Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 991
  • Last Modified:

Verisign SSL Certificates

I'm looking for a SSL Certificate for my E-commerce site.

Verisign has these 2 options:

Secure Site SSL Certificates               $349 per year
Minimum SSL Encryption 40-bit

Secure Site Pro True 128-Bit SSL        $995 per year
Minimum SSL Encryption 128-bit

Is the 40-bit encryption good enough to do the job?  I really just want the
VeriSign Secured Seal.  Is it going to say 128-bit or 40-bit on the Seal?
0
MikeMCSD
Asked:
MikeMCSD
  • 3
  • 2
  • 2
  • +2
4 Solutions
 
coreybryantCommented:
Here is the difference between the two: http://help.netscape.com/kb/consumer/19971208-6.html

Personally, we use Geotrust for most sites - they offer 128 bit as well.  if you are accepting credit card information - use 128 bit encryption

-Corey
0
 
humeniukCommented:
I agree with coreybryant that 128-bit encryption is essential.  Where we may disagree is in my belief that the Verisign brand still inspires more consumer confidence than any of their competitors (ie Geotrust).  Either way, though, a name-brand certificate is a must for an e-commerce site.
0
 
Daemon2005Commented:
Also keep in mind if you want to support clients who use older browsers that do not support SSLv3 (128bit), if not specified in the webserver, it will revert to 40 bit encryption if someone logs on with an older browser (SSLv2 40bit)  or if they disable SSLv3 in the browser settings on a newer browser.

So unless you plan to use SSLv3 and disable SSLv2 in the webserver, it would be pointless to get the SSLv3 encryption when anyone can make it revert back to SSLv2.

Furthermore clients are always able to see whether the encryption key is 40 or 128 bit.


Hope this helps

Pete
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
RejojohnyCommented:
others have already commented on the difference between 40bit and 128bit encryption .. I would like to point the type of encryption would depend on how much secure you want your data to be ... and how much you are willing to spend to make ur site more secure .. type of users (who really knows about certificates or for that matter verisign, geotrust  etc)

>>I'm looking for a SSL Certificate for my E-commerce site.
What is that you want to make secure?? I assume the only data that you might want to be secure is the payment details and not ur product details or shopping cart .. and is that not handled by a payment gateway?? am pretty sure none of your clients would want to post their credit card details directly to ur site .. if there is a payment gateway involved .. why else do you require SSL?
0
 
MikeMCSDAuthor Commented:
>>if there is a payment gateway involved .. why else do you require SSL?

I plan on using Authorize.net as the payment gateway.
But don't I need SSL for customer information (address, login info)?  I plan on storing
customer information in the database.
And when a customer gets a Log In screen, don't I need it to be https:// secure?
And would 40-bit Encryption be good enough for this?
0
 
RejojohnyCommented:
For customer information, i think a 40 bit encryption should be more than enough .. unless ofcourse u expect ur customers to be very high profile customers who are vey sensitive about their personal information ... :-)
0
 
coreybryantCommented:
Most payment gateways (LinkPoint, Verisign's Payflow, Authorizenet.com, etc) will provide their own SSL webpage.  Keep in mind though - you are very limited with this webpage and usually it is a lot better to use your own SSL webpage on your own website to maintain consistency through-out the checkout page.  

As far as the login - it sometimes does not even matter.  I have seen sites that do & some do not.  As Rejojohny pointed out - it all depends on what you want to show your customers and how you want them to perceive the way you run your company.

As far as gateways, the LinkPoint payment gateway is probably one of the strongest out there.  It is owned by the First Data Corporation.  First Data has been doing electronic money transfers since 1871 and they were the first processor of both VISA┬« and MasterCard┬« bank-issued credit cards in 1976.  First Data processed 12.2 billion transactions in North America alone in 2003.  There are no extra transaction costs or recurring billing costs.  LinkPoint was not down at all in 2004.

Authorize.net is probably the most advertised electronic gateway.  A lot of people think they can sign up with them and immediately start to accept credit cards.  They do not release you need a merchant account as well.  Authorize.net even uses the First Data platform to help facilitate transaction processing. They charge an extra $25.00 a month to have recurring billing. Usually the transaction costs is about $.10 on top of what the MAP (merchant account provider) will charge.  Authorizenet.com was down about 8 times in 2004.

Verisign also has a payment gateway (PayFlow).  Verisign is probably the most recognized name because they also offer other services and products for the internet (i.e. SSL certificates, domain registration, hosting, etc).  You do not need to purchase everything from Verisign to have a successful e-commerce business.  You can also purchase the PayFlow from resellers at a cheaper rate than what Verisign charges.  PayFlow was down once in 2004.

-Corey

0
 
MikeMCSDAuthor Commented:
yes Corey, I plan on using my own SSL webpage for entering credit card information.
So I guess getting a SSL Certificate is a must . . . and the 40-bit Encryption  wouldn't
be a good idea.
So what would be a good combination of payment gateway and  SSL Certificate?

If I got LinkPoint what would be a good SSL certificate to work well with it?
0
 
coreybryantCommented:
Well the payment gateway & SSL are two different components.  The SSL is used primarily between the browser & the server to encrypt the data.  The electronic payment gateway is the virtual connectivity between your website and the authorizing agency (First Data platform, Visanet, Discover, etc).  

What you are wanting is an SSL cert that is already installed on a clients browser.  For example, Geotrust QuickSSL is on 99% of the browsers: http://www.geotrust.com/web_security/quickssl.htm.  You also might check out Thawte as well.  

but if you are planning on accepting credit card numbers on your site - you will want the 128 bit encryption.  And you can use the same cert throughout your site as long as you place it on the correct domain. For example, some people get the cert issued to secure.example.com - so the cert can only be used on secure.example.com.  Personally, I get it to be issued to www.example.com so I do not have to worry about some coding problems and links.

As far as the gateway - it depends on what MAP you choose and if they are compatible with that particular gateway

-Corey
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now