Quote:
|
Originally Posted by BriOnH I don't have one, yet, but know I need too. I think I am going to put the whole site behind an SSL too since it's medical information. Anyone know where the best prices are for certs?
Sorry I have been lagging on updates. My two other jobs and some play have been taking up my time. |
My opinion, since this isn't a commercial venture (yet?), is to make your own free certificate for now -- that's what I did with the Liveabetes site.
Get a copy of openssl (it's open source) and create one. There are a lot of FAQs out there on how to do it. The basic outline step would be to create your own "signing authority" (normally, this would be a company like Versign). Our web browsers already have relationships with the bigwig ($$$) signing authorities. By creating your own, essentially, when a person goes into SSL mode, if they don't manually add your authority to their browser, they will receive a message stating that it's not a known signing authority. (You've probably seen these before -- they look like the same messages for people who have expired certificates). To remove the error for life, they can add it to their browser, or just click "Okay" and be done with it.
After you create a signing authority, you essentially can be like Versign. You're now ready to create your own encryption certificate. This certificate will be signed by your "authority" (e.g., Versign). You keep the private key to yourself, and use the public key on the webserver.
There are probably a bunch of FAQs on how to do it for IIS. If you were using Apache, I could send you a little book on how to do it (it's a short chapter). It's something you could do in less than 30 minutes at no cost to you.
Make sure the hosting provider allows SSL connections (port 443) with your own certificate, too. Certificates are free so long as you don't want them signed by some company that claims to have importance (e.g., a monopoly).
