The Professional Membership Plugin for WordPress

 

Your Members and SSL Certificates

If you’re taking payments, using a payment gateway, or planning to use the Facebook module for Your Members, you’ll need an SSL certificate for your payment and login pages. You’ll also need it to provide a suitable HTTPS end point for your Facebook app.

Before You Buy an SSL Certificate

An SSL certificate might seem like nothing more than a mere formality, but you can’t just go out, buy one, and apply it to your domain or server. First, you need to make sure your host can support an SSL Certificate. You should be fine, if you have a VPS or dedicated system, but if you have shared or cloud hosting, you may need to upgrade before getting a certificate.

Also, make sure you have an IP that can be bound to a certificate and that you have “root” or super user access to generate a CSR (certificate signing request). These steps might seem unnecessary, but keep in mind you can’t get a refund if you buy an SSL certificate that you can’t use.

Types of SSL Certificates

There are several types of SSL certificates to choose from:

Self-Signed and Shared

This type of SSL is signed by the owner of the server, or by an organisational who uses wildcard certificate, if there are lots of sites hosted on a single server. Simple, but there is something you should know: They’re easy to spoof, and frequently untrusted by browsers. When this happens, visitors get the “red screen of death”.

Red Screen of Death

Domain Only

This is signed by an “authority” for a single domain. These can be generated quickly and don’t require you to prove who you are. You only have to prove that you own the domain.

Organisation Validation

Also signed by an “authority”, an organisation validation SSL certificate certifies both the domain and the organisation. These take a bit to get back because checks are limited and done by hand. If you’re thinking about getting an organisation SSL, you might want to look at extended validation.

Extended Validation

Like organisation validation, extended validation checks not only cover the domain, but they also cover the organisation applying for the domain. These take several days and will require you to submit detailed documentation. However, once you’ve received your certificate, you’ll have a “green bar” validated certificate. (This is the little green bar that appears in the address bar with the company name in it. This is different from just a green lock or padlock in the address or status bar.)

What to Look For When Purchasing an SSL Certificate

When purchasing an SSL certificate, you’ll want to pay attention to the issuing CA, or Certificate Authority. Except for self-signed certificates, this is the person or organisation who will issue the certificate. Some browsers may not recognise some authorities, so you’ll want to make sure you go with well-known authorities that all major browsers accept, such as Comodo, GeoTrust, Thwate, Trustwave and Verisign.

Normally, an SSL certificate is only good for one domain or subdomain (like secure.domain.com, for example). So, you’ll also need to consider whether or not you’ll need a certificate on multiple subdomains. If you need a certificate for something like secure.domain.com and checkout.domain.com, you’ll need to invest in a “wildcard” certificate.

The other option is to purchase a separate certificate for each subdomain. This can be a bit of a problem, however, since you can only have one certificate per IP address on most setups. So, if you choose to go this way, you’ll need to set up one IP for each certificate.

What SSL Certificate Will Work for Your Members?

There are a large number of SSL certificates, from numerous certificate authorities available that will work just fine. However, we can tell you that 99% of our users have met their requirements with the following certificates:

Budget Options

StartSSL

  • Free
  • Best for the technically-minded
  • No warranty or support
  • Not fully trusted by all major browsers, which causes occasional warnings

Small Businesses and Organisations (Up to 1000 Users)

GEOTrust Quick SSL

  • 256-bit encryption
  • Domain-only validation
  • Single Domain

Comodo Essential SSL WildCard

  • 256-bit encryption
  • Domain-only validation
  • Wildcarded

Large Businesses and Organisations (More than 1000 Users)

Comodo EV

  • 256-bit encryption
  • Extended validation
  • Single Domain

GEOTrust True Business with EV

  • 256-bit encryption
  • Extended validation
  • Single Domain

Coding Futures SSL Certificate Service

If you need help setting up and sourcing your SSL certificate, Coding Futures (the brains behind Your Members) can help. This is part of our WordPress Hardening Service and includes:

  • GEOTrust Quick SSL certificate or True Business with EV
  • Service configuration for the certificate
  • Setting payment flows and login processes to SSL-only
  • Setting up the admin area to be SSL-only or IP-restricted
  • Setting SSL for use with a Facebook application, if you choose to use Your Members Facebook
  • Security hardening of WordPress

The service starts at $150 (USD). Find out more by sending an email to the Coding Futures team: sales@codingfutures.co.uk

 
 

Coding Futures Ltd - Company House Registration number 07350515 registered in England and Wales
Prices are as shown, no additional Sales Tax