Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Payments and Payment Gateway / APIs /

This is a forum for discussing SilverStripe can-do payments and their APIs / Gateways.

Moderators: martimiz, Sean, Normann, biapar, Willr, Ingo, swaiba, simon_w

Is shared SSL okay of ecommerce?


Reply


6 Posts   2185 Views

Avatar
Eco

Community Member, 15 Posts

29 March 2011 at 4:26pm

Is shared SSL secure enough for pages where credit card details are recorded, or should I splash out on a dedicated SSL certificate?

Avatar
marblegravy

Community Member, 19 Posts

6 April 2011 at 7:07pm

I'm also curious on what the advice on this question is. New to eCommerce in general and SSL is one of those big unknowns.

Avatar
Jedateach

Forum Moderator, 233 Posts

15 March 2013 at 9:30am

In my slowly increasing understanding, all SSL certificates are just as secure, or similarly secure, with the main difference being how many bits are used in the private/public keys.

A shared key should work fine, but I believe if the domain the key is registered for does not match your own domain, users will be presented with a message to say that the keys do not match, and you need to decide to trust the site or not. This is pretty much the same as a self-signed key, meaning you generate one yourself, and install that.

I believe the best option is to go for a cheap key (~$100USD/year), just to get rid of the warning message, and that should be enough to keep data secure. Where you start getting expensive, is when you get your certificates from big name authorities like VeriSign. I think you are just paying to be verified by them, and part of their 'network of trust'.

Anyone feel free to correct me if this isn't quite right.

Avatar
benhungto

Community Member, 2 Posts

26 September 2014 at 2:00am

I think you should buy a private SSL for your business. It costs only about 70$ at godaddy

Avatar
riddler

Community Member, 3 Posts

8 November 2014 at 3:22pm

The bigger issue if you are accepting credit card details on your website would be PCI compliance.

Avatar
abiramishankar

Community Member, 1 Post

11 December 2014 at 6:10am

Edited: 11/12/2014 6:15am

I am also starting an E-commerce site , I want to know if is mandatory or not ?