Regarding SSL, I have the need of putting a registration code generating script on my server. The script will require a "seed" and be password protected. The reason I need SSL is that I need to access this script from different machines and I don't want the transmission intercepted.

I'm not really interested in what the url looks like (ie https://someotherdomain.com/myusername/file.html is fine) and there are no questions of trust as I'm not going to ask others to use it.

Do a lot of hosts offer this? A lot seem to offer $100+ to get you a certificate and only a few seem to explicitly mention "Shared SSL". httpme actually openly say they don't do it - the reasons are valid but don't apply to me - unless there's a much simpler solution to my requirement that I'm missing.

How common an offering is shared SSL?

There aren't any free hosts providing this are there? It would be good to have this sensitive script disassociated from my main site.

Shared SSL could be sufficient especially when you don't need MySQL or other databases to be on the same server.

I'm sorry I don't see what SSL has to do with MySQL...:confused:

One of the more popular control panel systems that I and many other hosts use, Ensim, has support for Shared SSL.. So, I've seen quite a few other hosts that also offer it.

The problem with Ensim's Shared SSL is that you can't access your cgi-bin through it by default. I have custom configs for my customers to do this. Or, you could have your script generate the "secret data" after being initiated from a non-secure HTTP request, and then pick up the "secret data" in a file generated by the script via HTTPS.

if you explain this to your host, they may be able to just set you up with with a dummy certificate... it'll generate the usual error messages, but you can ignore them, it'll still be secure... you'll just have to tell your browser to trust yourself... :)

i'm not sure if that'll present any problems with your script though, but perhaps it's an option to consider...?

Originally posted by i am a
if you explain this to your host, they may be able to just set you up with with a dummy certificate... it'll generate the usual error messages, but you can ignore them, it'll still be secure... you'll just have to tell your browser to trust yourself... :)


Thanks - this looks worth pursuing. I'll check out before I sign up for anything.

BTW this reminds me - a tad off-topic so I apologize in advance:

"Don't trust Microsoft! ...advise Microsoft"

http://theregister.co.uk/content/55/28215.html

(bottom paragraph)

VenturesOnline used to have shared ssl with that ugly URL you are talking about. example: http://theirsecureserver/~yourusername You will have to check and see if they still do.
I think httpme is better as far as server performance is concerned though.

httpme expressly don't offer shared SSL.

http://httpme.com/plan_page.htm

Most shared SSL doesn't have the ugly url. You just have to add "s" to https:// and it will automatically be encrypted. What is meant by shared SSL in these instances is that the website domain will not be yours on the certificate. But it will say the page is secured.

I think most shared SSLs are in this form, http://theirsecureserver/~yourusername.

Toolz, I know httme doesn't offer shared ssl. I didn't mean to imply that they do. I only mentioned them because he did, and in my opinion I wouldn't chose VO over httpme just because they (VO) offered shared ssl.

Originally posted by silversurfer
Most shared SSL doesn't have the ugly url. You just have to add "s" to https:// and it will automatically be encrypted. What is meant by shared SSL in these instances is that the website domain will not be yours on the certificate. But it will say the page is secured.

Your statement contradicts itself. if you just add a "s" to your URL then it is not shared SSL.

The reason that shared ssl looks ugly is because your browser checks the URL in your address bar against the URL in the cert, and if they are different, you will get a warning message. So, ALL shared ssl will be ugly (ie... https://yourhost.com/~yourusername/ ). There simply is no way to get around this short of installing your own cert signed by a trusted CSA.

You can obviously install a self signed cert and view it via your domain, or use the shared cert directly via https://yourdomain/ (if your host supports that) but either way you'll get a popup.

Anyway, I agree with httpme, most professional ecommerce sites will get their own cert for their URL... but it is a nice option to allow people to choose to use shared ssl or buy their own cert rather than forcing them to buy their own cert.

If you choose to buy a cert... consider going with a chained cert from www.freessl.com . Only $15/year which aint too bad. I purchased one about a week ago and have had no complaints thus far. ;)

Originally posted by silversurfer
Most shared SSL doesn't have the ugly url. You just have to add "s" to https:// and it will automatically be encrypted. What is meant by shared SSL in these instances is that the website domain will not be yours on the certificate. But it will say the page is secured.

I'm quite sure you're mistaken - at least re "most...". Access through a url https://yourdomain.com/ewrergre is usually impossible unless you've asked the host to install a certificate (that you bought) isn't it.

However it works it's still worth looking into though - from these posts it sounds like it's no sweat for most hosts to offer you a "cludge".