I'm trying to use a notify script with Google Checkout, and its saying that I will require a SSL certificate. I just used my cpanel in Hostmonster to generate a CSR(Certificate Signing Request) Now I guess I can take this somewhere to purchase a ssl. What do you reccomend me to do now. Hostmonster offers SSL certificates for 45.00, but that seems like a lot. Anyone have any experience? thank you, adbox
Go with RapidSSL, there is no reason to pay more than $15/year for a SSL certificate. Believe you get a RapidSSL cert from namecheap for $12 even.
You would need a dedicated IP in order to have an SSL certificate for your website, hostmonster will need to assign an IP just for your site, otherwise you wont be able to use/install the SSL certificate.
SSL cost varies depending on the certificate you chose and the SSL encryption(how many bits). SSL costs start around $9/$10 (Enom/namecheap RapidSSL) to several thousands $$. If you are not storing/transmitting any credit card data, you can go for RapidSSL. Kailash
Google Checkout Information: # Send order processing commands over a secure HTTPS connection. When sending order processing commands to Google, use an HTTPS connection secured by 128-bit SSL v3 or TLS connection (SSL v2 is not allowed). Use your Merchant ID and Merchant Key as the username and password for HTTP Basic Authentication. # Verify the authenticity of the server certificate presented to you. # Specify an HTTPS callback URL secured by SSL v3 or TLS using a valid certificate from a major Certifying Authority to receive Google notifications. Only accept messages authenticated by HTTP Basic Authentication, using your Merchant ID and Merchant Key as the username and password. Take a look at our list of accepted SSL certificates. API authentication and security: Accepted SSL certificates Print Google Checkout currently accepts an SSL certificate whose root certificate is from any of the following Certificate Authorities (CA): * AAA Certificate Services - Comodo CA Limited * ABA.ECOM Root CA * AddTrust Class 1 CA Root * AddTrust External CA Root * AddTrust Public Services Root * AddTrust Qualified CA * America Online Root CA 1 * America Online Root CA 2 * AOL Time Warner Root CA 1 * AOL Time Warner Root CA 2 * Autoridad Certificadora de la Asociacion Nacional del Notariado Mexicano, A.C. * Autoridad Certificadora del Colegio Nacional de Correduria Publica Mexicana, A.C. * Baltimore CyberTrust Code Signing Root * Baltimore CyberTrust Root * Belgacom E-Trust Primary CA * beTRUSTed Root CA * beTRUSTed Root CA - Baltimore Implementation * beTRUSTed Root CA - Entrust Implementation * beTRUSTed Root CA - RSA Implementation * C&W HKT SecureNet CA Class A * C&W HKT SecureNet CA Class B * C&W HKT SecureNet CA Root * C&W HKT SecureNet CA SGC Root * Certiposte Classe A Personne * Certiposte Serveur * Certisign Autoridade Certificadora AC1S * Certisign Autoridade Certificadora AC2 * Certisign Autoridade Certificadora AC3S * Certisign Autoridade Certificadora AC4 * Certplus Class 1 Primary CA * Certplus Class 2 Primary CA * Certplus Class 3 Primary CA * Certplus Class 3P Primary CA * Certplus Class 3TS Primary CA * Certum Root CA * Comodo AAA Services root * Comodo Secure Services root * Comodo Trusted Services root * Deutsche Telekom Root CA 1 * Deutsche Telekom Root CA 2 * DigiCert Assured ID Root CA * DigiCert Global Root CA * DigiCert High Assurance EV Root CA * DigiNotar Root CA * Digital Signature Trust Co. Baltimore EZ by DST * Digital Signature Trust Co. DST (ANX Network) CA * Digital Signature Trust Co. DST (UPS) Root CA * Digital Signature Trust Co. DSTCA E1 * Digital Signature Trust Co. DSTCA E2 * Digital Signature Trust Co. DST-Entrust GTI CA * Digital Signature Trust Co. Global CA 1 * Digital Signature Trust Co. Global CA 2 * Digital Signature Trust Co. Global CA 3 * Digital Signature Trust Co. Global CA 4 * Digital Signature Trust Co. National Retail Federation DST (NRF) Root CA * Entrust Root Certification Authority * Entrust.net CA (2048) * Entrust.net Client CA * Entrust.net Secure Server CA * Equifax Secure CA * Equifax Secure eBusiness CA-1 * Equifax Secure eBusiness CA-2 * Equifax Secure Global eBusiness CA-1 * EUnet International Root CA * FESTE, Public Notary Certs * FESTE, Verified Certs * First Data Digital Certificates Inc. CA * FNMT Clase 2 CA * GeoTrust Global CA * GeoTrust Primary Certification Authority * GlobalSign Root CA * GlobalSign Root CA - R2 * Go Daddy Class 2 CA * GTE CyberTrust Global Root * GTE CyberTrust Root * GTE CyberTrust Root 5 * IPS Chained CAs root * IPS CLASE1 root * IPS CLASE3 root * IPS CLASEA1 root * IPS CLASEA3 root * IPS Seguridad CA * IPS Servidores root * IPS Timestamping root * Microsoft Root CA * NetLock Expressz Class C Tanusitvanykiado * NetLock Kozjegyzoi Class A Tanusitvanykiado * NetLock Uzleti Class B Tanusitvanykiado * Network Solutions Certificate Authority * PTT Post Root CA * QuoVadis Root CA * RSA Data Security Secure Server CA * RSA Root Certificate 1 * RSA Security 1024 v3 * RSA Security 2048 v3 * Saunalahden Serveri CA * Secure Certificate Services - Comodo CA Limited * Secure Global CA * Secure Server CA - RSA Data Security, Inc. * SecureNet CA Class A * SecureNet CA Class B * SecureNet CA Root * SecureNet CA SGC Root * SecureSign Root CA1 * SecureSign Root CA2 * SecureSign Root CA3 * SecureTrust CA * Security Communication Root CA * Servicios de Certificacion - A.N.C. * SIA Secure Client CA * SIA Secure Server CA * Sonera Class 1 Root CA * Sonera Class 2 Root CA * Staat der Nederlanden Root CA * Starfield Class 2 CA * StartCom Certification Authority * Swisskey Root CA * Symantec Root CA * TC TrustCenter Germany Class 2 CA * TC TrustCenter Germany Class 3 CA * TC TrustCenter Class 1 CA * TC TrustCenter Class 2 CA * TC TrustCenter Class 3 CA * TC TrustCenter Class 4 CA * TC TrustCenter Time Stamping CA * TDC Internet Root CA * TDC OCES Root CA * Thawte Personal Basic CA * Thawte Personal Freemail CA * Thawte Personal Premium CA * Thawte Premium Server CA * Thawte Primary Root CA * Thawte Server CA * Thawte Time Stamping CA * Trusted Certificate Services - Comodo CA Limited * TURKTRUST Certificate Services Provider Root 1 * TURKTRUST Certificate Services Provider Root 2 * UTN - DATACorp SGC * UTN-USER First-Network Applications * UTN-USERFirst-Client Authentication and Email * UTN-USERFirst-Hardware * UTN-USERFirst-Object * ValiCert Class 1 VA * ValiCert Class 2 Policy VA * ValiCert Class 3 Policy VA * Verisign Class 1 Public Primary CA * Verisign Class 1 Public Primary CA - G2 * VeriSign Class 1 Public Primary CA - G3 * Verisign Class 1 Public Primary OCSP Responder * Verisign Class 2 Public Primary CA * VeriSign Class 2 Public Primary CA - G2 * VeriSign Class 2 Public Primary CA - G3 * Verisign Class 2 Public Primary OCSP Responder * Verisign Class 3 Public Primary CA * VeriSign Class 3 Public Primary CA - G2 * VeriSign Class 3 Public Primary CA - G2 * VeriSign Class 3 Public Primary CA - G3 * VeriSign Class 3 Public Primary CA - G5 * Verisign Class 3 Public Primary OCSP Responder * VeriSign Class 4 Public Primary CA - G2 * Verisign Class 4 Public Primary CA - G3 * Verisign Secure Server OCSP Responder * Verisign Time Stamping Authority CA * ViaCode CA Data * Visa eCommerce Root * Visa International Global Root 2 * Xcert EZ by DST * XRamp Global Certification Authority If you're currently developing in the sandbox environment but aren't seeing callbacks to your HTTPS callback URL, you can use HTTP in the callback URL until you begin integrating into production. ---------------------- OK - here goes...Google checkout seems to only be compatible with single root SSL certs like Rapid SSL, Geotrust, verisign, etc. The support team at Comodo tell me they can issue a certificate on the correct root for GC, one just has to let them know upon ordering that they need the cert to be compatible with GC. Chained Root certs like XRamp, Comodo (unless they fix it), etc. are not compatible in the Java/Sun environment. Chained root certs Here is what XRamp told me: It appears that the certificate is being rejected by the Sun/Java program at Google. Currently all certificates with the GlobalSign Root are not trusted by Sun/Java. This has to do with the fact that Sun has chosen not to include the GlobalSign root's in its store. So, in short, our certificates will more than likely not work with the application you are trying to interface with.. Chained root certs are not as trustworthy and stable as single root, hence they do not work with many applications. for more reading on the subject, you can check this out: http://www.freessl.com/ssl-certificate-support/ssl-faq.htm Hope this helps! Paige