SSL Certificates

Forums › IT Pro and developers › SSL Certificates

speters

3 posts

Wannabe Geek

#99794 27-Mar-2012 17:26

Hi,

I'm new here and wasn't sure where to post this topic - feel free to move it.

I'm running the admin side of a business for a tradesman who doesn't know a lot about websites. I've told him that people will feel more secure putting in their details on the contact form if he has an SSL Certificate and potential customers can see that their information is safe. It wouldn't have to be EV or anything, just probably RapidSSL so info is encrypted.

Any thoughts? I've noticed that you don't really see secure sites much in New Zealand (including this one...) Also has anyone had any dealings with local companies that supply SSL Certificates? I'm looking at a few but I'd love to get a few recommendations.

Thanks.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#600850 27-Mar-2012 17:42

I wouldn't bother with SSL for contact forms. First because it's a cost that is not really needed. Second because the transmission is secure, but what about the backend? Is the contact form transmitted via email? In this case it won't be secure on that method anyway...

jbard

1377 posts

Uber Geek

#600851 27-Mar-2012 17:43

freitasm: I wouldn't bother with SSL for contact forms. First because it's a cost that is not really needed. Second because the transmission is secure, but what about the backend? Is the contact form transmitted via email? In this case it won't be secure on that method anyway...

gzt

17104 posts

Uber Geek

Lifetime subscriber

#600894 27-Mar-2012 18:40

Depends on the nature of the information, the nature of the business, and the type of customer.

If it is email address and contact details requested then for most products and services it is not an issue.

Ragnor

8218 posts

Uber Geek

Trusted

#600906 27-Mar-2012 18:52

gzt: Depends on the nature of the information, the nature of the business, and the type of customer.

This ^

However worth noting http sessions can be hi-jacked via "man in the middle attack" on public wifi, if you can afford to ssl/https the entire site why not do it.

HTTPS conveniently bypasses transparent proxy issues on ISP's too.

mattwnz

20141 posts

Uber Geek

#600909 27-Mar-2012 18:57

jbard:
freitasm: I wouldn't bother with SSL for contact forms. First because it's a cost that is not really needed. Second because the transmission is secure, but what about the backend? Is the contact form transmitted via email? In this case it won't be secure on that method anyway...

+1?

I think you can use PGP though, for receiving email.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#600917 27-Mar-2012 19:07

Yes, sure. Then you start talking about having to find PGP libraries to use with your backend web page processor, encrypting and sending that over, key management, etc. All getting too complicated for a "contact us" for a tradesman.

sleemanj

1490 posts

Uber Geek

#601523 28-Mar-2012 19:58

For a contact form, don't bother. Nobody will even notice. Most hosts will have a shared SSL certificate you can use anyway if you really want to.

End of the day, your average Joe, they don't think to look, or don't care, or don't know to look, so really, it's wasted effort.

If credit card details or some similarly sensitive information are involved, then sure you need SSL, but far more importantly you need to consider the security once you have the details, SSL is really a minuscule, almost insignificant part of the picture.

---
James Sleeman
I sell lots of stuff for electronic enthusiasts...

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

speters

3 posts

Wannabe Geek

#601886 29-Mar-2012 12:57

However worth noting http sessions can be hi-jacked via "man in the middle attack" on public wifi, if you can afford to ssl/https the entire site why not do it.

HTTPS conveniently bypasses transparent proxy issues on ISP's too.

This is what I was thinking. Also, even though I'm mostly an "average Joe" I always check to make sure there is an SSL and that the name the certificate is issued to matches the site I'm on. I've been credit card frauded so I'm a bit careful even with casual stuff.

I had a look anyway and got a RapidSSL at what I think is a good price. $20 a year is nothing, really.
Trustico had a deal going and seem to have good feedback.

mattwnz

20141 posts

Uber Geek

#601890 29-Mar-2012 13:02

speters:
However worth noting http sessions can be hi-jacked via "man in the middle attack" on public wifi, if you can afford to ssl/https the entire site why not do it.

HTTPS conveniently bypasses?transparent?proxy issues on ISP's too.?

This is what I was thinking. ?Also, even though I'm mostly an "average Joe" I always check to make sure there is an SSL and that the name the certificate is issued to matches the site I'm on. ?I've been credit card frauded so I'm a bit careful even with casual stuff.

I had a look anyway and got a RapidSSL at what I think is a good price. ?$20 a year is nothing, really.?
Trustico had a deal going and seem to have good feedback. ?

Many hosts do charge for setting them up, and also as they require a dedicated IP address, that could be an additional cost too. Each time it expires it has to be re-setup again on the server, so I would register for the maximum period.

speters

3 posts

Wannabe Geek

#601947 29-Mar-2012 14:47

Many hosts do charge for setting them up, and also as they require a dedicated IP address, that could be an additional cost too. Each time it expires it has to be re-setup again on the server, so I would register for the maximum period.

Good advice, thank you.