Results 1 to 11 of 11
  1. #1
    Join Date
    Jan 2002
    Location
    UK
    Posts
    1,541

    Shared SSL certs?

    Hi,
    Ive just been looking on the thawte site, and i also know of geotrust etc.
    What i want to know is, if i buy an ssl cert from them can it be used as a shared cert for all my customers or do i have to bu a special cert for that?

  2. #2
    Join Date
    Apr 2002
    Location
    USA
    Posts
    5,779

    Depends

    on how you want to set it up.

    You can secure the main IP and server name then your customers can address their sites https://server.yourdomain.com/~username/

    Or you can secure a site and then give your customers sub domains on it and they can address it https://securesite.com/user

    Either will work using a standard cert. I use both methods for my customers the first method is good if a customer has a shopping cart that switches to secure mode on check out the other way works good if they have forms they want to host in a secure area.

  3. #3
    Join Date
    Jan 2002
    Location
    UK
    Posts
    1,541
    Thats good, at present i use one that is www.securesiteserver.com/username or something similar

  4. #4
    Join Date
    Dec 2001
    Posts
    186

    Shared

    It should also work if you open up port 443 and allow SSL connections to their site, so they *can* go to https://domain.com, but it'll give you a popup about the sitename differing from that of the name on the cert.
    - joey

  5. #5
    Join Date
    Nov 2001
    Location
    London
    Posts
    4,857
    Certs are pretty standard in terms of how they are used. You can buy a Geotrust / Thawte cert and use it for your own, private use, or for a shared certificate, that is used server wide.

    Matt
    Matthew Russell | Namecheap
    Twitter: @mattdrussell

    www.namecheap.com - hosting from a registrar DONE RIGHT!

  6. #6
    Join Date
    Apr 2002
    Location
    Sacramento, CA
    Posts
    220
    Before you decide to purchase the Cert read all details. Taken from verisign whitepaper (http://www.verisign.com/isp/shss/wp-shss.pdf):

    Transaction liability
    The Certificate Authority (CA) issued the SSL certificate to the ISP after extensive authentication of the ISP's Organization and Common Name. Certificate-knowledgeable persons purchasing an item from the merchant over the SSL session understand that because the ISP has been authenticated for the Server ID securing the transaction, the ISP is responsible for processing the payment submitted to the Web site and for the fulfillment of any order that has been paid for through the Web site. In shared SSL applications, many end users think they are doing business with the merchant's site and are not aware that they are really doing business with the ISP's site. Simply put, users and even ISPs do not understand that ISPs might be assuming liability for the transaction.

    Loss of warranty protection
    CAs like VeriSign provide up to $250,000 in NetSure warranty protection, which guards digital certificate holders against fraud, misuse, theft, or impersonation of their certificates. Lloyd’s of London, one of the world’s largest, A-rated insurance confederations, backs the NetSure warranty. However, the terms of the NetSure plan only include warranty protection for the organization listed in the certificate. In the event of a problem, the merchant would not be protected, as the certificate was issued to the ISP and not to the merchant. Furthermore, the ISP would not receive protection, as the certificate was being used by an organization other than the ISP.


    The reason Verisign does this is to try and get you to purchase their shared cert (alot more than a standard cert). You can see their multiple cert info at: http://www.verisign.com/isp/shss/index.html

    Pretty much all of them have something similar to this, you just have to find it.
    Joel Strellner

  7. #7
    Join Date
    Jan 2002
    Location
    UK
    Posts
    1,541
    Thanks for the info guys, much appreciated

  8. #8
    Something else nobody has mentioned is a wildcard SSL cert.

    This would allow you to get one cert and then share that to your customers only on a subdomain basis.

    With the wildcard cert you can have an SSL site as follows:

    SSL cert assigned to *.yourhost.com and you can have SSL servers for each of your customers as:

    customer1.yourhost.com

    customer2.yourhost.com

    A little bit more professional appearance in my opinion...

    hostinggeek

  9. #9
    Join Date
    Apr 2002
    Location
    Sacramento, CA
    Posts
    220
    Originally posted by hostinggeek
    Something else nobody has mentioned is a wildcard SSL cert.

    This would allow you to get one cert and then share that to your customers only on a subdomain basis.

    With the wildcard cert you can have an SSL site as follows:

    SSL cert assigned to *.yourhost.com and you can have SSL servers for each of your customers as:

    customer1.yourhost.com

    customer2.yourhost.com

    A little bit more professional appearance in my opinion...

    hostinggeek
    The problem with wildcard certs is that alot of older browsers do not support them (only Internet Explorer 5.01 and Netscape Communicator 4.7 and newer do), therefore giving errors to the users with out dated browsers. Also, some older server OS's don't support them.

    They also do not allow 128 bit encryption (SuperCert), only 40 bit which is considered "weak" encryption.

    The only signer to my knowledge that supports wildcard certs is thawte.

    Unfortunately, in my opinion, wildcard certs are to new to provide a viable option to encryption.
    Joel Strellner

  10. #10
    Join Date
    Jun 2002
    Posts
    146
    and they cost a lot.....possibly beyond the reach of most hosts here.

    Anyone know of any host who offer their wildcard SSL cert to their customers?

  11. #11
    gearhost.com offers a a shared SSL cert.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •