Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Payments and Payment Gateway / APIs /

This is a forum for discussing SilverStripe can-do payments and their APIs / Gateways.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Is shared SSL okay of ecommerce?

Go to End

6 Posts   8885 Views


Community Member, 15 Posts

29 March 2011 at 4:26pm

Is shared SSL secure enough for pages where credit card details are recorded, or should I splash out on a dedicated SSL certificate?


Community Member, 19 Posts

6 April 2011 at 7:07pm

I'm also curious on what the advice on this question is. New to eCommerce in general and SSL is one of those big unknowns.


Forum Moderator, 238 Posts

15 March 2013 at 9:30am

In my slowly increasing understanding, all SSL certificates are just as secure, or similarly secure, with the main difference being how many bits are used in the private/public keys.

A shared key should work fine, but I believe if the domain the key is registered for does not match your own domain, users will be presented with a message to say that the keys do not match, and you need to decide to trust the site or not. This is pretty much the same as a self-signed key, meaning you generate one yourself, and install that.

I believe the best option is to go for a cheap key (~$100USD/year), just to get rid of the warning message, and that should be enough to keep data secure. Where you start getting expensive, is when you get your certificates from big name authorities like VeriSign. I think you are just paying to be verified by them, and part of their 'network of trust'.

Anyone feel free to correct me if this isn't quite right.


Community Member, 2 Posts

26 September 2014 at 2:00am

I think you should buy a private SSL for your business. It costs only about 70$ at godaddy


Community Member, 3 Posts

8 November 2014 at 3:22pm

The bigger issue if you are accepting credit card details on your website would be PCI compliance.


Community Member, 1 Post

11 December 2014 at 6:10am

Edited: 11/12/2014 6:15am

I am also starting an E-commerce site , I want to know if is mandatory or not ?