We require that all connections to remote admin panels be done through SSL. This protects you the customer from packet sniffers, by seeing that the passwords are encrypted. However, signed certificates cost money, and that would increase the cost and time to create accounts. So our solution is a middle ground. We create self-signed certifiactes for your use.
Such a thing is useless for on-line commerce, because warnings will show up on browsers, and people who've heard about the dangers of accepting unverified certificates will not send their credit cards. However, this is not needed for our purpose, which is ensuring encryption. The only person who will see these warnings is you, the customer. And despite the warnings, the encryption is sound, as you can verify with your browser. The information collected by these scripts is use for no other purpose than to administer your account. Our self-signed certificates are not valid for commerce, but they encrypt just as well as one you have purchased from Verisign or Thawte.
If you buy a signed certificate, we will replace the current certificate with it. We recomend a SSL certificate from Thawte, currently priced at $125 USD for the first year, with a renewal fee of $95. This will allow you to provide a trusted, secure method of performing E-commerce. However, until then, you will have to instruct your broswer to accept the self-signed certificate. All major broswers will do this, and you can prevent them from asking again. With Netscape, it's a simple matter of checking the "Accept this certificate forever (until it expires)" checkbox in the new ceritifacte wizard when you see it. Explorer is a bit more of a pain, as each version handles things differently. If you see a warning like this when trying to buy something, be suspicious. However, you know the party you are sending the information to in this case. It's our server, and your domain. You could get your own certificate, and put it on your own server for the same purpose, without having to buy one, and you would know it is secure. Unless you are doing commerce with it, you don't need a certificate authority. The only person that needs convincing is you, and we will be more than happy to explain the technical details of our control panel scripts.
Back to home page