Can I use SSL (secure server) pages?
It's possible to use SSL security for your Web site. Doing so allows you to display secure, encrypted pages to your visitors.
You've probably seen SSL security in action when you purchased something online: your Web browser activates the “lock” icon and tells you that your connection is secure. Encrypted pages are normally used to collect credit card numbers and other secure information using CGI scripts.
To use SSL security on your Web site, you need what's called an “SSL certificate”. The SSL certificate serves two purposes: it allows your visitors to encrypt the information they send to your Web site, and it proves your identity to customers.
There are three different options for getting an SSL certificate. To use SSL security, you would need to choose one of these options.
Option 1: Use a dedicated SSL certificate
The first option is to purchase an SSL certificate for your Web site. This allows people to securely connect to your site using addresses starting with:
https://www.example.com/
This type of address looks extremely professional and indicates to knowledgeable visitors that an independent third party has verified your identity, and that all information is encrypted when sent to your Web site to ensure privacy. SSL encryption is often used to protect sensitive information (usernames and passwords, credit card numbers, other content) for online stores, e-mail, and user forums.
We sell AlphaSSL certificates (issued by GlobalSign) to make this work. AlphaSSL certificates also include a clickable security seal image to place on your Web site.
By default, AlphaSSL certificates provide the ability for users to connect to your domain name both with and without the leading “www”. For example, one AlphaSSL certificate will support both “example.com” and “www.example.com”. If you wish, you can instead have the certificate issued for a different hostname, such as “store.example.com”. However, if you choose this option, it will not simultaneously work for the standard “example.com” or “www.example.com” hostnames.
In order to use an SSL certificate your domain must be on our Gold or Platinum plan. These plans include the “dedicated IP address” required for the SSL certificate to work. If your domain is currently on the Silver plan we will upgrade it to the Gold plan.
Our price for AlphaSSL certificates is $19.00 per year. Buying a certificate through us saves you $46.00 compared to GlobalSign's standard retail price for AlphaSSL certificates ($65.00). Please note that AlphaSSL certificates are nonrefundable and are not included in our money-back guarantee, even if you cancel your Web hosting service. This is because we buy the certificate from GlobalSign, and they don't offer refunds. However, we can provide you with the Apache SSL certificate files you purchased, which may allow you to use them with a different hosting company (if they use compatible Web servers).
To order an AlphaSSL certificate, login to the “My Account” control panel (having trouble?) and click SSL Certificate. It usually takes about one business day to purchase and install a custom SSL certificate from us.
Option 2: Use a self-signed SSL certificate
The second option is to use a “self-signed” certificate. This type of certificate allows you to connect securely to your Web site, but it causes the browser to display a message warning that your Web site may not be trustworthy.
A self-signed certificate may be a good solution if you will be the only person using your Web site securely. For example, you can use a self-signed certificate to login securely to your WordPress blog. This will protect your WordPress username and password, Web site cookies, and all of your content.
If you are the only person who will be using your Web site securely, then having your browser display the security warning may be fine for you. However, you should not use a self-signed certificate to secure a site that will be used by other people, such as an online store, because the browser's warning message would cause many people not to trust your store. For a public secure site, you should use an AlphaSSL certificate as described above.
You can get a free self-signed certificate, so long as your domain is on our Gold or Platinum plan. These plans include the “dedicated IP address” required for the SSL certificate to work. If your domain is currently on the Silver plan we will upgrade it to the Gold plan.
To order an AlphaSSL certificate, login to the “My Account” control panel (having trouble?) and click SSL Certificate. It usually takes about one business day to purchase and install a custom SSL certificate from us.
Option 3: Share our SSL certificate
The third option is for you to share our existing SSL certificate when creating secure links to specific individual images or other files. There's no extra charge for this: simply create links to your secure images beginning with:
https://www.tigertech.net/ssl/example.com/
This option is a good solution if you just want to use an “https://” path for an image file within a secure page. For example, if you sell using PayPal, and the secure PayPal page needs to include an image via “https://” (in order to prevent your customer from seeing a warning message), you can use our shared certificate when referencing the image file. You might tell PayPal to use a path like this to your image:
https://www.tigertech.net/ssl/example.com/images/logo.gif
However, this option is not a good solution for creating secure links to Web pages. It appears less professional than obtaining a dedicated SSL certificate, because our domain name is included in the address. Knowledgeable visitors may be concerned when the domain name in their address bar changes. Some people may even be suspicious of your site, which is probably not what you want when using SSL certificates. To secure public Web pages you should instead use an AlphaSSL certificate (option 1 above).
A reminder about credit card number security
When you use an SSL certificate to collect credit card numbers, remember that it only protects the visitor's card number as it passes between his or her Web browser and your Web site. It does not help you securely store credit card numbers in a file or a database on the Web server, nor does it send the card numbers to you securely afterwards. Be sure your e-commerce system handles that end of the transaction in a secure manner (usually by using encryption to safely forward the data to another server at your credit card company).