EV certificates

	Home Register Search Help Login

Sponsors

Shopping Cart Software
Ecommerce software integrated into Frontpage, Dreamweaver and Golive templates. No monthly fees and available in ASP and PHP versions.

Website Templates
We also have a wide selection of Dreamweaver, Expression Web and Frontpage templates as well as webmaster tools and CSS layouts.

Frontpage website templates
Creative Website Templates for FrontPage, Dreamweaver, Flash, SwishMax

Search Forums

Recent Posts

Todays Posts
Most Active posts
Posts since last visit
My Recent Posts
Mark posts read

EV certificates

View related threads: (in this forum | in all forums)

Logged in as: Guest

Users viewing this topic: none

Printable Version

All Forums >> Web Development >> Search Engine Optimization and Web Business >> EV certificates

Page: [1]


Joe Hussar Posts: 236 From: Chuluota, FL 32766, USA Status: offline	EV certificates - 12/15/2006 6:20:39 Hi................ SSL providers are offering EV Certificates ............. to qoute their info "Extended Validation SSL Certificates give high-security Web browsers information to clearly identify a Web site’s organizational identity. For example, if you use Microsoft® Internet Explorer 7 to go to a Web site secured with an SSL Certificate that meets the Extended Validation Standard, IE7 will cause the URL address bar to turn green. A display next to the green bar will toggle between the organization name listed in the certificate and the Certificate Authority (VeriSign, for example). Older browsers will display Extended Validation SSL Certificates with the same security symbols as existing SSL Certificates" I use Thawte for my SSL, and to get the EV protection it's ~ $600/yr. I really don't have a feel as to whether this is worthwhile or not. It's certainly not cheap, and doesn't work on many browsers. If anyone has experience with this, or an opinion on it's value I would be very appreciative to hear from you! Thanks _____________________________ Joe Hussar candywebster AT aol DOT com www.candylandcrafts.com/


coreybryant Posts: 2422 Joined: 3/17/2002 From: Castle Rock CO USA Status: offline	RE: EV certificates - 12/15/2006 6:23:53 Verisign is the number one leader in the industry. Comodo is number two. Verisign has bought out most of other companies (Thawte / Geosign) so that are pretty much the same - just they maintained their brand. _____________________________ Corey R. Bryant Merchant Accounts \| Toll Free Numbers \| My Blog \| Expression Web Blog (in reply to Joe Hussar)


Joe Hussar Posts: 236 From: Chuluota, FL 32766, USA Status: offline	RE: EV certificates - 12/15/2006 6:35:51 Thanks for info. Do you think it's worth having? _____________________________ Joe Hussar candywebster AT aol DOT com www.candylandcrafts.com/ (in reply to coreybryant)


jaybee Posts: 14097 Joined: 10/7/2003 From: Berkshire, UK Status: offline	RE: EV certificates - 12/15/2006 7:04:43 At $600! no, not unless you're raking it in. _____________________________ If it ain't broke..... fix it until it is. GAWDS Now where did I put that Doctype? (in reply to Joe Hussar)


coreybryant Posts: 2422 Joined: 3/17/2002 From: Castle Rock CO USA Status: offline	RE: EV certificates - 12/15/2006 9:06:49 Depends. Some merchants look at Verisign and they think security. They then think their customers will think this as well - so they pay quite a bit for the Verisign logo. Comodo has an image as well that they give you. It's about perception. Ten years ago, an SSL cert was over $1,000 dollars. An SSL cert is there to encrypt data. So they all encrypt data? Yes - but what you want is that the SSL issuing authority to be installed automatically on browsers so that customers don't get a pop-up - saying it is an untrusted source. Merchants tend to build their sites on their own beliefs and terms. We usually get Comodo SSL certs for our customers. They have not been bought out by Verisign. Verisign left a bad taste in my mouth a few years ago when it would not release a domain name. And I have a tendency to hold a grudge. So I would not want a cert now from them or any company they have bought out (even though they are the largest). _____________________________ Corey R. Bryant Merchant Accounts \| Toll Free Numbers \| My Blog \| Expression Web Blog (in reply to jaybee)


Reflect Posts: 4768 From: USA Status: offline	RE: EV certificates - 12/15/2006 12:38:54 Remind me not to piss you off Corey . Me on the other side being lower end sites that operate on shoe string budgets. I tend to go with shared certs.. I don't recall ever getting popups for untrusted source or having that reported to us. Would that be a server side miss-configuration? I can/do understand what you are saying about branding and it bringing in more confidence with shoppers. However does an average Joe on-line shopper even know what Thawte or others are? Take care, Brian _____________________________ (in reply to coreybryant)


jaybee Posts: 14097 Joined: 10/7/2003 From: Berkshire, UK Status: offline	RE: EV certificates - 12/15/2006 14:11:36 quote: Would that be a server side miss-configuration? AFAIK, most people just look for the padlock and run a mile if the warning come up and doesn't match. Misconfiguration quite possibly. I have an SSL just gone in on a customer site. They've configured it for the domain so if someone goes in on the sub domain www. the warning appears. Same name but it's irritating. _____________________________ If it ain't broke..... fix it until it is. GAWDS Now where did I put that Doctype? (in reply to Reflect)

coreybryant

Posts: 2422
Joined: 3/17/2002
From: Castle Rock CO USA
Status: offline

RE: EV certificates - 12/15/2006 14:35:07

It's only been seven years Bryan LOL

An SSL cert is issued to a particular domain name - like www.example.com. If you bring up https://example.com instead of https://www.example.com - you will get an error. Something like

quote:

The security certificate presented by this website was issued for a different website's address.

Basically CA (certificate authorities) should be checking the domain name when an SSL cert is issued. Some do and some do not.

If you add unsecure objects / scripts, you will get an error like

quote:

This page contains both secure and nonsecure items.

Do you want to display the nonsecure items?

usually it is a coding error. Or people don't know / understand if they are buying cert themselves. Some people think it needs to be secure.example.com or ssl.example.

There are also wildcard certs - issued to *.example.com so subdomain.example.com, jaybee.example.com, reflect.example.com - etc are all called in a secure manner. Browsers used to not be able to handle these because the SSL was issued to *.example and not subdomain.example.com. Some hosting companies get a wildcard cert and then allow their users to use theirusername.example.com.

if you can generate your own CSR (certificate signing request) via the server, then you have more options to get an SSL cert.

If you do get the

quote:

The security certificate presented by this website was issued for a different website's address.

you should always double check to see what is happening. It could be a mistake or potential fraud

_____________________________

Corey R. Bryant
Merchant Accounts | Toll Free Numbers | My Blog | Expression Web Blog

(in reply to jaybee)


BobbyDouglas Posts: 5445 Joined: 5/15/2003 From: Arizona Status: offline	RE: EV certificates - 12/15/2006 18:49:26 The shared certs that you are talking about are usually something like https://host-name.server-group.com/~my-website Shared certs are perfectly fine for most websites, however, the address url changes to something that is not the same as your website. So if you are at example.com and you use a shared cert, it will change the address to https://host-name.server-group.com/~my-website A $15 cert will have the same level of security as Verisign's $1000 cert. You pay Verisign for their name. I use Comodo SSL too. The service I get when I renew/buy certs is amazing. _____________________________ Arizona Web Design - Mr Bobs Web Design in Arizona The Arizona Web Hosting Challenge (in reply to coreybryant)


Joe Hussar Posts: 236 From: Chuluota, FL 32766, USA Status: offline	RE: EV certificates - 12/16/2006 7:11:29 Thank you all........... good discussion and very helpful! _____________________________ Joe Hussar candywebster AT aol DOT com www.candylandcrafts.com/ (in reply to BobbyDouglas)


jaybee Posts: 14097 Joined: 10/7/2003 From: Berkshire, UK Status: offline	RE: EV certificates - 12/16/2006 9:55:07 Sorted my problem out. This is not a shared cert. The host set it up for domain.co.uk but I had the store set up for www.domain.co.uk. I went in and took the www off but as luck would have it, at about the same time, the host realised what they'd done and added the www. I've now put the www back on the cart and all is hunky dory. _____________________________ If it ain't broke..... fix it until it is. GAWDS Now where did I put that Doctype? (in reply to Joe Hussar)


BobbyDouglas Posts: 5445 Joined: 5/15/2003 From: Arizona Status: offline	RE: EV certificates - 12/16/2006 17:55:48 I've had that problem before. People ask for the "domain" to install the cert on, I usually leave out the www when I deal with domain names, however with SSL certs that www is treated as a sub domain. Oh well _____________________________ Arizona Web Design - Mr Bobs Web Design in Arizona The Arizona Web Hosting Challenge (in reply to jaybee)


randylsmith Posts: 4 Joined: 1/5/2007 Status: offline	RE: EV certificates - 1/5/2007 18:05:32 Has anyone figured out the how-to to get IE to stop telling people my good wildcard certificate is bad? I'm using Windows Server 2003 with a Thawte Wildcard cert. I've done the bindings and all, but now, esp when you use IE 7, IE says there is a problem with the cert and that it doesn't match the web site. Aaargh! (in reply to BobbyDouglas)


jaybee Posts: 14097 Joined: 10/7/2003 From: Berkshire, UK Status: offline	RE: EV certificates - 1/5/2007 18:19:42 What's the message? _____________________________ If it ain't broke..... fix it until it is. GAWDS Now where did I put that Doctype? (in reply to randylsmith)


randylsmith Posts: 4 Joined: 1/5/2007 Status: offline	RE: EV certificates - 1/5/2007 18:37:29 Basically that the web site domain name doesn't match the certificate. I may have found a clue at this web site: http://www.zen-cart.com/forum/archive/index.php/t-30469.html Which basically says that on a wildcard, you can do x.domain.com but not w.x.domain.com because that means you have two subdomains. So, when I do www.mysubdomain.mydomain.com, that is causing the error with Microsoft. I am exploring this now. RLS (in reply to jaybee)


jaybee Posts: 14097 Joined: 10/7/2003 From: Berkshire, UK Status: offline	RE: EV certificates - 1/5/2007 18:54:44 Normally when that message comes up you can check the cert name and the domain it says doesn't match, that'll give you a clue. quote: So, when I do www.mysubdomain.mydomain.com, that is causing the error with Microsoft. I am exploring this now. That sounds right. www. is a subdomain. _____________________________ If it ain't broke..... fix it until it is. GAWDS Now where did I put that Doctype? (in reply to randylsmith)


BobbyDouglas Posts: 5445 Joined: 5/15/2003 From: Arizona Status: offline	RE: EV certificates - 1/5/2007 19:24:20 These are usually things best left to your host to fix for you. It could simply be a bad install of the cert. _____________________________ Arizona Web Design - Mr Bobs Web Design in Arizona The Arizona Web Hosting Challenge (in reply to jaybee)


randylsmith Posts: 4 Joined: 1/5/2007 Status: offline	RE: EV certificates - 1/6/2007 11:25:56 I cannot wait for my host provider -- I AM the host provider! I think BobbyDouglas had it right and I didn't clue in to his clue when I posted that. Microsoft seems to only want to certify one subdomain; why we can't wildcard-certify subdomains of subdomains is beyond me. Nevertheless, this appears to be the answer. Don't use WWW's or anything else in front of your primary subdomain when doing wildcard certifications. (in reply to Joe Hussar)


BobbyDouglas Posts: 5445 Joined: 5/15/2003 From: Arizona Status: offline	RE: EV certificates - 1/6/2007 14:57:26 After looking at this a bit more, apparently the Wildcard SSL certs are only good for first-level sub-domains. I always thought that you could have an unlimited number of sub domains (and sub domains of those sub domains) and still have the wildcard ssl encrypt the content. Looks like you found out the answer yourself. _____________________________ Arizona Web Design - Mr Bobs Web Design in Arizona The Arizona Web Hosting Challenge (in reply to randylsmith)


randylsmith Posts: 4 Joined: 1/5/2007 Status: offline	RE: EV certificates - 1/6/2007 15:48:11 This is true, BD, thanks. I did find the answer. Once I removed the www., it worked just fine. RLS (in reply to BobbyDouglas)

Page: [1]

All Forums >> Web Development >> Search Engine Optimization and Web Business >> EV certificates

Page: [1]

Jump to: 1

New Messages	No New Messages
Hot Topic w/ New Messages	Hot Topic w/o New Messages
Locked w/ New Messages	Locked w/o New Messages

Post New Thread

Reply to Message

Post New Poll

Submit Vote

Delete My Own Post

Delete My Own Thread

Rate Posts