Jump to content

Why do you use SSL for WHMCS?

LeMarque

By LeMarque
in General Discussion

 Share

Recommended Posts

Jordan Senior Member

Jordan

Posted
Posted

When you buy a SSL cert, you are required to provide them with the URL that you will be using.

 

So if your install is *just* a directory, getting it for http://mydomain.com, which will also work for /whmcs/ directory.

 

 

http://www.sslshopper.com/what-is-ssl.html

 

Hopefully that can help you out; It explains various SSL certs out there. There's also a listing of certs and their pricing.

0
Link to comment
Share on other sites
simplybe Senior Member

simplybe

Posted
Posted
a std cert will be fine if you are not taking card details, rapid ssl or a geotrust quick ssl.

 

errr....

 

why wouldn't a rapidssl be good enough if the cc volume is low to start with?

 

especially once the data is passed to the secure gateway

 

If you are using a gateway then a cheap ssl is fine as the gateway will handle the transaction.

0
Link to comment
Share on other sites
uberhost Senior Member

uberhost

Posted
Posted
a std cert will be fine if you are not taking card details, rapid ssl or a geotrust quick ssl.

 

errr....

 

why wouldn't a rapidssl be good enough if the cc volume is low to start with?

 

especially once the data is passed to the secure gateway

 

If you are using a gateway then a cheap ssl is fine as the gateway will handle the transaction.

A $12.95/year RapidSSL cert is perfectly suited to handle credit card data without a gateway. The encryption between the server and the browser is what protects the data, not the price of the cert.

0
Link to comment
Share on other sites
netearth Senior Member

netearth

Posted
Posted
An ssl cert should cover your entire domain and all directories under that domain if accessed via https. a std cert will be fine if you are not taking card details, rapid ssl or a geotrust quick ssl.

 

Hi Simplybe,

 

Just for clarification, when you say entire domain, it should be "w w w.domain.com/anything-here/and-lower" for a normal cert.

 

A normal cheap cert that is ordered for "w w w.domain.com" will not cover "secure.domain.com" for instance.

 

This is where a wildcard cert is worth the dosh if you are going to have multiple subdomains i.e. "*.domain.com" as some hosters charge extra for IP addresses, and you need to have an IP address PER SSL cert (unless you want to play around and setup multiple ports for different SSL's, this involves hacking around apache config files).

 

The only difference in the prices of the certs are if they are low assurance or high assurance and the "insurace cover" they come with. Low assurance is a "simple tick box to show you are the domain holder" whereas High Assurance normally is a little more investigation into the domain holder, and EV certs is everything including your inside leg measurements! :lol:

 

Chris

0
Link to comment
Share on other sites
simplybe Senior Member

simplybe

Posted
Posted

Hi,

Yes that is correct, if your order a cert for http://www.domain it will only work without errors if www. is used. That is not a problem as the https path is configured in whmcs, so it would always use the www. if configured that way.

 

If you are storing cc details in whmcs and collecting them on your own pages then there are many rules in place by the cc companies that you must comply to. What i intended with my post was that if you are using say paypal for payments then all you need is a cheap cert to collect client details as the gateway will handle the cc details.

 

But if you are handling the cc details yourself then you far need more than a cheap cert in place.

0
Link to comment
Share on other sites
netearth Senior Member

netearth

Posted
Posted
Thanks everyone for the feedback

 

just installed the cert and it seems it's only for http s://w w w.mydomain.com; not for http s://mydomain.com

 

anyway around this?

 

Hi LeMarque,

 

In short, no. When you ordered the cert what did you request it as? Also when you created the CSR what was the request? was it for w w w.mydomain.com or mydomain.com ?

 

If you want, PM me the domain if you dont want to broadcast it and ill check the cert? :)

 

Chris

0
Link to comment
Share on other sites
Jordan Senior Member

Jordan

Posted
Posted
Thanks everyone for the feedback

 

just installed the cert and it seems it's only for https://www.mydomain.com; not for https://mydomain.com

 

anyway around this?

 

Accessing your domain via http://domain.com and http://www.domain.com are recognized as TWO different URLs.

 

When you purchase a cert for http://www.domain.com, you can only access SSL via http://www.domain.com. You will NOT be able to use it for http://domain.com.

0
Link to comment
Share on other sites
chick Member

chick

Posted
Posted

I do not use the www's I think url's look cleaner without them.

 

My site, including whm is setup as http://name.com

 

I am going to buy a digicert for the $99 for 1 year. Try it out for now. This should satisfy the cc companies right?

 

I intend to only use the cert at the whm backend not the main part (regular web pages - htm's) I can do this right?

 

Which cert should I get: 1. DigiCert SSL Plus (one server name) or 2. DigiCert WildCard Plus (an entire domain)

 

They are both the same price and need some help on which one please?

0
Link to comment
Share on other sites
PPH Senior Member

PPH

Posted
Posted
I do not use the www's I think url's look cleaner without them.

 

My site, including whm is setup as http://name.com

 

I am going to buy a digicert for the $99 for 1 year. Try it out for now. This should satisfy the cc companies right?

 

I intend to only use the cert at the whm backend not the main part (regular web pages - htm's) I can do this right?

 

Which cert should I get: 1. DigiCert SSL Plus (one server name) or 2. DigiCert WildCard Plus (an entire domain)

 

They are both the same price and need some help on which one please?

A namecheap SSL for $14.88 would work fine?!?

0
Link to comment
Share on other sites
chick Member

chick

Posted
Posted

I am going to be using authorize.net and accept cc's... so they will accept namecheap?

 

I am going for the wildcard after just reading about it. oh and make sure I don't use the www's when applying for it since I don't use them on my site. Thanks guys.

0
Link to comment
Share on other sites
MACscr Senior Member

MACscr

Posted
Posted
I am going to be using authorize.net and accept cc's... so they will accept namecheap?

 

I am going for the wildcard after just reading about it. oh and make sure I don't use the www's when applying for it since I don't use them on my site. Thanks guys.

 

Uh, if you buy the wildcard version, then it doesnt matter if you order it with www. as it will work with any of your subdomains, thus being called wildcard =P

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept