Which SSL?

**theBiz** · Feb 5th, 2012, 11:55 AM

Hi can anyone give me some inside info on why and which SSL certificate to use? Regarding the actual security which ones are good? I need it for sensitive info not CC's.

Obviously Verisign is an obvious but i just can not see spending hundreds of dollars for what others are offering at much less. Any experiences and opinions would be appreciated.

**JamesF** · Feb 5th, 2012, 12:12 PM

I've always just used GoDaddy's using a Google'd up coupon code I found; usually for about $12.99.

I think for the most part, SSLs all work the same in encryption; I'd worry more about how the database authentication, encryption, XSS, SQL injection, and authorization works to me.

**theBiz** · Feb 5th, 2012, 12:34 PM

Yeah im asking for reasons like that, if someone really knows about SSL's and how they work, id love an honest opinion rather than the affiliates making fake SSL rating sites ive been reading. Judging by industry prices id figure you would have t spend at least 100 bucks to get something that youd be happy with overall but again i do not have the experience, so waiting on an SSL experiences person, thank you.

James, just checked out your site.. very cool looks like its getting some real activity already... why do you not put the SSL cert there to make people feel better? You have it you might as well display it dont you think... many people dont know what https means.

**JamesF** · Feb 5th, 2012, 01:28 PM

No prob. The SSL is really just used to encrypt data so when it's transferred, it's not in "plain site form" so to say. But just because you have SSL doesn't mean your site is safe. I think the ability for someone to access or alter data in your database without permission is probably the #1 safety issue.

To be honest; I think, unless you're a bank, a simple GoDaddy SSL cert ($12.99) one will work. That's what I use on Freelancify (hint: the homepage section doesn't have it for page loading time purposes, but click on the Login or Register buttons and you'll see it in action).

**theBiz** · Feb 5th, 2012, 02:30 PM

next question if an experienced person comes here.... is it easy or possible to use SSL with a pop up module type of log in considering its not on a web page but a module or function?

**LightHouse** · Feb 5th, 2012, 04:00 PM

Just use anything that isn't a brand new company. geotrust and rapidssl are pretty cheap. its all encryption and comes down to the company storing the private key. Pick something and go with it, most of the time the "badges" they use are ugly anyway, you can make your own SSL badge provided your site is completely secure.

**theBiz** · Feb 5th, 2012, 05:12 PM

Hey Lighthouse if i go with something like Geotrust which i have been thinking of, can i change their logo colors or you are saying i can create a completely custom one with my brand on it.. any examples of custom ones? thank you.

**LightHouse** · Feb 5th, 2012, 05:46 PM

Just google it. There are plenty of custom ones out there. And you can't change geotrust because its generated on their end

Sent from my SGH-I897 using Tapatalk

**theBiz** · Feb 5th, 2012, 06:58 PM

well what i mean is can i right click download geotrust, edit the colors, then upload onto my site or would that be violating most company's terms? I googled around, didnt see anything.

**healthstatus** · Feb 6th, 2012, 05:29 AM

I use the rapidssl certificates and the wildcard cert (wildcard allows you to protect ALL your subdomains also). The certificate is for your server, so as long as the login process is generated by the server and communication is between the client and that server using the correct protocol, the cert will be valid. All the cert is doing is using standardized methods for the client to confirm that they are talking to a server that is "certified" to be who they say it is.