Link to home
Start Free TrialLog in
Avatar of RBS
RBS

asked on

SSL Certificate - Needced on a Staging Site

Hi:

I am trying to figure out if I need a separate SSL certificate for my stageing site - mysite.staging.com.  If in .Net, I set my project properties to publish to an SSL Url, with the traffic between my site and the browser be encrypted even if I do not purchase a separate ssl certificate for the staging site?

RBS
Avatar of kadadi_v
kadadi_v
Flag of India image

Have you purchased the Wild-card SSL certificate..?

Regards,
VK
Avatar of RBS
RBS

ASKER

no
Avatar of RBS

ASKER

My question is not whether I can use a wild-card SSL certificate - it is without any certificate at all, if I publish to an SSL Url, is my content encrypted - even though there is no certificate testifying that it has been secured - i.e.  is obtaining and using the certificate part an essential part of making the communications secure.
ASKER CERTIFIED SOLUTION
Avatar of kadadi_v
kadadi_v
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of RBS

ASKER

This may be true - but it does not answer my question.
Avatar of RBS

ASKER

I am planning on moving a site from one service provider to another.  Before making the move, I would like to create a staging site on the new service provider.  Before making the final move of my main site, will my staging site on the new provider be secure while I do testing - or will I need to purchase an SSL certificate in order to make it secure even though I publish to an SSL URL (port).
Without SSL certificate purchased from CA ( Certificate Authorities ) you can not use the https URL.
And yes you can if you can use the  self signed-certificate but it gives the error when you browse.

Difference :
http://social.technet.microsoft.com/wiki/contents/articles/15189.difference-between-self-signed-ssl-certificate-authority.aspx

Regards,
VK
Avatar of RBS

ASKER

Thank you VK - this is the info that I am looking for - I guess I do need a certificate in order to make communications secure - but for testing on a staging server in the cloud, self-signed would do the trick?

"Self-signed certificate encrypt the data but flunk to retain customer on site due to error message regarding risky behavior of web site."

"In Self-signed certificate private key is shared between third party and end user while in signed certificate private key is kept with end user and not shared with anyone."
cacert is good and it bores your eyes if you try to mix test infrastructure with normal infrastructure.
Apart from self signed certificate you can try tricking your browser by mapping domain name to required ip in host file of system. I am not 100% sure but it might work.
Avatar of RBS

ASKER

Thanks