SSL Certificate for Digital Products Site!

15 replies
Hi,

I've plans to make a new website to sell digital products. Please tell me, what is SSL Certificate & Is it necessary to get SSL Certificate with a site like this?

Also, what kind of SSL Certificate should I take? I'm not going to make a huge site, it would be just a few thousand products on it. The domain registrar company also offer PositiveSSL, at the time of registering the domain. Will that be enough or I need something special ?

Also, is it worth buying the PositiveSSL, that domain registrar offers?

Thanks in advance.
#certificate #digital #products #site #ssl
  • Profile picture of the author Thomas W
    you only need this if you have your own merchant account to be compliant
    Signature

    Established webmaster since 1998. Bought my first domain name for $70 and had to pay $1000 a month for hosting. It was the good life

    Skype: twool9
    Email me at thomasw9 ((((a)))) G mail

    {{ DiscussionBoard.errors[6901450].message }}
  • Profile picture of the author mosthost
    If you're just starting out and don't know if the venture will succeed, I'd say don't bother. There are a lot of ecommerce solutions these days that don't require SSL or running your own eCommerce app.
    {{ DiscussionBoard.errors[6901453].message }}
  • Profile picture of the author Weedy92
    It's for sites that take direct payments or sites that accept private information such as credit applications. Usually around $50-100 per year.
    {{ DiscussionBoard.errors[6901459].message }}
  • Profile picture of the author UMS
    If you are going to be handling the payment directly on your site, then it is highly recommended to get a SSL certificate.

    When you browse a site that starts with https:// it is using a SSL certificate to encrypt any details sent to the site, eg: credit card info and also certifies that the site is actually who it says it is.
    {{ DiscussionBoard.errors[6901485].message }}
    • Profile picture of the author SHAB1412
      Originally Posted by UMS View Post

      If you are going to be handling the payment directly on your site, then it is highly recommended to get a SSL certificate.

      When you browse a site that starts with https:// it is using a SSL certificate to encrypt any details sent to the site, eg: credit card info and also certifies that the site is actually who it says it is.
      What does handling payments directly means ?

      I'm going to use WordPress platform for my site & will use WP plugins for managing the shopping cart related things. But in this case as well, the users put their credit card info to purchase products!
      {{ DiscussionBoard.errors[6901508].message }}
      • Profile picture of the author UMS
        Originally Posted by SHAB1412 View Post

        What does handling payments directly means ?
        On a lot of ecommerce sites, the actual checkout process is done via a third party processor like Paypal, 2CheckOut, etc.

        If that's the case, then they handle the security of the transaction.

        If you are going to directly process the credit card payments on your site, then you'll need a SSL cert and some good security practices to ensure you minimise the risk to your customers.
        {{ DiscussionBoard.errors[6901520].message }}
        • Profile picture of the author SHAB1412
          Originally Posted by UMS View Post

          On a lot of ecommerce sites, the actual checkout process is done via a third party processor like Paypal, 2CheckOut, etc.

          If that's the case, then they handle the security of the transaction.

          If you are going to directly process the credit card payments on your site, then you'll need a SSL cert and some good security practices to ensure you minimise the risk to your customers.
          I see, got it. In that case, I think I can skip SSL, because I'll be using third party payment processing services.

          Thanks UMS.
          {{ DiscussionBoard.errors[6901630].message }}
  • Profile picture of the author Randall Magwood
    You should use Comodo SSL services. Very easy to install and have you looking like a reputable site overnight.
    Signature

    {{ DiscussionBoard.errors[6902027].message }}
    • Profile picture of the author Walter Parrish
      you see. this is why you need to ignore most of the WF crowd when it comes to security.

      yes, your transactions will be secure and you won't be storing customers payment information on your site, but you need to secure your own files and website. if you are hosting your files outside of your site then you probably don't need it as the host will probably have security in place.

      however, if you are hosting your own files and want them secure get the cert. you're also going to need 2 ips which most hosting companies give you, if you go for the resller or virtual private server account.

      namecheap btw offers if I remember right a cert for 1 year for 1.99 on new domains if not you can grab one for around 10 bucks as most browsers these days can handle those.

      customers also like seeing https:// when they go to checkout so it's nice to have. what it actually does is gives you a separate space on the server that is a bit more secure.

      hope this helps
      Signature
      Use Feeder Sites, Articles, And Social Media Sites To Generate Unstoppable Traffic, FREE! Click Here Now To Get It For FREE
      {{ DiscussionBoard.errors[6902826].message }}
      • Profile picture of the author lerxtjr
        There's still a lot more to this topic than anyone is really explaining. Yes, you're on the right track by going with a 3rd party hosted cart system. To others thinking "awww, I'm just going to get one of those WordPress plugins for $30 and host my own secure transactions..."

        Why? Because those 3rd party systems (Infusionsoft, PremiumWebCart, netsuite, 1sc [cough cough]) handle all the PCI Compliance issues. You can get an SSL cert and a static IP and still your web server can be (and probably is) woefully short of true PCI Compliance. Any PCI scanning software system will tell you so. And, all your merchant account needs to do is see that one of your potentially hundreds of ports is open and shazzam! They are quick to drop you as a merchant client.

        What's more is that if you are even brought into court for someone believing their transaction was insecure with you and felt their credit card was hacked because of the transaction on your website (even if you're not guilty), the merchant account will see you as "high risk" just like in the insurance business. Trouble is, when you reach that status, you lose your merchant account and are blacklisted from getting a new merchant account with ANY merchant account provider for "7" years! Is it REALLY worth the risk to have your own $50 shopping cart on your own shared server now that you know you are probably not PCI Compliant?
        Signature

        98% of business owners have no idea what they really want or how to get it either. My new book reveals it all Lions Always Win Book >>

        {{ DiscussionBoard.errors[6902968].message }}
        • Profile picture of the author Walter Parrish
          Originally Posted by lerxtjr View Post

          There's still a lot more to this topic than anyone is really explaining. Yes, you're on the right track by going with a 3rd party hosted cart system. To others thinking "awww, I'm just going to get one of those WordPress plugins for $30 and host my own secure transactions..."

          Why? Because those 3rd party systems (Infusionsoft, PremiumWebCart, netsuite, 1sc [cough cough]) handle all the PCI Compliance issues. You can get an SSL cert and a static IP and still your web server can be (and probably is) woefully short of true PCI Compliance. Any PCI scanning software system will tell you so. And, all your merchant account needs to do is see that one of your potentially hundreds of ports is open and shazzam! They are quick to drop you as a merchant client.

          What's more is that if you are even brought into court for someone believing their transaction was insecure with you and felt their credit card was hacked because of the transaction on your website (even if you're not guilty), the merchant account will see you as "high risk" just like in the insurance business. Trouble is, when you reach that status, you lose your merchant account and are blacklisted from getting a new merchant account with ANY merchant account provider for "7" years! Is it REALLY worth the risk to have your own $50 shopping cart on your own shared server now that you know you are probably not PCI Compliant?
          First I would never hold customers cc info on a site, well unless I was into some major money, like 1 mil a week lol.

          You can do the pci testing through companies like commodo. I really don't know what the poster is working with, but if they have a vps virtual private server account they can adjust the settings to be strict right through the firewall and easily pass the pci tests.
          Signature
          Use Feeder Sites, Articles, And Social Media Sites To Generate Unstoppable Traffic, FREE! Click Here Now To Get It For FREE
          {{ DiscussionBoard.errors[6905694].message }}
      • Profile picture of the author SHAB1412
        Originally Posted by Walter Parrish View Post

        you see. this is why you need to ignore most of the WF crowd when it comes to security.

        yes, your transactions will be secure and you won't be storing customers payment information on your site, but you need to secure your own files and website. if you are hosting your files outside of your site then you probably don't need it as the host will probably have security in place.

        however, if you are hosting your own files and want them secure get the cert. you're also going to need 2 ips which most hosting companies give you, if you go for the resller or virtual private server account.

        namecheap btw offers if I remember right a cert for 1 year for 1.99 on new domains if not you can grab one for around 10 bucks as most browsers these days can handle those.

        customers also like seeing https:// when they go to checkout so it's nice to have. what it actually does is gives you a separate space on the server that is a bit more secure.

        hope this helps
        Thank you so much Walter, for the comprehensive response. Yes, I'm going to get the one that comes with NameCheap domain.
        {{ DiscussionBoard.errors[6904165].message }}
      • Profile picture of the author UMS
        Originally Posted by Walter Parrish View Post

        however, if you are hosting your own files and want them secure get the cert. you're also going to need 2 ips which most hosting companies give you, if you go for the resller or virtual private server account.
        A SSL cert doesn't secure your files. All it does is ensure that network traffic from the browser to the webserver is encrypted.

        If you don't properly protect your files on the webserver, then it makes little difference if you have a SSL cert or not.

        Also, you don't need 2 IP addresses, 1 is fine.
        {{ DiscussionBoard.errors[6904196].message }}
        • Profile picture of the author Walter Parrish
          Originally Posted by UMS View Post

          A SSL cert doesn't secure your files. All it does is ensure that network traffic from the browser to the webserver is encrypted.

          If you don't properly protect your files on the webserver, then it makes little difference if you have a SSL cert or not.

          Also, you don't need 2 IP addresses, 1 is fine.
          I was thinking more along the lines of just basic site security using plugins like better wp security and setting it up to do ssl logins only, and as you said slowing others down from intercepting packets.

          As far as 2 ips I haven't tried to setup without them. Every register I have used asked for 2 ips when you create the name servers.

          I guess one thing we can all agree on is customers will be happy when they see https:// . Especially if the news starts up again saying don't make any purchases on sites who don't use them.
          Signature
          Use Feeder Sites, Articles, And Social Media Sites To Generate Unstoppable Traffic, FREE! Click Here Now To Get It For FREE
          {{ DiscussionBoard.errors[6905716].message }}
  • Profile picture of the author WindowWasher
    nice 10 characters
    {{ DiscussionBoard.errors[6903432].message }}

Trending Topics