Can I use SSL (secure server) pages?
It’s possible to use SSL security for your Web site on our servers. Doing so allows you to display secure, encrypted pages to your visitors.
You’ve probably seen SSL security in action when you purchased something online: your Web browser activates the “lock” icon and tells you that your connection is secure. Encrypted pages are used to submit credit card numbers, passwords, and other sensitive information.
To use SSL security on your Web site, you need what’s called an “SSL certificate”. The SSL certificate serves two purposes: it allows your visitors to encrypt the information they send to your Web site, and it proves your identity to visitors.
There are three different options for using an SSL certificate with a site hosted on our servers:
- Option 1: Dedicated SSL certificate ($19 a year for the certificate, Gold or Platinum hosting plan required)
- Option 2: Self-signed SSL certificate (free certificate, Gold or Platinum hosting plan required)
- Option 3: Shared SSL certificate for individual images (free for all hosting plans)
If you aren’t sure which one to get, you should choose the first option, a dedicated SSL certificate. The others are not appropriate for most situations.
Option 1: Dedicated SSL certificate ($19 a year for the certificate, Gold or Platinum hosting plan required)
The first option is to purchase an SSL certificate for your Web site. This allows people to securely connect to your site using addresses starting with:
https://www.example.com/
This indicates to knowledgeable visitors that an independent third party has verified your identity and that all information is encrypted when sent to your Web site to ensure privacy.
We sell AlphaSSL certificates (issued by GlobalSign) to make this work. AlphaSSL certificates also include a clickable security seal image you can place on your Web site.
By default, AlphaSSL certificates let users connect to your domain name both with and without the leading “www”. For example, one AlphaSSL certificate will support both “example.com” and “www.example.com”. If you prefer, you can have the certificate issued for a different hostname instead, such as “store.example.com”. However, if you choose this option, it will not simultaneously work for the standard “example.com” or “www.example.com” hostnames.
To use an SSL certificate, your domain name must be on our Gold or Platinum hosting plan. These plans include the “dedicated IP address” required for the SSL certificate to work. If your domain name is on the Silver hosting plan, we’ll upgrade it to the Gold plan when you order.
Our price for standard AlphaSSL certificates is $19.00 per year. Buying a certificate through us saves you $46.00 compared to GlobalSign’s standard retail price for AlphaSSL certificates.
We also offer “wildcard” AlphaSSL certificates that work for your domain name and every other single-level subdomain beneath it. The advantage is that you don’t have to choose the specific hostnames in advance. Wildcard certificates cost $49.00 per year, saving you $200.00 compared to GlobalSign’s retail price.
Keep in mind that AlphaSSL certificates are nonrefundable and are not included in our money-back guarantee as long as they work properly, even if you cancel your Web hosting service. (This is because we use most of what you pay us to buy the certificate from GlobalSign, and they don’t offer refunds.)
To order an AlphaSSL certificate, login to the “My Account” control panel and click SSL Certificate. It usually takes about one business day to purchase and install a custom SSL certificate from us.
Option 2: Self-signed SSL certificate (free certificate, Gold or Platinum hosting plan required)
The second option is to use a “self-signed” certificate. This type of certificate also allows you to connect securely to your Web site, but causes every secure visitor’s browser to initially display a security warning. The warning tells the visitor that your Web site’s identity hasn’t been checked by a trusted third party.
Most browsers allow you to suppress the “untrusted” warning after they’ve displayed it once, so a self-signed certificate may be useful if you (and perhaps a small number of other people in your organization) will be the only ones using your Web site securely. You already trust your own Web site, so the initial browser warning isn’t a problem.
For example, you can use a self-signed certificate to login securely to your WordPress blog. This would protect your WordPress username and password, Web site cookies, and all of your content.
You should not use a self-signed certificate for secure pages that will be visited by people you don’t know, such as an online store. They won’t trust your site because of the initial browser warning. For a public site, use an AlphaSSL certificate instead.
You can get a free self-signed certificate for any domain name on our Gold or Platinum hosting plan (which offer the “dedicated IP address” required for the SSL certificate to work). There’s no charge for the certificate itself.
To order a self-signed certificate, login to the “My Account” control panel and click SSL Certificate. If your domain name is not on the Gold or Platinum hosting plan, the screen will allow you to upgrade.
It takes about one business day until the certificate is working.
Option 3: Shared SSL certificate for individual images (free for all hosting plans)
The third option is to share our existing SSL certificate when creating secure links to individual images (only). There’s no extra charge for this: simply create links to your secure images beginning with:
https://shared.tigertech.net/example.com/
This option may be suitable if you just want to use an “https://” path for an image file within an external secure page. For example, if you sell using PayPal, and the secure PayPal page needs to include an image via “https://” (in order to prevent your customer from seeing a warning message), you can use our shared certificate when referencing the image file. You might tell PayPal to use a path like this to your image:
https://shared.tigertech.net/example.com/images/logo.gif
However, this option is not an appropriate solution for creating secure links to other Web pages. It appears less professional than obtaining a dedicated SSL certificate, because our domain name is included in the address. Knowledgeable visitors may be concerned when the domain name in their address bar changes. Some people may even be suspicious of your site, which is probably not what you want when using SSL certificates. Finally, this uses a “proxy connection” to convert the original secure connection to a non-SSL connection within our data center network, which can cause obscure technical problems when used with some scripts.
We don’t recommend this option to anyone but the smallest users of SSL-enabled images. With the increased concern about security in the modern Internet, you’ll almost certainly want to use a dedicated certificate instead (option 1 above).
A reminder about credit card number security
When you use an SSL certificate to collect credit card numbers, remember that it only protects the visitor’s card number as it passes between his or her Web browser and your Web site. It does not help you securely store credit card numbers in a file or a database on the Web server, nor does it send the card numbers to you securely afterwards. Be sure your e-commerce system handles that end of the transaction in a secure manner (usually by using encryption to safely forward the data to another server at your credit card company).
Does Tiger Technologies sell SSL certificates for use on other servers?
We only sell SSL certificates for Web site hostnames that are hosted on our Web servers. We don’t sell certificates for use with other Web servers, or for use with mail servers.