Home – New Forums Tech talk Shared SSL vs Dedicated SSL = difference?

  • This topic is empty.
Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #988286
    LucasArthur
    Participant
    • Total posts: 3,171
    Up
    0
    ::

    Ok Forumites and experts,

    Look past my ignorance, although could someone please spend a few seconds and explain the clear differences between:
    a: Shared SSL
    and
    b: Dedicated SSL

    Am reading through it all and understand what the hosts/resellers are saying as to what i get, although i am more intrigued by what the business using either receives differently or more importantly the customer experience?

    Any insight would be great..

    Thanks for reading
    Jason

    Jason Ramage | Lucas Arthur Pty Ltd | E: [email protected]   P: 61 3 8324 0344    M: 61 412 244 888
    #1166518
    Greg_M
    Member
    • Total posts: 1,691
    Up
    0
    ::

    My understanding is (no expert), shared SSL is offering a secure link to the server, but not offering validation of the domain on it. And dedicated is validating the domain as well.

    Here’s a link that may help … this is who I use for DNS, they also sell SSL certificates, but my experience has been they give you the facts and don’t cross sell, this is their take. They do explain what each can do.

    http://support.dnsimple.com/categories/ssl-certificates/

    Wouldn’t have thought the customer would be any the wiser, either way …??

    Edit: just found this, seemed a bit clearer

    “Note that an SSL certificate requires an IP address assigned to the domain it is installed to, and that IP needs to be used only by that domain. This is why the shared SSL certificate requires you to use the temporary URL, displaying the server hostname. As well the domain name that the SSL certificate covers is very specific – in most cases, an SSL certificate will cover http://www.yourdomain.com or yourdomain.com, not both.”

    Cheers

    #1166519
    EthiSEC
    Member
    • Total posts: 21
    Up
    0
    ::
    estim8, post: 192821 wrote:
    My understanding is (no expert), shared SSL is offering a secure link to the server, but not offering validation of the domain on it. And dedicated is validating the domain as well.

    Just to expand on this a shared SSL certificate means that there is a shared certificate available to all users of a shared server. This means that if you want to secure traffic between your site an a user you will need to redirect the user to your account hostname on your hosting providers domain name.

    estim8, post: 192821 wrote:
    Wouldn’t have thought the customer would be any the wiser, either way …??

    The unfortunate thing is the average user wouldn’t know, however if you want to run a webshop it isn’t ideal IMHO.

    estim8, post: 192821 wrote:
    Edit: just found this, seemed a bit clearer

    “Note that an SSL certificate requires an IP address assigned to the domain it is installed to, and that IP needs to be used only by that domain. This is why the shared SSL certificate requires you to use the temporary URL, displaying the server hostname. As well the domain name that the SSL certificate covers is very specific – in most cases, an SSL certificate will cover http://www.yourdomain.com or yourdomain.com, not both.”
    Cheers

    You don’t use an IP address in a certificate. It is tied the the common name which is usually the fully qualified domain name (FQDN) of your site e.g. http://www.yourdomain.com. This will relate to a DNS A record which will mean the requesting user will be redirected to the IP address of your site.

    You can host an SSL certificate for a virtual host, however some providers may not or do not want to support this configuration which is where the above point may have come from.

    Depending on what you want to do a shared cert may be OK. The reality is the cost of certificates is very reasonable and is my recommended approach.

    You’ll notice that costs range from $50 per upwards. When you are buying a more expensive cert you are really buying an issuance policy or warranty against the root CA certificate being compromised which may lead to you long money. There are also EV or extended verification certificate which verifies you more stringently as the purchaser. The concept of EV certs is to give the end user more confidence in you.

    As with everything read the Ts and Cs before you make a decision.

    Jason


    EthiSEC – Information Technology Security – 1300 67 22 75

    How secure or reliable is your IT?

    #1166520
    Hatching_It
    Member
    • Total posts: 414
    Up
    0
    ::

    JASON!

    Been a while, I’ve been on hiatus..

    If your website is customer facing and has to do with converting sales then absolutely don’t go near shared certificates. Like has been said, you’ll have to change the URL for your SSL protected areas (checkout and account management in WooCommerce) and when these are the two areas that customers are trusting you with their most private data this is the LAST place you want a different URL showing (especially since it’s usually your hosts URL).

    A dedicated IP address should only cost a few dollars a month through your host and you can get a cheap Comodo PositiveSSL for a few dollars as well. Of course better known brands like GeoTrust, Thawte, Symantec all start higher (all three owned by Symantec anyway).

    Drop me PM if you want to chat about anything specifically about your business.

    EthiSEC, post: 192882 wrote:
    You don’t use an IP address in a certificate. It is tied the the common name which is usually the fully qualified domain name (FQDN) of your site e.g. http://www.yourdomain.com. This will relate to a DNS A record which will mean the requesting user will be redirected to the IP address of your site.

    Depending on what you want to do a shared cert may be OK. The reality is the cost of certificates is very reasonable and is my recommended approach.

    The above is kind of correct, but not entirely. You still require a dedicated IP address to install and enable an SSL in MOST environments. Yes, through the release of Server Name Indication (SNI) you can support multiple SSL’s on one IP address but I’ve not seen any of the budget hosts supporting it.

    Places like Ventra IP and Panthur will support SNI and I would wholeheartedly support you looking at those guys if your current host is giving you a bit of a run around for SSLs etc.

    For an eCommerce store that is part of your lifeblood I wouldn’t be running on a server that includes a shared certificate anyway. You really want at least VPS + dedicated IP + SSL. Don’t let someone else’s shoddy security (their poorly configured WordPress installation as an example) affect your own website. And for the sake of store conversions certainly don’t have some else’s domain name coming up!

    Cheers!

    Maclean

    #1166521
    LucasArthur
    Participant
    • Total posts: 3,171
    Up
    0
    ::

    MAtey,

    How the hell are you young man? hows the leg?

    Thanks for info, has assisted me in simple terms of understanding it.. i knew from conversations not viable, although i tend to like the whys though.. and with the replies i have it.. TY all..

    Re ventraip, funny you talk about this as i have just had the week from hell with web site due to shared server (as you site wordpress site of someone else causing the grief on server) and am currently investigating them as an option..

    Look forward to hear how your ‘side projects’ are going..

    Cheers
    Jason

    Jason Ramage | Lucas Arthur Pty Ltd | E: [email protected]   P: 61 3 8324 0344    M: 61 412 244 888
    #1166522
    help4bis.com
    Member
    • Total posts: 268
    Up
    0
    ::
    SimplyReplica, post: 193275 wrote:
    Re ventraip, funny you talk about this as i have just had the week from hell with web site due to shared server (as you site wordpress site of someone else causing the grief on server) and am currently investigating them as an option..

    We are happy to have ya, you know that right… as long as you behave.

    #1166523
    arrowwise
    Member
    • Total posts: 641
    Up
    0
    ::

    Without knowing your full situation; here is a general overview:

    If the shared and dedicated certificate are the same certificate (meaning for example they were purchased from the same place + are technically identical other than the ownership etc), then the customer would be protected / secured equally.

    The main difference based on this scenario is the customer experience and perception of security.

    – With a dedicated certificate you’re more likely to be able to customise the payment processing experience so it is fully integrated into the look and feel of your own website + if the customer clicks on the certificate credentials you can have your own details / company name show.

    – With a shared certificate you’ll often be limited to passing the purchasing customer through a visually / technically different third party process, which can feel less secure from a perception point of view (but no necessarily less secure as such). Also with shared it will be a generic owner or third party details displayed when the customer clicks the certificate ownership details (no big deal but the perception can be less trust).

    We have always used a shared certificate as provided through our hosting supplier since day one spanning thousands of transactions. Customers have never questioned it, and it has never been an issue from a security and data integrity point of view as it equally meets those highest standards as the equivalent dedicated certificate does.

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.