What's a fair price for setting up https/an SSL license?


Author Reply
Jiroczech
Flag
Posts:345
Comments:18
Thread Kills:5(1%)
AATG Pts:0
Star Rating
3rd party I work with has been waffling about 'securing' a forum, by which I think they mean using SSL. What do you think a fair price would be for doing that - nothing else, just organising the license and getting the site to run over https. Looking at my personal hosting, once you've got the license is it not just a case of putting everything in a /httpsdocs folder?
#1 at 16:40:17 - 24/05/2007
silentbob
Flag
Posts:409
Comments:0
Thread Kills:20(5%)
AATG Pts:50
Star Rating
The Certificate (not really a license) to be installed on the web server should cost around between 50 and 100 pounds to buy for one year, and take around 2 minutes to install on IIS or Apache web servers.

You can buy it yourself, I'd recommend Verisign - but some of our customer use Thawte as they are cheaper. If you want to go down this road, you need to ask your providers to produce an Certificate Request (CSR) file and send it to you. It's then just a case of the certificate issuer verifying the registrant's details etc.

Let me know if you need any more help.
#2 at 16:48:33 - 24/05/2007
Jiroczech
Flag
Posts:345
Comments:18
Thread Kills:5(1%)
AATG Pts:0
Star Rating
Cheers silentbob! You see... that's what I thought. This joker was talking about 2 days work, or near enough 1500. We're not following it up anyway, but I've asked him for a breakdown of his costs just to have a laugh.
#3 at 16:58:18 - 24/05/2007
HairyArse
Flag
Posts:6388
Comments:1774
Thread Kills:127(2%)
AATG Pts:350
Star Rating
Gold Medal
So let me get this right, you just buy that S that goes after the http for 150 and people automatically think your website is more secure?

Does it not have to be tested or owt?
#4 at 17:03:07 - 24/05/2007
Jiroczech
Flag
Posts:345
Comments:18
Thread Kills:5(1%)
AATG Pts:0
Star Rating
I know very little about it, but it's just a secured connection between the server and the client, so I wouldn't think it's hard to set up.

The security is guaranteed by the certifying authority (Thawte or whatever) so it's their rep that's on the line I suppose.
#5 at 17:08:54 - 24/05/2007
silentbob
Flag
Posts:409
Comments:0
Thread Kills:20(5%)
AATG Pts:50
Star Rating
HairyArse said:So let me get this right, you just buy that S that goes after the http for 150 and people automatically think your website is more secure?

Does it not have to be tested or owt?

What you pay for is essentially the verification and the certificate proves that verification. The 'S' tells the broswer to connect over TCP port 443 (ssl) instead of standard port 80, which in turn secures communication between your browser and the web server.

In reality, you can create dummy certificates and install them without the verification, but all browsers are now coded to warn you every time this is the case. Besides, the whole point is that the consumer knows to trust your server as secure and that you are who you say you are, that's the part you pay for with verisign et al, along with I believe insurance against any denial of service whilst using one of their certificates.

In short, your providers are talking absolute shite. We install all SSL certs for free, which should be the standard really.
#6 at 19:19:16 - 24/05/2007
Nuttah
Flag
Posts:157
Comments:7
Thread Kills:9(6%)
AATG Pts:80
Star Rating
Bronze Medal
woah.. way too late to the party...

i'm a little confused here, why the hell would you need a "proper" ssl certificate for a forum? Can you not create your own and use that? such as using easyrsa for example
#7 at 12:36:34 - 25/05/2007
Jiroczech
Flag
Posts:345
Comments:18
Thread Kills:5(1%)
AATG Pts:0
Star Rating
Thanks for the info, silentbob and Nuttah. It's a side of the business I know very little about but I knew enough to think the guy was talking shite.

The forum would be used by Criminal and Youth Justice workers, probably talking about very sensitive stuff, so there was some concern about keeping it all private. We were kind of relying on out developers (our site runs on their CMS) to be honest about the options but when the guy started talking about an extra 1500 to secure the forums and mentioning SSL in the same breath it all sounded a bit fishy to me. He's dodged my questions by email but I've got a meeting with him next month so I'll have to ream the fucker.

Nuttah: Cheers, I'll take a look at easyrsa and see what it's all about.
#8 at 12:50:14 - 25/05/2007

home