In the same vein as Billy's question - has anyone used SSL from Godaddy? I've currently got a free shared one from my host, but people seem to be having problems with it. I'm keen on buying one, but quotes from places are ridiculous - thousands for just a couple of years. Godaddy's is about 90% cheaper; but I don't know anything about SSL and don't know whether theirs are good.

Anyone have a recommended seller?

I have not heard too many specifics about Godaddy certs but know that many administrators use other services of theirs because of the better rates. I see about a 50/50 ratio on like/dislike when it comes to their services.

Any certificate is liable to add the amount of secuirty you would need for your customers but the catch comes in the reputation of the company that supplies them. I would imagin the problem that your users have with the shared certificate is that their computers are set at a security level that does not trust the certificate so they get a pop up message.  You could post a message that the connection is secure but if they do not trust you they may not be willing to use your services or site. Going with a company that charges more well as a rule take care of all of this since what you are really paying for is the reputaton that the company has built.

Thanks Shawn. I did a lot of research yesterday and decided not to use Godaddy as a lot of people have problems with setting it up. I was thinking of using Geotrust, and then stumbled on some articles of them approving phishing sites... but I really can't afford the higher priced companies. I definitely need to get rid of the shared certificate, as I think pretty much everyone is having problems with it when they visit my shop.

... At the moment, I'm still shopping around.

Thanks for the advice!

While I know it would not be your hosting company you might want to check out P&S hosting company info page on SSL. http://members.westhost.com/ssl-web-hosting.html  They offer RapidSSL and GeoTrust.  I don't think you could purchase through my hosting company but I do have confidence in the companies they choose to collaborate with. GeoTrust may be fine since they offer it.

Thanks Shawn - I actually found an Australian company that does some cheap(er) certificates... Definitely a lot more affordable than the westhost link, but for the same basic packages. I'm just in the middle of getting my IP address for my site organised, and everything should be up and running at some point tomorrow.

You'll have to be our guru on this subject.  It is something I have always avoided exploreing because of if it's complicated nature.   I think for those who really do not want to get to involved in purchasesing an SSL certificate or managing the CC cards they can use PayPal services but at some point they may want to move to processing things themselves.

Yes... but actually researching the whole thing has been excellent for me. Like you, I thought it was an unnecessary extra, but there's two very good reasons for getting it:

One, customers look for the lock symbol because it signifies a certain amount of trust. It says to them "this site is safe to use". It makes them feel as though their information is stored safely and won't be hacked.

Two, it's a myth that not having one is ok, even if just sending people to Paypal. On my site, I store minimal data, like password, shipping addresses, etc. Even sending them to PP, I'm storing and sending info (little mythbusting: SSL is to encrypt data in transit - between my site to PP for example - but does not protect the server or storage of the info in the meantime... since I buy hosting and don't have my own server, I guess it's up to my host to ensure that doesn't happen).

Since I don't accept or deal with credit cards, no worries.

But SSL is mainly a cosmetic thing, a way of telling your customers you are who you say you are. Which is why it's important to go with a trusted company when buying SSL - we trust them to make sure we are who we say we are, and in turn, our customers trust that our certificate makes us safe.

... It's actually a very interesting topic, because it's all dependent on this perception of trust.

And another interesting thing to know: the reason why shared certificates pop up 'errors' is because our browsers come already installed with a set of 'trusted certificate authorities' (like Verisign, Thawte, etc.). So anyone who buddies up enough with Microsoft, etc., gets their name on that list, and are automatically assumed to be trusted; therefore if you buy a certificate from them, you are also automatically trusted. But if you're not on that special list (ie. if I create my own certificate), you're not trustworthy.

So it's all really a matter of who you know...

What a ridiculous system!

I just thought I'd give a small update in case anyone ever installs an SSL certificate: if you use any javascript (like in some website stat tracking codes) it will cause the secure pages to show 'insecure' images, which will cause error or pop up notices. If you use Google Analytics, use their new code, which eliminates this factor.

Additionally, all images on your secure pages MUST be either relative links, or hard coded as https:// and whatever your website url is as listed in your SSL certificate. Again, it throws up error messages and can confuse your customers.