• 10

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191


File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

You can even have a free SSL certificate for your site that is accepted by every major browser. You can get it at StartSSL.

One certificate is mostly for the root domain (foo.com) and one subdomain (www.foo.com) at least at StartSSL I know that for sure but I guess that would be the same for namecheap.com.

  • 4
Reply Report

In particular, can anyone tell me what the difference is between "Positive SSL" and "Essential SSL"?

For your purpose, the fact you one it for one app (and assuming on one server), they are exactly the same.

I can speak from experience that if you purchase PositiveSSL - you will be covered for both www.example.com and example.com, even though it's the cheapest.

  • 2
Reply Report

I'd be a bit leery of the comodo certificates -- they were hacked pretty recently and are not exactly trusted. Geotrust is a better option.

By "not exactly trusted" I mean they are hard to trust -- the fundamental underpinning of the system that SSL uses is the people with trusted root certificates will not have issues like Comodo had last year. Now, I will say Comodo handled it pretty well all things considered. But it should not have happened in the first place. Why go with someone who was compromised when there are other options out there.

Rather than worry about handling multiple hosts on one cert, you might be better off using a different virtual site listening to the non-ssl traffic on your site to redirect everything to the single HTTPS host you are using. This is a win in multiple ways -- gets everybody on the right url and on SSL. Lazy users don't get errors when they forget the https prefix.

  • -2
Reply Report
      • 1
    • I've downvoted you because "not exactly trusted" is unsubstantiated (I have used several certs for years, and never had a warning, so you need to show what browsers they are now untrusted on) and because the www is issued as part of the example.com certificate so there is no worry (worst case, it's only valid for example.com).
      • 2
    • Fair enough -- I expanded the answer a bit to hit on what I meant by "not exactly trusted" and why redirects make sense.
      • 1
    • It is clear what you meant, but my issue is that it's said without merit. Just because you feel a little less happy does not mean they are hard to trust in general: as I said, I can't name a browser/OS that has revoked the CA, so by definition, it's trusted. "Why go with someone who was compromised when there are other options out there." - I hope you understand that a compromised CA does not compromise your certificate in any way (assuming the CA isn't revoked) - unless you gave them your private keys. Personally I think https://(www.)example.com/ is nice and clean, I don't want to redirect

Trending Tags