SSL - newbie

[Josh]

I am making a website that transmits customers' credit card numbers over the
Internet.

I am trying to figure out how to do this. Someone mentioned that I need to
get an SSL certificate? I tried to find tutorials on the Internet but all I
could find was information about setting up SSL for system administrators.

Can anyone point me in the right direction?

I went to Verisigns's website -- am I going in the right direction? It is
saying $350/year for 40-bit encryption and $900 for 128. Do I need to pay
this much money to take credit card transactions? ($900 is too much because
the feature that I am adding to the site saves less than that per year.)
Once I pay money to someone for this certificate, how do I set the site up
to make secure transactions and then transmit the credit card numbers from
the server to my email address. Is there any way to do this without paying?
What is the difference between SSL and SHTTP -- or "what is the cheapest way
to do this?"

Thanks in advance to anyone that can offer help.

 

[Richard]

I am making a website that transmits customers' credit card numbers
over the
Internet.

I am trying to figure out how to do this. Someone mentioned that I
need to
get an SSL certificate? I tried to find tutorials on the Internet but
all I
could find was information about setting up SSL for system
administrators.

Can anyone point me in the right direction?

I went to Verisigns's website -- am I going in the right direction? It
is
saying $350/year for 40-bit encryption and $900 for 128. Do I need to
pay
this much money to take credit card transactions? ($900 is too much
because
the feature that I am adding to the site saves less than that per
year.)
Once I pay money to someone for this certificate, how do I set the site
up
to make secure transactions and then transmit the credit card numbers
from
the server to my email address. Is there any way to do this without
paying?
What is the difference between SSL and SHTTP -- or "what is the
cheapest way
to do this?"

Thanks in advance to anyone that can offer help.

For starters, you might want to enquire dealings with businesses like
2checkout.com.
For a much smaller fee, let them handle the deal.
Do not use paypal.

 

[Simon]

Hi, Josh

I am making a website that transmits customers' credit card numbers over the
Internet.

I am trying to figure out how to do this. Someone mentioned that I need to
get an SSL certificate? I tried to find tutorials on the Internet but all I
could find was information about setting up SSL for system administrators.

Can anyone point me in the right direction?

I went to Verisigns's website -- am I going in the right direction? It is
saying $350/year for 40-bit encryption and $900 for 128. Do I need to pay
this much money to take credit card transactions? ($900 is too much because
the feature that I am adding to the site saves less than that per year.)
Once I pay money to someone for this certificate, how do I set the site up
to make secure transactions and then transmit the credit card numbers from
the server to my email address. Is there any way to do this without paying?
What is the difference between SSL and SHTTP -- or "what is the cheapest way
to do this?"

You will need to tell your web host which domain you need an SSL for
(e.g. secure.domain.com). Your web host will need to generate a
Certificate Signing Request (CSR) and send it to you. You send the CSR
to a firm which generates SSL certificates, supply any extra info they
need (i.e. proof that you and/or your business exists!), supply your
credit card details, and they will generate a certificate for you. Then
you forward the certificate to your web host for installation.

I use InstantSSL (http://www.instantssl.com) - they are cheap and fast,
and there are real, live human beings there to help you if you get stuck
(yes, I've contacted them. I know they exist!)

Once the certificate is installed, you will need to install a CGI script
to get the credit card details and email them to you - do a search on
Google, and you will probably be able to find a free CGI script. But I
doubt you'd be able to get a free SSL certificate.

Regards
Simon
Custom Net Hosting
http://www.customnethosting.com

 

[Duende]

While sitting in a puddle Richard scribbled in the mud:

For starters, you might want to enquire dealings with businesses like
2checkout.com.
For a much smaller fee, let them handle the deal.
Do not use paypal.

Why noy Paypal?

 

[Hywel Jenkins]

I am making a website that transmits customers' credit card numbers over the
Internet.

I am trying to figure out how to do this. Someone mentioned that I need to
get an SSL certificate? I tried to find tutorials on the Internet but all I
could find was information about setting up SSL for system administrators.

Can anyone point me in the right direction?

I went to Verisigns's website -- am I going in the right direction? It is
saying $350/year for 40-bit encryption and $900 for 128.

Ask your host for assistance. http://www.freessl.com/

 

[Josh]

For starters, you might want to enquire dealings with businesses like
2checkout.com.
For a much smaller fee, let them handle the deal.
Do not use paypal.

We aren't charging the cards... we just need the credit card numbers to
guarantee accommodation reservations. I looked at 2checkout.com and they
want 5.5% on transactions -- that seems quite expensive...

 

[Josh]

Hi, Josh
You will need to tell your web host which domain you need an SSL for
(e.g. secure.domain.com). Your web host will need to generate a
Certificate Signing Request (CSR) and send it to you. You send the CSR
to a firm which generates SSL certificates, supply any extra info they
need (i.e. proof that you and/or your business exists!), supply your
credit card details, and they will generate a certificate for you. Then
you forward the certificate to your web host for installation.

I use InstantSSL (http://www.instantssl.com) - they are cheap and fast,
and there are real, live human beings there to help you if you get stuck
(yes, I've contacted them. I know they exist!)

Once the certificate is installed, you will need to install a CGI script
to get the credit card details and email them to you - do a search on
Google, and you will probably be able to find a free CGI script. But I
doubt you'd be able to get a free SSL certificate.

Thanks for your reply. I looked at www.instantssl.com and it looks cheap.
Since we don't charge the credit card (we just take the cc number through a
form and hold it as a guarantee) it looks like the $50 per year SSL might
work -- much better than the $900 that I was looking at.

 

[ghoul]

For starters, you might want to enquire dealings with businesses like
2checkout.com.
For a much smaller fee, let them handle the deal.
Do not use paypal.

moron...............

 

[Toby Inkster]

I am making a website that transmits customers' credit card numbers
over the Internet.

I don't mean to be rude, but if you're asking all these questions, then
you really shouldn't be "making a website that transmits customers' credit
card numbers over the Internet."

You mention "SHTTP" and you say that you want to then e-mail the details
from your server to your address (SMTP is an insecure protocol).

Use ProtX or a similar third-party payment solution.