Need SSL Cert for connecting to secure web service

Question

Hey Guys,

I'm new to using SSL Certs and am having trouble getting help from the Service Provider I'm connecting to. I'm using PHP on the backend to handle the connection.

The setup is as follows:

1. User enters details into form, ajax sends the details back to Our server

2. Our server then connects using curl to 3rd party service sending away data in XML format

3. The 3rd party server replies with the data

4. Our server responds to the browser

Now the problem I'm having is figuring out who has to do the SSL cert, they are saying that I need to buy and install an SSL cert to connect to their server but I thought that it was the server receiving the connection that needs to handle SSL? If I brought an SSL cert wouldn't that only allow me to setup a secure connection between our server and the client's browser?

Please help before I lose my mind!

Thanks Mark

Answer 1

You need to secure the Ajax connection between the browser and your server with a SSL connection if you are transferring sensitive data.

Edit: Sorry, I only answered your second question. The SSL certificate is configured by the entity whose server is being secured, so no you would not purchase a certificate to secure the call to THEIR server (Steps 2 & 3). But your Ajax call is totally on your end between your client's browser and your server, so you'd need one for Steps 1 & 4.