[GLLUG] Sick of SSL questions yet?
Dpk
dpk@egr.msu.edu
Thu, 18 Apr 2002 17:57:36 -0400
On Thu, Apr 18, 2002 at 05:51:59PM -0400, szumlins@mac.com wrote:
Okay, so I finally got the server working correctly by recompiling
everything from source on my test box. My only goal with the whole
SSL connection was to ensure that if users are inserting a credit
card # into a form that the connection would be secure to the
server. Everything seems to be working fine, but like Ed said, I
get a little warning using IE saying that the issuing certificate
is not verified. Is there a way (for free, I have no budget to do
this at all) to create a secure credit card form using SSL, or am I
just wasting my time. I know the users of the site ultimately
won't understand jack about how this all works, and I don't want a
warning popping up telling them not to trust the site. Any ideas?
Trully, the easiest way is to fork over the $100 or $200 per year to
get a signed cert by an authority. The only other way is installation
of an self-authority on each and every browser that will use your
site.
An alternative to that would be an intro page on a non-SSL server,
explaining how/why to accept the certificate. Even though unverified,
under nearly all circumstances it won't be a problem and data will be
sent over SSL. Even signed certs have their problems.
Dennis