I need a cheap, trustworthy, reliable certificate for a web application for a non-profit, and a walkthrough on how SSL is set up and used.
I'm in process of wrapping up a web app (read: much further away than I think)
to prepare it for transfer off my local machine to the webhost, and it's only just now occurred to me that I need a certificate to have encrypted connections.
Currently none of the pages are accessible without logging in, and the passwords are both hashed and salted, but all that's for naught if the username/password pair is sent in plaintext. And, after thinking about it a bit, I decided I wanted all
traffic to and from the site to be encrypted. (It's a database of local volunteers: real names, mailing addresses, email addresses, phone numbers, etc.)
I've looked through these posts
and found this thread
, this thread
, and this comment
useful for finding cheap certificate sellers. From those discussions I'm leaning towards GoDaddy for the certificate, though I'm wondering if there's anything more than the controversies listed at Wikipedia
that I need to take into account in dealing with them.
Also I'd need a for-dummies level explanation of how certificates are actually set up and used
: are there any particularly good books, sites, threads, other resources that will walk me through the installation process and help me set up the pages so that they're encrypted? I've never done this before, so the simpler/more painfully clear the explanation, the better.
Finally, am I right in thinking that if I buy the certificate for the site, then there's no way to test it on my local server? (And so it would be best to put up the database with fake data in some test location, at least until I've got the SSL working properly? I imagine that, as with most of the rest of this project, it isn't going to be a quick and easy task.)