I would appreciate some help with the following as I look to using a secure server.

1. When a host shows "SSL" on the list of features, what does this mean? Do I have to buy my own SSL certificate, or does this mean I will immediately be able to use secure pages.

2. I have tested a site where they offered a shared SSL certificate - but when I went to a secure page, a box came up saying something about the name on the certificate didn't match the name on the site. Will this always happen when a shared certificate is used - or is just in the way they implemented it?

3. If I want to buy my own SSL certificate - what features do I need to make sure I have on the host. Can I install it myself or is that something the hosting company has to do?

4. Lastly - my current host stated that they offered shared SSL certificate - but when I tried to use a secure page - the box pops up that says the certificate was issued by a company you have choses not to trust and the name on the certificate doesn't match the name of the site. When I View Certificate, it show that the certificate was issue to www.domain.com and issued by www.domain.com - What's this about - the hosting company issued their own certifiate? I don't think I want my customers to see this box before they are asked to enter credit card information.


I appreciate your help for a newbie with secure pages.

I am wondering the same thing. Gearhost.com has this happen when I go to their site. If it's gonna pop up and warn you that you can't trust the person that's using it that can be just as harmful to your business than not using it in the first place.

Short answers:
1. depends
2. Implementation
3. depends
4. probably
:rolleyes:

Long answers:
1. This depends on how their servers are setup, basically all it means is that they support the usage of SSL certificates with the account you get, but the details depend on the particular host's setup.

2. The implementation could be either that they use a common certificate issued to a common domain name, or that they issued certificates themselves, either of these will always result in a error box. The other option is if they use a wildcard certificate and then your site is accessed through a URL like http://domain.theirsite.com/ , but is accessing your pages. This is the way my old host did it, and it worked fine except for users with Win2k (no service pack).

3. You need to ask if they support you using your own certificate, and whether you can install it your self or not again depends on the implementation, but typically you have to let them do it.

4. They probably just issued their own certificate, it's not that hard, but it results in the error box you saw.

Thanks.

So it sounds like there is a way that a host can use a shared certificate that will not result in the message box coming up.

What's the benefit of buying my own certificate versus using a shared certificate provided by the hosting company?

1. No you don't. It depends on your host, but normally it means that the company will let you use your certificate.

2. Sound like they screwed it up. There are a lot of people out there that don't know what they are doing.
Sounds like what they did -- they used a certificate that was issued to them -- and applied it to your site.
Well duh, you would get a message like that the certificate simply does not match the site.

3. Your hosting company needs to be willing to do it (to help you as you would need their help) There are no other requirements...

4. You can issue a certificate to yourself there are some open-source solutions. Moreover it probably does the encryption. However, I think it would have a negative effect on end-users.

The way we decided to do it -- we got a secured certificate to a neutral domain -- www.securesrv.com.
Then we give you a virtual subdirectory so your clients would be redirected to www.securesrv\yourcompany
Then we link that subdirectory to your virtual server -- so can easily develop and administer your subdirectory.

This way -- nothing pops up, you have full control over your subdirectory,
the certificate works and everyone is happy.
Yes, end users can find out that certificate was issued to your web-hosting company, but I don't think there is anything wrong with that.

April Sherry
Infosaic Technologies, LLC
asherry@infosaic.com

Affordable Hosting and
Advanced Application Development
www.infosaic.com

The benefit to your own certificate is that some people will trust it more as it is actually issued to you/your company, you can use it with your own domain directly (without any error messages), and won't get any error messages (as compared to trying to use your domain directly with a certificate not issued by a official authority directly to the domain).

Ok, thanks. I'm beginning to understand this more.