• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 364
  • Last Modified:

HTTPS on Web site

Dear All

i want to implement HTTPS on my web site(ASP.NET & MS SQL 2008) . i have a dedicated server.

recommend me which certificate shall i buy and implement and how to implement it.


Thanks
0
Kamal Khaleefa
Asked:
Kamal Khaleefa
  • 4
  • 2
  • 2
  • +1
3 Solutions
 
Sushil SonawaneCommented:
You can take self sign or CA certificate or purchase third party certificate from godaddy geotrust.

You are going to publish these server over the web i would recommend you purchase thrid party certificate.

To understand difference between third party and self sign certificate refer below link:

http://webdesign.about.com/od/ssl/a/signed_v_selfsi.htm

 http://social.technet.microsoft.com/wiki/contents/articles/15189.difference-between-self-signed-ssl-certificate-authority.aspx

To assign third party certificate in IIS refer below link:

http://www.digicert.com/ssl-certificate-installation-microsoft-iis-7.htm

http://support.godaddy.com/help/article/4801/installing-an-ssl-certificate-in-microsoft-iis-7

To Create a Self-Signed Server Certificate in IIS 7
http://technet.microsoft.com/en-us/library/cc753127(v=ws.10).aspx
0
 
GaryCommented:
A self signed cert is of no use for a public facing website, you need a cert from a trusted authority.
Any of the big names will do (google ssl providers), if you want to try a free one then have a look at
http://www.startssl.com/
0
 
Greg HejlPrincipal ConsultantCommented:
My go-to ssl provider is GeoTrust.  if you are running an ecommerce site you should have an Extended Validation Certificate.

https://www.sslshopper.com/cheapest-ev-ssl-certificates.html
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
GaryCommented:
Extended validation offers no further security than a standard cert, even Amazon don't use them.
0
 
Greg HejlPrincipal ConsultantCommented:
Thats right Gary - it's all a scam.  The website tags available don't offer any more security either - but the general public - your customers, want the feel good that this stuff gives them, even though it is just a illusion.

A self signed certificate provides the same protection, with a purchased certificate your website is at least vetted to a company or individual.
0
 
GaryCommented:
I don't think most people even know/understand the difference,
In Chrome the only visible difference is the little green background on the left of the address bar, normal certs get the green padlock.
0
 
Kamal KhaleefaInformation Security SpecialistAuthor Commented:
Thanks to all of you
My site will contain a payment facility for subscription

So from where i can buy good certificate
Give me some good sites

Thanks
0
 
GaryCommented:
0
 
Kamal KhaleefaInformation Security SpecialistAuthor Commented:
Thank you all
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

  • 4
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now