First, I'd like to take a moment to thank EVERYBODY at this board. Everyone here is most helpful and knowledgeable and I know I speak for many others that it's great there is a place like this we can turn to when we need help.

That said, here's my question.

My client's site is currently hosted at AIT where they provide a free secure server for people using their proprietary shopping cart.

I want to transition him off that server and onto an Alabanza-based server. My question in this thread is about secure certificates.

Fine. I move my client to an A-based server. He wants secure shopping. He has to get his own cert. Understood.

Problem is he also wants to open two more domains, each with an e-commerce storefront.

Does he have to buy three certs? One for each domain?

Or can I just install the same cert on three sites? It's the same business.

OK. Third question. What if I bought my own cert and installed it on a special domain I bought just for that purpose - something secure sounding like secured-and-protected.com. Could I then provide FREE secure SSL hosting (just for their checkout processes) for my clients on other Alabanza-based accounts?

Any advice would be helpful.

Thanks in advance,

Sean

Will those extra domains be pointed somewhere on the main account? If they are, I think there's a way to make the server see them as having permission to use the same certificate. I'm not a guru on all the nitty gritty stuff, but that's something I picked up from someone with more knowledge than myself. For your own certificate and providing the use of it on a differnet domain, I have no idea. I suppose it's possible, because I've seen hosts that do it. But since you're on Alabanza it might get weird, especially if it's a reseller account and you don't actually lease the server yourself, which you don't specify.

No matter what a simple fact remains, a certificate can only be installed on a single domain.
Correct me if I am wrong please.

He could put order pages on the domain that has a certificate.

To answer your third question, you can.

Installed on one domain, yes. But I know of one person who had three additional pointed domains under his main account and his host managed to make the certificate available to all of them to use without having to do someotherdomain/user/somepage.htm - he could just use hisdomain/somepage.htm instead and the system used the same certificate.

Thanks for the reply.

1) "Will those extra domains be pointed somewhere on the main account?"

I had originally thought of setting up separate domains for each of my client's sites.

"If they are, I think there's a way to make the server see them as having permission to use the same certificate."

But maybe I'll have to rethink it and create the 2nd and third sites as subdomains and look into how you can share certs within the same account.

2) "For your own certificate and providing the use of it on a differnet domain, I have no idea. I suppose it's possible, because I've seen hosts that do it. But since you're on Alabanza it might get weird, especially if it's a reseller account and you don't actually lease the server yourself, which you don't specify."

I'm a reseller for HostingMatters. Since I don't have my own A-server I can see "it might get weird", too.

Hmmm. << thinking furiously and it hurts >>

Sean

Originally posted by spcover
OK. Third question. What if I bought my own cert and installed it on a special domain I bought just for that purpose - something secure sounding like secured-and-protected.com. Could I then provide FREE secure SSL hosting (just for their checkout processes) for my clients on other Alabanza-based accounts?

I think this might be your best bet for a few reasons. One, your client currently doesn't use secure.theirdomain.com now anyway, so chances are this would satisfy him. Second, you could use it for his other domains. Third, you could use it for you, and any other clients that you host.

It costs more, but not more than putting a secure cert on each site...

$500 server-wide secure cert. You might be able to find it for less...
https://www.equifaxsecure.com/digitalcertificates/dc_webservcert.html#Wildcard

Ohhh, I dunbno about the whole, you are a reseller thing, what you can control, what you can't, how that might affect things, etc... look into that first.

[Edited by Chicken on 02-15-2001 at 11:27 AM]

Hello
If you have your own server then one certificate will cover all sites on that server using the root address (i.e. not their domain, but yours)

Ours are adressed like https://red.srv2.com/~user/file.html
and this is how the cart check out pages are addressed on individual accounts.

I am pretty sure you can get a wildcard certificate from Thawte at the standard rate (it was an option on the order form when i ordered my last one)

Gordon

Hi,
It is possible to share that cert server wide?
I think hostmatters has a server wide cert. with a choice to use it or not?
We do too....the cert is for host.blabla.com
They can purchase their own or use ours?
Good Luck!

one domain = one cert. best case scenario get a cert for the IP and use IP's when buying stuff, that way you can share it. We have 1 cert shared among a bunch of domains but they get a warning in IExplorer / Netscape when using the same one.


James R. Clark II
Nethosters Inc.
http://www.nethosters.com

I think Hostmatters offers a server-wide cert with a name like "host.hostmatters.com"

I'd prefer one that did not identify I am a reseller for another company.

That's where AIT was pretty smart. Their server-wide cert was named "security-one.com", I think.

Sean

Yes
Thats why we registered a seperate domain for naming our servers (srv2.com) it places us one step away from the end user and allows the resellers to fit in between.

However (and its a big however) you can't get an anonymous secure certificate so if anyone clicks on the padlock they can see our address (although its in the name of our real company name rather than one of our hosting brands)

Gordon

Originally posted by jic
We have 1 cert shared among a bunch of domains but they get a warning in IExplorer / Netscape when using the same one.

I might be wrong, but I think that indicates that it isn't set up properly if you purchased it as a shared cert. ???

I don't think Alabanza give you much choice about the server name, do they? I mean, I know Ultraspeed, or Ventures Online now, ask you what you want to name the server, but I doubt Alabanza does that (or many others, in fact). Of course, if they're that concerned about it, why the heck don't they just go get one? It's only like $80 or so at Equifax, right? People who are serious bout their business will skip the middle stuff and go right to the solution: don't like shared certs? Go get one of your own. Simple, really. The other solution is to just use the IP address instead of the name. Also simple, and provides a little extra anonymity unless somebody gets a wild hair and looks it up. The latter is what I did with one host who had a server-wide and let everyone use their certificate. No complaints, no questions from people who we through the secure page. I think people tend to make things more difficult than they really need to be. (Not you, Sean - that's just another general, rambling comment courtesy of yours truly.)

I don't think Alabanza give you much choice about the server name, do they?
They don't care what domain you use for the server, but they do pretty much insist on naming each one according to their convention, so you end up wth host.something.com, host2.something.com, etc. But you can choose the 'something.com' part of it. We chose a generic name for our servers just for the reason of shared SSL not showing '5DollarHosting'. Wouldn't go over too well with the Resellers... And same as Gordon, we registered the cert in the name of our parent corporation just in case some Reseller's customer got nosy.

We use Thawte certs, and they cost $125 per box, plus we secured the DSM too (back-end admin panel). The user ends up with a path of

https://hostx.something.com/theirdomain/document.

Very few of our clients have gone to the trouble of buying their own cert, since the only thing it really gets them is the ability to use https://theirdomain.com.

Well, thanks to everybody for helping out on this thread. I've learned a lot.

From what I've learned so far, my client can do one of two things to avoid buying multiple certs for his three online stores.

1) We can set up his three sites on one IP address, using subdomains for two of them. He can then buy one cert using the IP address as the identifier. That one cert should cover all three stores just fine.

2) He can use the server-wide cert. But in order to avoid showing visitors https://host.hostingcompany.com, we can use the IP address instead and refer to the clients secure documents as https://123.123.123.123/clientname/checkout-doc.html

Did I say that all right? I think I can work with that.

Thanks a lot,

Sean