Hello.
I own a RAQ at rackshack.net and need to setup on-line store for one of my clients. Client wants to have his own ssl certificate. Could You tell me please what actions should I perform to setup ssl certificate?
Also what is better https://www.clientsdomain.com or https://secure.clientsdomain.com for secure processing?
Does it require IP based hosting or name based will work here?

Thanks in advance.

The secure site will need an IP, and you can set it up either way, though I set it up with https://secure.domain.com personally.

Instructions for either way, RaQ3 and 4:
http://www.equifaxsecure.com/ebusinessid/instructions.html

Thank You very nuch Chicken,

looks like it's not that hard to implement technically.
I need it for my client and the question is: Can I buy the certificate for him myself and what info should I get from client?

Also which company is the best in terms of price?

You can get it for him, though they'll have to call and confirm some stuff I believe. I actually got mine through a member on the forum felix220 (http://www.webhostingtalk.com/member.php?s=&action=getinfo&userid=852) and I can't recall exactly what he needed other than Business Name, State, Name, Address, ummm.... heh. Well, if you go to the CP and attempt to generate a self-signed cert., then you'll see what you need there and it was the same for the actual cert.

Chicken, thank You again.
Just one more question has left:
What is the difference between veresign certificate(349$) and the one from equifax(99$)?

Originally posted by vays
Chicken, thank You again.
Just one more question has left:
What is the difference between veresign certificate(349$) and the one from equifax(99$)?

From what I know, Verisign, Thawte and Equifax all offer perfectly valid certificates.
The downside, with Equifax, is that some browsers (older?) won't recognize the certificate as emitted by an authorized source and will keep bogging their user.

I think Thawte is a decent possibility, it's less expensive than Verisign and their certificates should be accepted by all browsers.

---

Chicken: if the secure site is https://www.clientdomain.com, why do you need an IP address? I thought a distinct IP was only needed when you want to use a different subdomain, because the SSL handshake is performed before the browser header is sent?

Originally posted by cyansmoker

Chicken: if the secure site is https://www.clientdomain.com, why do you need an IP address? I thought a distinct IP was only needed when you want to use a different subdomain, because the SSL handshake is performed before the browser header is sent?

That is actually the reason _why_ it needs an IP address of it's own.

Normally, the browser connect to a specific IP and says that it want pages hosted on "www.domainname.com". The trouble with SSL is, that the SSL handshake is performed before this header is sent. This means, that you can only have one SSL web-site per IP address.

It doesn't matter if it's called "secure.domain.com" or "www.domain.com".

Originally posted by jks
That is actually the reason _why_ it needs an IP address of it's own.


Ow...you know what? This is a misunderstanding: I assumed that Rack-based hosting is IP-based, and what you're saying is that http://www.server.com may not have its own IP. I thought it already had one, so what I meant was 're-use this IP for the HTTPS server; also, call your secure server www.server.com since all name-based stuff should default to this one'.

I think VAIS can do that, right?

Originally posted by cyansmoker

Ow...you know what? This is a misunderstanding: I assumed that Rack-based hosting is IP-based, and what you're saying is that http://www.server.com may not have its own IP.


No, that's not what I'm saying.


I thought it already had one, so what I meant was 're-use this IP for the HTTPS server; also, call your secure server www.server.com since all name-based stuff should default to this one'.

Ofcourse you can reuse the IP.

Also there's no technical reason, why you cannot have:

http://www.domain.com/

and

https://secure.domain.com/

On the exact same IP address.

The name is not important. The important is, that you may only have _one_ name per IP address for the SSL part.

Originally posted by vays
Chicken, thank You again.
Just one more question has left:
What is the difference between veresign certificate(349$) and the one from equifax(99$)?

For the most part, $250 :D