Is shared SSL secure enough for pages where credit card details are recorded, or should I splash out on a dedicated SSL certificate?
We've moved the forum!
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.
I'm also curious on what the advice on this question is. New to eCommerce in general and SSL is one of those big unknowns.
In my slowly increasing understanding, all SSL certificates are just as secure, or similarly secure, with the main difference being how many bits are used in the private/public keys.
A shared key should work fine, but I believe if the domain the key is registered for does not match your own domain, users will be presented with a message to say that the keys do not match, and you need to decide to trust the site or not. This is pretty much the same as a self-signed key, meaning you generate one yourself, and install that.
I believe the best option is to go for a cheap key (~$100USD/year), just to get rid of the warning message, and that should be enough to keep data secure. Where you start getting expensive, is when you get your certificates from big name authorities like VeriSign. I think you are just paying to be verified by them, and part of their 'network of trust'.
Anyone feel free to correct me if this isn't quite right.
I think you should buy a private SSL for your business. It costs only about 70$ at godaddy
The bigger issue if you are accepting credit card details on your website would be PCI compliance.
I am also starting an E-commerce site , I want to know if is mandatory or not ?
