Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Do I need an SSL certificate for a website that allows peopl

Nov 25, 2010 3:49PM PST

It is technically a foundation, a non profit organization website, which will allow people to make donations for the cause. Is purchasing an SSL certificate for this site a good idea?
If i have to purchase then which one is better for such a site?

Discussion is locked

- Collapse -
Yes, it's a good idea to use SSL ...
Nov 25, 2010 4:21PM PST

when you ask people to enter sensitive data like their creditcard data.

Kees

- Collapse -
But for payment processing ...
Nov 25, 2010 4:40PM PST

it's a far better idea to use the services of a Payment Service Provider. It's their business to handle such safely for a small fee.

If people only leave their email address on your site to subscribe to the monthly newsletter, using SSL is far less necessary.

Kees

- Collapse -
Reposted for olivia. Without link.
Dec 14, 2010 6:30PM PST

Yes...you should get an ssl certificate. A certificate encrypts the private data of the users. So even if you are using paypal as a mediator, still you should get a certificate. You can buy it from a reseller or directly.

- Collapse -
ssl for sensitive information
Nov 10, 2011 11:29PM PST

in this case, the call for SSL depends on who tracks the donators information. If all you are doing is passing it to a service like Paypal who will take their naming information and payment, then your in the clear to not use SSL. My guess is you may be collecting the info on your site as well (for records purposes?). If that is the case you definately should get an SSL certificate. They are pretty cheap if you really need it (under $30 for a year). Setting it up may be more difficult / time consuming but most registrars will walk you through that.

- Collapse -
PCI Compliance
Nov 14, 2011 4:34AM PST

If you are handing the donations over the web site yourself (not through paypal or another payment service) then it is not only a good idea, it is a requirement.