Best SSL Certificate for Oscommerce ?

[fuzioneer]

I am in the market to get an SSL Certificate for my store, its using epdq atm so doesn't really need it, but i am looking to move to another payment gateway maybe datacash

Any recommendations ?

 

[jdpos]

128 bit SSL is best really.

 

[brownie]

I use Geotrusts RapidSSL from http://www.trustico.co.uk/ at £9 per year.

 

[mke]

CAcert is free.

Essentially, what's under the bonnet is the same for all of them. The "which certificate" question should actually be phrased "which authenticator", which is the bit which stops the nasty error message showing up in browsers when you don't use an authenticating authority or your renewal is out of date. The software itself is pretty well generic, whoever authenticates it.

 

[brownie]

CAcert is free.

Not sure why anyone would currently use a CAcert on a commercial ecommerce site when the majority of visitors OS's or browsers don't support it so will have to go through importing it into their certificate store.

http://wiki.cacert.org/wiki/InclusionStatus

 

[mke]

Looks very out of date to me. Ubuntu, for instance, is my preferred desktop OS and we still have a 6.10 left. No problems there.

 

[fuzioneer]

"which authenticator", which is the bit which stops the nasty error message showing up in browsers when you don't use an authenticating authority or your renewal is out of date.

ah so which authenticator then mke ?

 

[mke]

CAcert is free and Open Source, so it has a top team of volunteer developers spread across the world. I use it myself and recommend it to my clients, especially the start ups who have not got two halfpennies to rub together, but also for wider use.

brownie does have a point in that Hawte's and Verisign's price tags are "justified" by them being built in to, e.g. IE's recognition system rather than having to click on the allow button. But that is so minor as to be worthy of ignoring in my view. Only the most paranoid and technophobic surfer would take any notice whatever of that.

 

[LondonJes]

i would like some advise as well please

 

[mke]

Might help someone to offer advice if you tell them what yuo would like advising on, Londonjes? If it's confidential, you could try sending me a PM.

By the way, my name is Mike - mke was a typo when I signed up, although I doubt I would have got username mike anyway.

 

[DavP72]

I have been using CACert on my shopping cart website for a couple of months now.

Most of my visitors are using Internet Explorer but the browser doesn't recognise CACert as a trusted certificate authority.

Somebody on this forum posted a message to me this morning to say that when they click View Basket the security message put them off buying one of my products

" Like the website - I just tried to buy one of your butterfly kites but got the following when clicking on "View Basket":

There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

It put me off a little bit! "

I am definately considering changing my certificate.

Dave

 

[brownie]

Just change it, your website certificate needs to be issued by a CA that is universally trusted by the majority of your visitors.

Like it or not to ensure the majority of your visitors will not have issues the CA needs to be Thawte, Verisign, GEOTrust, etc.

I've posted earlier in this thread the cheapest way of sorting this out.

 

[valdor]

You can get a thawte ssl certificate for £25 a year, not sure if this is cheap or not.

 

[DavP72]

You can get a thawte ssl certificate for £25 a year, not sure if this is cheap or not.

looked on thwate dot com/pricing/ page and couldn't see one for £25. The cheapest one I could see costs $149.00 (£75)

 

[DambTech]

Look at servertastic.com the one we just bought cost $15.00.

Yes! $15 USD (about £8.00)

 

[DavP72]

Look at servertastic.com the one we just bought cost $15.00.

Yes! $15 USD (about £8.00)

I'm shocked!

How can some of these companies justify charging approx £400.00 a year when these guys can do it for £8.00

Thanks for that by the way.

 

[DambTech]

Don't know how they do it, but some do.

RapidSSL is a 128/256 bit single root SSL certificate. RapidSSL.com owns the root used to issue RapidSSL certificates making it a stable SSL offering.

The above is from there website and that price is not bad for 1 year, you do have the option to purchase for longer.

Dave

 

[DavP72]

Hi Dave,

Do you know if the RapidSSL certificate is authenticated for use in IE6+ ?

I had errors using the CACert cerificate with IE6 & IE7 as they are not trusted certificate authority, although most people are viewing in IE7.

Thanks,
Dave

 

[DambTech]

• Single root certificate
• The lowest cost single root install SSL certificate available
• Multi-year savings available - 1, 2, 3, 4 and 5 year certs available
• Automated two step online validation - no paperwork
• $10,000 warranty
• 99% browser recognition rate, no chained installation
• Fully supported - tel, web, email - 1am to 9pm EST
• Strong 128 bit encryption, industry standard SSL
• FREE "Secured by RapidSSL" site seal
• Risk free: 7 day refund and reissue policy
• RapidSSL.com owns the root used to issue your certificate

https://www.servertastic.com/rapidssl/

Take a look.

 

[brownie]

Do you know if the RapidSSL certificate is authenticated for use in IE6+ ?

I had errors using the CACert cerificate with IE6 & IE7 as they are not trusted certificate authority, although most people are viewing in IE7.

Thanks,
Dave

Read my post on the previous page, RapidSSL certs are single root certs issued by the root CA GEOTrust so are compliant with all versions of windows, www.trustico.com will sell you one for £9.

 

[DavP72]

Thanks for clearing this up guys. It's reassuring to hear it from experts first.

Dave

 

[mke]

Thanks for the feedback on CAcert, DavP72. That's very useful. Shows the volunteers there have a lot of work to do and the OS "community" shouldn't be shouting quite so loud just yet.