Ive just been looking on the thawte site, and i also know of geotrust etc.
What i want to know is, if i buy an ssl cert from them can it be used as a shared cert for all my customers or do i have to bu a special cert for that?
Either will work using a standard cert. I use both methods for my customers the first method is good if a customer has a shopping cart that switches to secure mode on check out the other way works good if they have forms they want to host in a secure area.
It should also work if you open up port 443 and allow SSL connections to their site, so they *can* go to https://domain.com, but it'll give you a popup about the sitename differing from that of the name on the cert.
The Certificate Authority (CA) issued the SSL certificate to the ISP after extensive authentication of the ISP's Organization and Common Name. Certificate-knowledgeable persons purchasing an item from the merchant over the SSL session understand that because the ISP has been authenticated for the Server ID securing the transaction, the ISP is responsible for processing the payment submitted to the Web site and for the fulfillment of any order that has been paid for through the Web site. In shared SSL applications, many end users think they are doing business with the merchant's site and are not aware that they are really doing business with the ISP's site. Simply put, users and even ISPs do not understand that ISPs might be assuming liability for the transaction.
Loss of warranty protection
CAs like VeriSign provide up to $250,000 in NetSure warranty protection, which guards digital certificate holders against fraud, misuse, theft, or impersonation of their certificates. Lloyd’s of London, one of the world’s largest, A-rated insurance confederations, backs the NetSure warranty. However, the terms of the NetSure plan only include warranty protection for the organization listed in the certificate. In the event of a problem, the merchant would not be protected, as the certificate was issued to the ISP and not to the merchant. Furthermore, the ISP would not receive protection, as the certificate was being used by an organization other than the ISP.
Originally posted by hostinggeek Something else nobody has mentioned is a wildcard SSL cert.
This would allow you to get one cert and then share that to your customers only on a subdomain basis.
With the wildcard cert you can have an SSL site as follows:
SSL cert assigned to *.yourhost.com and you can have SSL servers for each of your customers as:
A little bit more professional appearance in my opinion...
The problem with wildcard certs is that alot of older browsers do not support them (only Internet Explorer 5.01 and Netscape Communicator 4.7 and newer do), therefore giving errors to the users with out dated browsers. Also, some older server OS's don't support them.
They also do not allow 128 bit encryption (SuperCert), only 40 bit which is considered "weak" encryption.
The only signer to my knowledge that supports wildcard certs is thawte.
Unfortunately, in my opinion, wildcard certs are to new to provide a viable option to encryption.