I'm writing a billing module for a startup i'm working on. It's my first time buying an SSL cert. I only need a cert for a single domain. Is the standard SSL cert from godaddy ($29.99/yr) all that I need?
I plan to get an authorize.net compatible merchant account and didn't know if they would require the deluxe or premium certs. I'm side strapping this business so I'm trying to do it on the cheap. Thanks
You need to buy a cert from a trusted root authority for your specific domain. I would talk to your hosting provider, as they will need to install the cert etc and may have a mechanism in place for you to go and buy one.
If you're really trying to do it on the cheap, I would def recommend paypal or any other similar service over rolling your own.
Edit: Also, this isn't programming related, maybe something along the lines of "What would a low cost, easy to implement, billing solution be?"
Different certificates sold through the lucrative business of Certificate Authorities carry different price tags, for a few reasons. The most noticeable to clients visiting your web site is how much information the CA decided to "assure", based on how much you paid.
If you could convince your clients that a self-signed certificate has indeed not been compromised, and guarantees no eavesdropping-on-the-internet, then you could get away with $0 certificate cost.
However, users want more than that.
The GoDaddy standard certificate offers domain validation. GoDaddy is recognized by browsers, and will tell your clients that yes, we issued this certificate to https://billing.yourhost.domain, and if you see a website called https://webstore.yourhost.domain using the same certificate, there will be an error in the validation.
Depending on your needs to give client assurance, you may require/desire a certificate for which GoDaddy or another provider will validate a point-of-contact with a business so that when I visit https://billing.washingtonwidgets.com, I can see that this Web site is registered to "Washington Widgets, Ltd.", as opposed to someone who can buy a DNS name for $5 and open up https://paymeinstead.therealwashingtonwidgets.com. This is more "assurance" against spoofers. A spoofer may be able to get a domain validated certificate for a web site which carries a similar name to yours. This extra "assurance" costs more, and several large companies will back the assurance with a warranty, too.
A new type of SSL called EV SSL is marketed to represent one of the highest levels of assurity, and browser vendors are participating in presenting notification to users in a clear manner when a site uses an EV SSL certificate.
An aside from SSL: Now, do you need your own site to be secure? Or can you write a billing module and send a ticket off to a third party ticket billing site such as PayPal, authorize.net, etc. The term you want to look for is payment gateway. Often times these services will charge a small commission, instead of a yearly premium for a similar, but different kind of assurance. They usually offer API's that you can link through your application to create an end-to-end billing experience.