im concerned about sending people to paypal (losing conversions) i use authorize.net - I've used a free shared ssl on bluehost for smaller sites and purchased my own for heavier traffic/sales sites.
Could you tell me a bit more about authorize.net and shared SSL? Doesn't sharing SSL defeat the whole purpose?
A shared ssl does allow protection for your clients. The difference is that the ssl will redirect from http://www.yourdomain.com to https://www.yourhostdomain.com/~yourdomain. Personally I will not provide information over the web without it being protected by SSL. They are relatively easy to set up and you can get a RapidSSL from servertastic from around 12 bucks. They are a single root certificate that will provide you the protection that you need for your clients data. You do have to have a dedicated IP but most providers can set you up with this for a low fee. Hope this helps a little. Authorize.net is a payment gateway for credit card transactions. John