[GLLUG] Sick of SSL questions yet?

Dpk dpk@egr.msu.edu
Thu, 18 Apr 2002 17:57:36 -0400


On Thu, Apr 18, 2002 at 05:51:59PM -0400, szumlins@mac.com wrote:

   Okay, so I finally got the server working correctly by recompiling
   everything from source on my test box.  My only goal with the whole
   SSL connection was to ensure that if users are inserting a credit
   card # into a form that the connection would be secure to the
   server.  Everything seems to be working fine, but like Ed said, I
   get a little warning using IE saying that the issuing certificate
   is not verified. Is there a way (for free, I have no budget to do
   this at all) to create a secure credit card form using SSL, or am I
   just wasting my time.  I know the users of the site ultimately
   won't understand jack about how this all works, and I don't want a
   warning popping up telling them not to trust the site.  Any ideas?

Trully, the easiest way is to fork over the $100 or $200 per year to
get a signed cert by an authority.  The only other way is installation
of an self-authority on each and every browser that will use your
site.

An alternative to that would be an intro page on a non-SSL server,
explaining how/why to accept the certificate.  Even though unverified,
under nearly all circumstances it won't be a problem and data will be
sent over SSL.  Even signed certs have their problems.

Dennis