I hate to be a complete newbie, but I am totally lost as far as SSL goes.

What do I have to do to acquire an SSL Certificate? I've gone through creating a key, a certificate, and a signing request in cPanel, but my OSC still tells me I'm not secure. Do I need to go outside of Bluehost to have this signed? If so, what is a good choice?

Thanks for any info at all!

I do believe these two items will be helpful to you:
What is the Path to my shared SSL certificate? (http://helpdesk.bluehost.com/kb/index.php?x=&mod_id=2&root=16&id=143)
What is required to install an SSL on my account? (http://helpdesk.bluehost.com/kb/index.php?x=&mod_id=2&root=16&id=229)

I didn't even think to look there lol.. Thank you very much!

I've got SSL working now, thanks =D however, one more question: does anyone know how to set up .htaccess (I assume that's what needs to be changed, anyway) so that my URL is "https://myredneckstore.com" rather than "https://myredneckstore.com/~myrednec/" ?

To be able to use: https://www.yourdomain.com (has nothing to do with .htaccess)
You will need to purchase an SSL cert...
You can get one at:
https://www.securepaynet.net/gdshop/ssl/ssl.asp?prog_id=scottcrew&ci=1789

Also, you will need to purchase a dedicated IP from Blue Host to install the certificate to.

BlueHost's shared SSL is fine for most applications. Pretty much the only reason to have your own SSL cert is to keep a consistent domain name identity through out the site.

BTW, .htaccess has to do with password protecting directories of the server.

HTH!

BTW, .htaccess has to do with password protecting directories of the server.


Actually it can do a lot more than just password protect directories.

Although not needed to set up SSL for a Bluehost account, you can do quite a few things with .htaccess and SSL directives:
Apache SSL Docs - http://www.apache-ssl.org/docs.html
See "Context" in each directive for .htaccess

And lots of other uses - http://en.wikipedia.org/wiki/Htaccess

2notch,
Yes, I see that... I was just pointing out the most common use for the .htaccess file...
Basically, the .htaccess files tell what can, how, etc.. the files in a directory can be accessed...
Thanks for the info!!

I have a question about SSL's. exactly HOW is it used. in other words, if i get VERIFY is bluehost involved?
if i use bluehost's ssl cert's, are they as secure as Verify?
or is this even an issue. I'm confused as to how an outside agency could secure my site with out bluehost?
Do I pay for both?
Would someone give me the abc's? I went to Verify's site but the do not elucidate on the how's. While bluehost says go here, do this, but no info on how and what is used to provide the security needed.
...and what about paypal? is that a redirection to another site all together?
plain english please.

thanks to ANYONE for taking the time to enlighten me.
(did a google and have been walling in the ......dodo)

carnna

Carnna,
The sharedSSL provided by BlueHost is as secure as any other SSL cert.
The main reason to purchase an SSL cert is so that your domain name shows in the browser's addy bar.
You can purchase SSL certs for as little as $27.95 at:
https://www.securepaynet.net/gdshop/ssl/ssl.asp?prog_id=scottcrew

BlueHost does get involved in the process of installing the SSL cert to your site.
You would first need to generate the private keys through the cpanel's SSL Manager.
Then you will need to generate the CSR.
Next, you go back to where you purchased the SSL cert and input the CSR where they require.
Once the SSL cert has been issued, you will put it in the proper place in the SSL manager.
The final step is to notify BlueHost that you have installed the certificate and that you need the installation completed.

BTW, I don't think you meant "VERIFY", above... I think you meant Verisign.

HTH!

Thank you Bonnie.
I was continuing reading up on the SSL thingy (wallinng through the dodo on google) when BLAM! i see a blog that leads me down a merry "red tape" monopoly prevention convention that "appears" to finally being resolved tomorrow (28th of Feb) through ICANN. talk about timing.
lol, and it was all about verisign wanting an "apparent" monopoly on the .com Community. Their 8 biggest competitors (of which GoDaddy is one) have a send a letter to your ombudsman campaign going.

thanks for your help