Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : SSL Cert.

[cbaker17]

Im just curious how many hosts out there have atheir own *.yourdomain.com ssl certificates that you let your customers use and how many of you request that your customers get their own cert.

[MadMax82]

We are looking at getting our own since the $79 Equifax certificate will supposedly now work with Alabanza. Our low end hosting clients do not want to pay the extra bucks but we have sold a few individual certificates to customers who were running larger sites as an "extra."

[cbaker17]

Are you aware that to provide all of your customers access to that one certificate you would have to buy a wildcard equifax cert. and it costs 500.00

[MadMax82]

It was my understanding that was only the case if they wanted a branded version but that if we wanted to subdivide our secured server space then it would be ok. Downside for them is that the certificate would be branded with our company name. If that is not the case and we are looking at $500 we might have to rethink that issue just a bit.

[cbaker17]

Actually anyone could use the cheap secure server certificate from equifax, thawte, or verisign but every time someone visits your site and it pops up it will come up with a warning in the customers browser that this cert does not match the site, see when you order the certificate they put it to a exact url like http://www.yourdomain.com, anytime someone broswes a site and accesses a secure area using that secure certificate it has to match http://www.yourdomain.com

The more expensive * certificate allows you to use any site with *.yourdomain.com like billy.yourdomain.com or suie.yourdomain.com so you could in essence assign each customer their own subdomain url and that way they wouldnt get the pop up box in their browser.

So to make a long story short yes you will need the more exp. * certificate.

[MadMax82]

Ugh...So you are saying that even if they have a hyperlink to a subdirectory of our secured server that we still need the expensive certificate? For example:

If the customer's online catalog (not secure) has a link on the following page:

http://www.mycustomer.com/catalog.htm

That goes to my secured server like this:

https://www.mydomain.com/user/mycustomer/buynow.htm

That the browser will pop up with a security warning? I thought it would show up fine unless they actually check the certificate and then it would be registered to me. Sorry if I am being dense with this.

[cbaker17]

no no warning would pop up as long as your certificate was registered as http://www.mydomain.com and all url's started with http://www.mydomain.com

[MadMax82]

Ok I thought I understood that. It would appear then that a number of the smaller hosting companies use this method to provide secure space for their customers as I have seen this used on a number of sites. That was how we have upsold a couple of clients to getting their own certificate. Most did not initially understand what the certificate was and why they might need one. I suppose the server wide certificate would be a value added option for our hosting plans as sort of an intermediate step. Ok I too am interested in what other folks use! Anyone else?

[KDAWebServices]

For a server wide Alabanza SSL cert it needs to be made out for host.yourdomain.com (Or whatever you server is called) and then clients can access it as http://host.yourdoamain.com/username/

[cbaker17]

I would double check that I preety sure it needs to be *.yourdomain.com because if you put it as host.yourdomain.com then all would have to begin with that.