client wanting secure (ssl) form

[ramjet]

i've read all the posts i can find on ssl, and just wondering if someone can tell me if my assumptions are correct....
(i'm an ssl virgin!)
My client has a site, and wants a simple cc order form which he will process manually....
My options are:
1) make him purchase a certificate, install it and everything will work fine?
2) generate a temp certificate, and it will work, but tell the person ordering that it's not a trusted cert?

I take it i CANNOT purchase a cert myself and have him use it, due to the lack of shared ssl support.

This all seems very limited... am i missing the point completely?
All i want is to offer clients the use of ssl for simple forms at no cost to them, and preferably none to me either. The best way is...???
thanks, murray.

[Brangwyn]

Thats pretty much how I understand it.

Option 1 really is the best, anyone signing up for your hosting that is wanting to setup any form of secure ordering should already be prepared to front up for the cost of a certificate imo.

Certificates is what we all should be reselling imo, now if there aint a money making scheme I don't know what is !

[ramjet]

you're certainly right Brangwyn - it's a rort!

"ChainedSSL Certificates are compatible with Internet Explorer 5.0+, Netscape 4.7+, Opera 5+ and AOL 5+. ChainedSSL certificates use chaining technology and requires the webserver to be SSL v3 or above compatible, which is the majority of all popular webservers. This is why certificates issued using chaining technology, such as ChainedSSL, are ideal for websites conducting low volume and low value transactions."

Are we SSL v3 compliant?
Matrix, I read you offer certs, but i can't find where.
What price cheapest wildcard and cheapest single through you?

Anybody know of better value than freessl.com (who are NOT nor anywhere near free!!!!) or any reason not to use them.

All help and advice graciously accepted,
murray.

Murray, Yes, Chained SSL works just fine, a number of people use them. I do not believe I would use FreeSSL now just because they are no longer free, yet still call it "freessl" which is just a scam, I have used FREEssl when it was FREE, and they are good, but now that they have gone back on their free, I would use a different "company" even it if comes from the same root chain.

[ramjet]

Thanks Stephen,
Is the install process difficult with chained certs on Matrix?
They seem to ask about prior experience in installing them a fair bit.
(and yes, FreeSSL should change their name to LyingBloodyBastardsSSL)

[Brangwyn]

Quote:

LyingBloodyBastardsSSL

ROFL !

They still are cheap though, so maybe just rename to cheapssl.com ?

[ramjet]

Not what I call cheap, believe me I have a nose for cheap...
BTW what's ROFL?
did you just burp?

Rolling on Floor Laughing, or Burping, never thought of that, sounds like a big one!

No, they are not hard to install, you can do it all formt he CP, just cut and paste. Generate a CSR (Certificate Signing Request), paste it at the place you will be buying, they will generate the CErts, chain authority, anything else that you need, and you take them and paste in the CP. (I found notepad workd well for opening the CERT files they send you, windows has a program that wants to open them, not very useful, unless you are installing locally)

[Brangwyn]

Quote:

Not what I call cheap

They're $35 arent they ? most other places start closer to $70

Brangwyn, they are not worth $35 to me, they still pop up with a Warning message for $35, not worth it. (Well on quite a few browsers anyway, not all)

[ramjet]

I was going to say spew, but burp sounded so much more civilised.
My concept is that i get a single chained cert from FreeSSL (they do seem cheapest) and install it on my service domain (alphahost.net).
That way if any smaller clients require a secure form, i have them put the form (not the site, just the form) on a folder I create by ftp sub-account within the service domain, so that they will also be able to upload/access this with FTP.
So their secure form will reside on https://myservicedomain.net/secure/t...heirform.html.
The transition should be seamless as the cert is trusted.
Their form would then access https://myservicedomain.net/cgi-bin/.../formmail.cgi, and send the data to the form recipient's mailbox.
I figure this way I only need one single cert and a bit of labour to offer access to proper shared (trusted) SSL.
Am i on the right track, or a complete plonker? (its ok, i can take it!)
Question: will the formmail allow the form to be sent to a mailbox outside of my servicedomain (ie the clients webmail)?
Another question: the data is only encrypted as far as the mailserver isn't it? So whats the point of all this EXPENSIVE SSL security? Is there another step required to encrypt the data all the way to their pop box or further.
thanks in advance...

[ramjet]

whoops, i missed a couple of posts....
brangwyn, i guess they are comparatively (its the tightwad in me thats talking) .... i can't find any for less.
landiserve, in light of your post "they are not worth $35 to me, they still pop up with a Warning message for $35,".... i'm trying to find the cheapest cert that ABSOLUTELY DOESN'T do this.... not knowing much about ssl it's hard to determine what type i need, but i thought chained root certs WouldN't do this. Any advice guys on the sort of cert i need to get to ensure no (absolute minimal) alerts to the "shopper".
H-Spheres free temporary SSL cert system is great if i don't mind the security warnings, as is the cert system run by CACert (www.cacert.com), but it seems that due to the hype over encryption even little customers want a seamless transition to https.
i think i'm raving.

ramjet, with FreeSSL's (used to be free, when I got it) you did not get the Chain authority code that made it a "trusted chain"

You can test out and see if the warning pops up for you or not:
https://cp.landiserve.com:8443

also, as far as transmitting the information, I woudl NEVEr do that, I woudl write a script that emailed them that they needed to login and check their secure database/text file/whatever and have the "formmailer" actually be a form to DB (encypted text) that they can login to and check the message/order. Much more secure that way.

BTW, you are getting they hang of my idea on Shared SSL, you desribed it pretty well there.

Also, if you would like to ask me questions "live" about this you can get my IM info from my footer, or I can get you my ICQ in private message.

[ramjet]

haven't got icq, or im only email.... up until joining matrix i hated written communication, i'm not even that keen on talking on the phone!!! (sad old bastard really). Here will do. I like the idea of this board.
"BTW, you are getting they hang of my idea on Shared SSL, you desribed it pretty well there."
Thanks Stephen, but i'm still not quite clear on it yet... (this is WHY i like this board). Security and certs and encryption etc are yet another thing to add to my "to learn" list.

Your cert pops up an alert to me (not trusted) on IE6.0.28, and its a Freessl chained cert yes? The same type they now sell for $35?

"ChainedSSL Certificates are compatible with Internet Explorer 5.0+, Netscape 4.7+, Opera 5+ and AOL 5+. " - from FreeSSL

Another reason for their impending name change to LyingBB?
Or is it my settings somehow? Or your cert is different?

I'll digest your database idea further, in the meantime any suggestions on a more ubiquitous cheap cert option?
murray.

[Wonderer]

After much reading etc.... I'm going to use the Comodo Certs offer up on http://www.instantssl.com/

They start at $50 and go up from there. The price is low for the market, they have a 99+% browser recognision. they even offer resel programs now for private label discount cert selling.