We require that all connections to remote admin panels be done through SSL. This
protects you the customer from packet sniffers, by seeing that the passwords are
encrypted. However, signed certificates cost money, and that would increase the cost
and time to create accounts. So our solution is a middle ground. We create
self-signed certifiactes for your use.
Such a thing is useless for on-line commerce, because warnings will show up on
browsers, and people who've heard about the dangers of accepting unverified
certificates will not send their credit cards. However, this is not needed for our
purpose, which is ensuring encryption. The only person who will see these warnings
is you, the customer. And despite the warnings, the encryption is sound, as you can
verify with your browser. The information collected by these scripts is use for no
other purpose than to administer your account. Our self-signed certificates are
not valid for commerce, but they encrypt just as well as one you have purchased
from Verisign or Thawte.
If you buy a signed certificate, we will replace the current certificate with it.
We recomend a SSL certificate from Thawte, currently priced at $125 USD for the first year, with a renewal fee of $95.
This will allow you to provide a trusted, secure method of performing E-commerce.
However, until then, you will have to instruct your broswer to accept the self-signed
certificate. All major broswers will do this, and you can prevent them from asking
again. With Netscape, it's a simple matter of checking the "Accept this certificate forever (until it expires)"
checkbox in the new ceritifacte wizard when you see it. Explorer is a bit more of a pain, as each version handles things differently.
If you see a warning like this when trying to buy something,
be suspicious. However, you know the party you are sending the information to in this case.
It's our server, and your domain. You could get your own certificate, and put it on your own
server for the same purpose, without having to buy one, and you would know it is secure. Unless you
are doing commerce with it, you don't need a certificate authority. The only person that needs
convincing is you, and we will be more than happy to explain the technical details of our control
panel scripts.
Back to home page
|