To https or not https ?

[sfinlay]

Hi
I'm trying to set up zencart for the first time. Before I start can anyone help with the following.

Do I have to have some secure web space (https) to use zencart or is it possible to use it with "normal" web space ?
I'm setting up a small website for a local theatre group, hoping to sell some merchandise etc with the idea of using paypal to process transactions.
I thought paypal would do this securely at their end so there would be no need to have secure web space on my site.
Any thoughts appreciated

[Vger]

Full ssl certs are so cheap these days that there's really no excuse for not having a cert. Most hosting companies provide decent shared ssl certs as part of the package at no extra cost if you don't want to spend $20-30 on a full ssl cert.

I would never do business with an online site that did not protect my account login details and account information with encryption.

Vger

[DrByte]

If all you're doing to collect payment is using paypal, then you don't need protection for client CC information ... BUT you are still collecting customer name, address, phone, email, etc ...... and people-in-the-know will be appreciative of knowing that you are protecting their personal information with SSL encryption.

Also, don't buy a 40-bit encryption certificate... those are obsolete nowadays. Go for 128-bit.

[Vger]

Also, don't buy a 40-bit encryption certificate

I didn't know anybody was still selling them

Vger

[sfinlay]

Thanks for the comments folks.

I was just curious as to whether it was essential to have some secure web space for Zencart to work properly. From what you say it looks like you don't need to, so that's fine as I can muck about with zencart before I get down to selling anything.

[FluffyTigger]

I didn't know anybody was still selling them

Vger

They don't, the encryption strength is auto-negotiated between the Server and Browser. You usually get AES-256 bits with FireFox and an updated Apache. The certificate is only used as an encryption and decryption keys.

[sfinlay]

I've had alook around and came across www.prontossl.com
They seem to offer very cheap deals. Has anyone heard of this company?

Just one quick question. Not entirely sure how this ssl malarky works. If I was using e.g. paypal to process customer payments would I still need to have some actual secure webspace to go with an SSL certificate or would I just need a certificate on its own?

[FluffyTigger]

The SSL certificate have encryption keys that allow your servers to set up a secure connection. Then all you have to do is use https instead of http and the server secure any normal URL for you through the use of your SSL certificate.

Haven't heard of the company, but the prices are only ok, not too cheap, I've seen RapidSSL being offered for $15 USD before by other resellers, so 15 pounds is certainly reasonable. It look like their prices are in GBP instead of USD so it's like an 88% markup from what I've seen other resellers are selling those things for.

[TGS]

I am looking into SSL right now myself.

Would you have any recommendations on where to purchase?

[FluffyTigger]

If you're small and going for something that'll do but don't need premium stuff then the picking point should be the seal, some of those like the Rapid SSL one doens't have an interactive verify seal. All they have is like an image file. Get something with a nice looking seal that you can click on if you're going to be presenting it to the customers.

I usually just get them at Godaddy, got a few installed on my sites and a few client's web site. Smooth install on Plesk, can't say about cPanel. They give you a small flash seal with your site's URL and it's clickable.