Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Turn off system prompt when you url https:// (SSL)

[Fremont Servers]

I have seen a link that takes someone into SSL but they don't get any system bases prompts for going into SSL (https://) area.

How do you turn off that prompt off?

From the same pc, when I go to some sites via https://, it prompts you when you use https://, and some sites don't prompt you when you use https://.

[cbaker17]

huh??? ssl sites arent supposed to prompt you unless theres something wrong with the ssl certificate.

[Fremont Servers]

The ssl certificate that I am using is the default ssl certificate that came with PLESK 2.0.

[Ahmad]

You have to purchase your own certificate.

Try a search in this board for 'ssl certificate'.

[allera]

Did you read the prompts? Plesk doesn't come with a trusted cert, only a self-signed cert. Thus, you'll get a prompt about the cert not being trusted. You'll need to purchase an SSL cert from a trusted company (Verisign, Thawte, etc) for the prompts to go away.

Go to a site where you don't get a prompt and review the cert. Then go to a site where you do get the prompt and review that cert. You'll notice the differences.

[Fremont Servers]

I see now. I actually read the prompt this time.

The problem is you cannot use the same ssl certificate on each domain with unique ip address. You can use the same ssl cert. on as many domains if they use the same ip address.

Therefore, there is no way around this, but to purchase an ssl cert. for each domain if each domain is using a static ip address, am I right? Well, is there a way around this that I don't know?

[chirpy]

More or less, yes.

Each domain needs to have it's own SSL certificate. Normally, in Apache, each domain must also have a unique IP address for the secure server.

[cbaker17]

Actually you can get a star certificate which will allow you to use subdomains so you could use the same cert for multiple domains, but its about 500.00.

[Dedicated]

Or you can just buy one ssl and any domain on the server need's to use the ssl can use https://www.yourdomain.com/~username/

[chirpy]

But beware of falling foul of your agreement with the Certificate Authority if you do that. You're likely to be in breach of contract if you allow other businesses to use your certificate. For example, this would be a breach of contract with the standard Thawte SSL Server certificate.

[Fremont Servers]

I wonder how could web hosting companies offer SSL, if each certificate is around $100-$200/year.

If they use https://www.yourname.com/~username, then wouldn't it violates the Certification Authority like Chirpy said above.

If a host charges $10/month, wouldn't ssl cert. alone exceeds the $10/month.

There must be a general way of doing this without purchasing an ssl cert. for each domain.

Or like cbaker17 said...you star certificate. But how companies out there use this method?

[chirpy]

These days, most hosting companies require the customer to purchase the SSL certificate. What you do, however, is offer the customer the ability to use that (their) certificate on their hosting plan.

[aquos]

In general, when you've got a prompt when entering a HTTPS site is because the cert is not listed as a trusted cert. All of the 'brand name' cert companies are under Tools->Internet Options->Content->Certificates->Trusted Root Certification Authorities and Intermediate Certification Authorities (MSIE).

When the (https) site owner(s) buy/install a cert (from one of those companies), or you import a new trusted root certification authorities and/or intermediate certification authorities, you won't be prompted any more.

[RRolfe]

Quote:

Originally posted by Asia
I wonder how could web hosting companies offer SSL, if each certificate is around $100-$200/year.

If they use https://www.yourname.com/~username, then wouldn't it violates the Certification Authority like Chirpy said above.

If a host charges $10/month, wouldn't ssl cert. alone exceeds the $10/month.

There must be a general way of doing this without purchasing an ssl cert. for each domain.

Or like cbaker17 said...you star certificate. But how companies out there use this method?

if a host is offer ssl included in the package then it is a shared ssl certificate and the urls are normally https://username.host.com
its called a wildcard certificate and normally cost about $500.00

[Fremont Servers]

What is the diffference between star cert. and wildcard cert?
When you say $500, do you mean $500/year?
Last, but not least, where can i get this cert.