by ep2002
22 replies
Hi,

So I'm thinking about going back to SSLs for a couple of reasons & Go Daddy has a sale on now that's pretty good, but I have 2 questions:

1. Does anyone buy SSLs from some other site?

2. Go Daddy's UMC package that allows for 5 or 10 domains is a bit of a problem in that I don't want people to be able to see all my domains attached to that one cert.

I can't afford to buy a cert for each domain, that's just way too expensive.

Any thoughts?

Thanks
#ssls
  • Profile picture of the author PPG19
    [DELETED]
    {{ DiscussionBoard.errors[10788230].message }}
    • Profile picture of the author ep2002
      [DELETED]
      {{ DiscussionBoard.errors[10788253].message }}
      • Profile picture of the author PPG19
        The 9.99$ one is a Comodo basic, you can check the differences between all the different SSLs on namecheap.
        {{ DiscussionBoard.errors[10788273].message }}
        • Profile picture of the author ep2002
          Originally Posted by PPG19 View Post

          The 9.99$ one is a Comodo basic, you can check the differences between all the different SSLs on namecheap.
          I found sites that were even less than Namecheap, but I didn't like how I was treated during Live Chat.

          I still need to make sure that a $5 SSL is in fact the real thing.
          Signature

          ***Professional Merchant Services Agent at your service. If you are a professional legit company, I'd like to help you get the best merchant account for your company. Please contact me for more details.

          {{ DiscussionBoard.errors[10854769].message }}
          • Profile picture of the author PPG19
            Originally Posted by ep2002 View Post

            I found sites that were even less than Namecheap, but I didn't like how I was treated during Live Chat.

            I still need to make sure that a $5 SSL is in fact the real thing.
            Yes, ssls.com is even cheaper than Namecheap. I buy with them too. Great support as well. It depends on what are you looking for. Contact SSLS support through live chat, they can help you with that.
            {{ DiscussionBoard.errors[10855630].message }}
  • Profile picture of the author George Schwab
    there are a lot offers for $10 right now

    if you need one for multiple domain you have to look for a 'wildcard certificate'
    they cover unlimited domains on the same server. i saw one at whois.com
    Signature

    {{ DiscussionBoard.errors[10855057].message }}
    • Profile picture of the author ep2002
      George Schwab

      My concern is do they work on all browsers, what is their encryption & yes, I have 22+ sites & they don't make me money, so I can't spend even $5 for each.

      Plus I don't want people to be able to see all of my domains under one SSL

      Here's the ones I found during research:

      https://www.cheapsslshop.com/blog/ss...s-and-its-type (rude & ignorant customer service)
      https://www.ssltrust.com.au/
      https://www.ssls.com/
      https://letsencrypt.org/ (I see this one Jeff listed below)
      https://www.namecheap.com/security/s...alidation.aspx
      https://cheapsslsecurity.com/

      Thanks
      Signature

      ***Professional Merchant Services Agent at your service. If you are a professional legit company, I'd like to help you get the best merchant account for your company. Please contact me for more details.

      {{ DiscussionBoard.errors[10855642].message }}
      • Profile picture of the author George Schwab
        Originally Posted by ep2002 View Post

        George Schwab

        My concern is do they work on all browsers, what is their encryption & yes, I have 22+ sites & they don't make me money, so I can't spend even $5 for each.

        Plus I don't want people to be able to see all of my domains under one SSL


        Thanks

        your visitors will not see any difference when you use a wildcard SSL
        and they work for all browsers.

        However, I doubt that you actually need a SSL for all of your 22 sites.
        Do you take private information from your visitors on all of those sites?

        Otherwise you do not need one for sites that just show content,
        just because many sites use one anyway, doesn t mean it makes sense,
        or is necessary. Just another idea everybody follows, and they dont even
        know the reason why. Absolutely only necessary if you take credit card
        payments directly [not using paypal etc] to your bank account. Then yes.
        Signature

        {{ DiscussionBoard.errors[10855812].message }}
  • Profile picture of the author Jeff Hope
    If you find a host that supports LetsEncrypt.org, SSL certs are free, and those will be fine for the vast majority of sites.
    {{ DiscussionBoard.errors[10855627].message }}
    • Profile picture of the author ep2002
      @Jeff Hope - when you say "vast majority" which ones will they not work on?

      Like I mentioned above, my concerns are:

      1. Level of encryption
      2. Works on all browsers
      3. If it's free it doesn't matter, but if it's not, not listing all my domains into one cert so people can see them all.

      Thanks
      Signature

      ***Professional Merchant Services Agent at your service. If you are a professional legit company, I'd like to help you get the best merchant account for your company. Please contact me for more details.

      {{ DiscussionBoard.errors[10855645].message }}
    • Profile picture of the author ep2002
      Originally Posted by Jeff Hope View Post

      If you find a host that supports LetsEncrypt.org, SSL certs are free, and those will be fine for the vast majority of sites.
      Another question - why would a hoster not support LetsEncrypt?

      Thanks
      Signature

      ***Professional Merchant Services Agent at your service. If you are a professional legit company, I'd like to help you get the best merchant account for your company. Please contact me for more details.

      {{ DiscussionBoard.errors[10855672].message }}
    • Profile picture of the author Michael Ten
      Originally Posted by Jeff Hope View Post

      If you find a host that supports LetsEncrypt.org, SSL certs are free, and those will be fine for the vast majority of sites.
      Yes. Let's Encrypt.
      {{ DiscussionBoard.errors[10858377].message }}
  • Profile picture of the author Jeff Hope
    Another question - why would a hoster not support LetsEncrypt?
    1. To try to continue sales of SSL certificates, installation services, and dedicated IP addresses from which they make money. ( Dedicated IPs for most SSL purposes haven't been required in quite some time as most servers can now support SNI. LetsEncrypt requires an SNI-enabled server.)

    2. If a host doesn't use Cpanel or another control panel with easy LetsEncrypt installation, they'd have to provide shell access. That in turn would increase support levels for hosting providers, costing them money.

    1. Level of encryption
    RSA 2048 bits

    2. Works on all browsers
    It's recognized by all modern browsers. My view is that the rare visitor who is still using Netscape or IE6/IE8 isn't my target market anyway. Here's a link to a recent test site from LetsEncrypt where you can see responses from various browsers and operating systems.

    3. If it's free it doesn't matter, but if it's not, not listing all my domains into one cert so people can see them all.
    Yes, all free, certs issued to domains separately.

    If you are wanting SSL at all your sites for search purposes ( i.e. brownie points from Google ), then LetsEncrypt will work fine for that. As George noted above, if you are transmitting / storing sensitive customer data such as financial info between their browser and your server, then you may need a different level of SSL. In fact financial data may even require PCI compliance at the server level, which is a different discussion.
    {{ DiscussionBoard.errors[10856594].message }}
    • Profile picture of the author ep2002
      Originally Posted by Jeff Hope View Post

      1. To try to continue sales of SSL certificates, installation services, and dedicated IP addresses from which they make money. ( Dedicated IPs for most SSL purposes haven't been required in quite some time as most servers can now support SNI. LetsEncrypt requires an SNI-enabled server.)



      2. If a host doesn't use Cpanel or another control panel with easy LetsEncrypt installation, they'd have to provide shell access. That in turn would increase support levels for hosting providers, costing them money..
      Ok, I just wrote them to ask.I know they sell SSLs for $30, but I hope that won't interfere with them telling the truth.


      Originally Posted by Jeff Hope View Post

      It's recognized by all modern browsers. My view is that the rare visitor who is still using Netscape or IE6/IE8 isn't my target market anyway. Here's a link to a recent test site from LetsEncrypt where you can see responses from various browsers and operating systems.
      I agree



      Originally Posted by Jeff Hope;10856594If you are wanting SSL at all your sites for search purposes ( i.e. brownie points from Google ), then LetsEncrypt will work fine for that. As George noted above, if you are transmitting / storing sensitive customer data such as financial info between their browser and your server, then you may need a different level of SSL. In fact financial data may even require [URL="https://www.pcicomplianceguide.org/pci-faqs-2/"

      PCI compliance[/URL] at the server level, which is a different discussion.
      Well I hope ONE DAY before I die that I can FINALLY get Magenta going LOL, so why wouldn't this work on Magenta? What's missing from it that the other certs have?

      Thank you Jeff, I appreciate your help
      Signature

      ***Professional Merchant Services Agent at your service. If you are a professional legit company, I'd like to help you get the best merchant account for your company. Please contact me for more details.

      {{ DiscussionBoard.errors[10856699].message }}
  • Profile picture of the author Jeff Hope
    The encryption will work with any site, plus any software you are running on your site, including self-hosted shopping carts.

    The difference in the types of SSL certificates is in how much background checking / vetting the SSL authority does before issuing the certificate. The cheaper ones just verify that you have control of the domain, while others check control, plus company ownership and background, that the company is legitimate, etc. If you use Paypal, Authorize.net, Stripe, etc. for payment processing then it's up to them to worry about higher level SSL certificates and PCI compliance, not you, as they're the ones who store customer financial info.
    {{ DiscussionBoard.errors[10856769].message }}
    • Profile picture of the author ep2002
      Right, & that's why I don't need the higher levels. I'm too small a company & most of my sites are blogs, not eCommerce sites.

      Did you notice an increase in your SERPs at all when you installed them?

      If yes, approx. how long did it take?

      Thanks
      Signature

      ***Professional Merchant Services Agent at your service. If you are a professional legit company, I'd like to help you get the best merchant account for your company. Please contact me for more details.

      {{ DiscussionBoard.errors[10856834].message }}
  • Profile picture of the author Jeff Hope
    I don't rely on search traffic so it's not something I monitor. My understanding is that SSL is only a very small factor for Google right now. That could of course change at any time with them.

    I add SSL to all sites now because it's free, and I believe it helps create trust with visitors.
    {{ DiscussionBoard.errors[10856884].message }}
    • Profile picture of the author ep2002
      Oh that's too bad. How do ou run a site & not care about your SERPs? LOL

      Anyway today I heard that in a few years Google will be penalizing EVERYONE who doesn't have one, so there you have it. For now it's to help a bit, in a few years, we will all be VERY affected.

      Thanks for all your help
      Signature

      ***Professional Merchant Services Agent at your service. If you are a professional legit company, I'd like to help you get the best merchant account for your company. Please contact me for more details.

      {{ DiscussionBoard.errors[10859982].message }}
  • Profile picture of the author sendizo
    1/ I buy SSL from: https://www.ssls.com/
    2/ there are many types of SSL some can secure (https) on the main domain only, and other can secure the main domain and sub-domains (Wild Card SSL Certification)
    {{ DiscussionBoard.errors[10856988].message }}
  • Profile picture of the author mazupan
    StartSSL.com certificates are free and recognised as trusted by browsers. They allow to add up to 5 SANs to one certificate and if I am correct they extended the validity of certificates from 1 year to 3 years now.
    {{ DiscussionBoard.errors[10861081].message }}
  • Profile picture of the author richardZ
    Originally Posted by ep2002 View Post


    1. Does anyone buy SSLs from some other site?
    Yes, anyone buy ssl certificate from some other site.

    Originally Posted by ep2002 View Post


    2. Go Daddy's UMC package that allows for 5 or 10 domains is a bit of a problem in that I don't want people to be able to see all my domains attached to that one cert.

    I can't afford to buy a cert for each domain, that's just way too expensive.

    It's UCC not UMC. Yes, UCC SSL allows to secure multiple domains I have secured mine 9 with ClickSSL. For the issue 'see all domain attached to one ssl certificate' then for that you should have to contact particular ssl provider.

    SSL cert for each domain is very lengthy task.
    {{ DiscussionBoard.errors[10867189].message }}
  • Profile picture of the author katefeesh
    Originally Posted by mazupan View Post

    StartSSL.com certificates are free and recognised as trusted by browsers. They allow to add up to 5 SANs to one certificate and if I am correct they extended the validity of certificates from 1 year to 3 years now.
    SAN/UCC isn't exactly a plus point cos ep2002 doesn't seem to want SSLs linked across his domains. But anyway I believe Let's Encrypt can issue free certificates for every domain/subdomain.

    Originally Posted by ep2002 View Post

    Anyway today I heard that in a few years Google will be penalizing EVERYONE who doesn't have one, so there you have it. For now it's to help a bit, in a few years, we will all be VERY affected.
    Google won't be penalizing everyone for not using SSL. Chrome will begin flagging http sites that collect passwords or credit card information as non-secure next year.

    Originally Posted by ep2002 View Post

    Right, & that's why I don't need the higher levels. I'm too small a company & most of my sites are blogs, not eCommerce sites.
    If your sites are mostly blogs, free SSLs are good enough for creating trust with your visitors. I'd be more concerned with actual protection against attacks on your site. If you're also looking for free web application firewall services I recommend Cloudbric.

    Originally Posted by Michael Ten View Post

    Yes. Let's Encrypt.
    Cloudbric automatically applies Let's Encrypt SSL to your site.
    {{ DiscussionBoard.errors[10900478].message }}
  • Profile picture of the author onegoodman
    I just tried ssls.com. The price was to cheap and they are part of namecheap ( a company i have been using for a very long time now for my domains ).

    I bought one yesterday and I am very satisfied with them. Will definitely use them going forward .
    {{ DiscussionBoard.errors[10900598].message }}
  • Profile picture of the author kevinmitnick
    Yes, you can purchase an SSL certificate from any of SSL certificate providers. There are many SSL certificate re-sellers, including certificate authorities offering SSL certificates at the affordable cost.

    If you have a limited domain and only secure your domain with HTTPS, then DV SSL certificate is the best option but if you show users that your business is genuine and legitimate for that you can go with an OV SSL or EV SSL certificate.

    You can read reviews of SSL certificate authorities before purchase it from any trusted certificate authority. As per W3Techs report, A Comodo is a trusted and leading certificate authority which is used by 12.9% of all the websites, with a market share of 44.2%.
    {{ DiscussionBoard.errors[10960855].message }}

Trending Topics