Hello, I have 2 SSL questions: 1. I am using a live site (hosted by Winhost) as a staging/development environment for projects I work on. I do not have my own company at this time. I would like to purchase a RapidSSL Certificate to secure part of my site (again, for development reasons). I noticed that the CSR request requires you to put down an Organization name and that this is the company name. Can I just use my own name for this? (I have no problem if my name comes up on a Users browser if they choose to look at the certificate). 2. I would like to secure only certain sub-folders in the site, hopefully with the ability to change which sub-folders are secured from time to time. I read the article in Winhost's knowledge base article explaining how to secure domain names and sub-domain names (by choosing the correct Common Name for the CSR), but how do you install the certificate to effect only certain subfolder(s) of a URL? Thanks for your help. Dan
Good practice and good designs means you actually put your Organization name but you can put what ever name you want on it. Keep in mind that if you purchase a more expensive SSL Certificate such as an EV certificate, the company you are going to use to purchase the SSL certificate from may do a little investigating and verifying to make sure that the SSL certificate to is a legitimate company. But if you purchase the common SSL certificate than it shouldn't be a problem. Try looking at this forum thread for some instructions to force http calls to a https pipe line. http://forum.Winhost.com/showthread.php?t=8437
Yes. If you intend to use the certificate on more than one subdomain you need a wildcard certificate. That will work on any subdomain or directory on the domain. That flexibility comes at a price though, as a wildcard cert is more expensive than a regular cert. Everything being covered (by the wildcard certificate) doesn't necessarily mean that everything has to use SSL. You just link to the parts you want to cover using https://. Edit: Ray beats me to the punch again!
Thanks to you both. I misread the article on how to install the cert for which URL, thinking the SSL would automatically kick in. But now I see you also have to access the page using the protocol you want to use (by re-direct, a link or manually). Thanks again. Dan
