SSL Certificates
Yesterday, my resume grew by one bullet-point and although tech-related, it was in an area I have been purposefully letting others take care of - eCommerce. As an Information Technology generalist, I know my limitations and their realization has often come to me after I've earnestly tried to "give it my best shot", but ended up putting in too much time and trouble for very little gain. Network cabling is one of those areas where I'd just as soon pay someone to get it done than do it myself; web design and web programming are others. One of my clients is a business that provides worship resources to churches and recently, they brought their eCommerce website in-house. The migration went very smoothly, performance and reliability increased, but there was one small item that eluded the web programmer - how to make the little lock on the browser appear when a customer made a payment. Welcome to the world of SSL Certificates.
Because no one had any answers and customers were starting to voice their concerns, I volunteered to research how to make the secure area of a website, at the very least, look secure. My first round of Google searches pointed me toward Verisign as the de facto purveyor of SSL certificates, but for $1,000 - you gotta be kidding me! Some of those searches around Verisign also led to accounts of questionable business practices, price gouging and overall difficulty in working with the company. Another trip around the Google world turned up weak SSL comparisons, supposedly *FREE* SSL certificates by companies with names like "Pablo's SSL Certificate-dot-com", and about 90% of the time, I was really being sold a product rather than having it explained and objectively recommended to me.
Finally, two days later, I hit a wellspring of good information when I entered the phrase "which SSL" into the search field and came up with www.whichssl.com - DUH! Here I gained a valuable lesson in SSL technology, learned the different applications for low assurance and high assurance certificates, and was introduced to such terms as "browser ubiquity". This site was answering my questions at every turn and it really seemed (and I believe that it really is) and objective site. I was a little bummed to find out afterward that WhichSSL is a resource provided by one of the SSL providers that ended up on my short list. Nevertheless, I had found what I was looking for.
So now, my client has a trial certificate on their website for 30 days provided by the Comodo Group. It was relatively easy to request, very fast in issuing and after a Wizard and a few mouse clicks in IIS 6.0, the website now shows the tiny golden lock that is bringing back customer confidence. You have no idea what happiness that little icon is bringing to me :) Incidentally, if they decide to purchase from Comodo, the price would be either $79.99 per year or two years for $124.99.
2 Comments:
Did you look into having the client publish their own SSL cert?
Rather than pay Verisign ridiculous $$ we just rolled our own for our OWA access.
Though for that low price Comodo looks pretty slick. Let us know how it goes.
So far so good. I had looked into doing the "self ssl", but it was only advised for things like OWA. I figured since the real application was for credit card payments, I'd need something with some assurance. This gives us $100,000 protection.
Post a Comment
<< Home