> is there anyone can explain to me how can i use the openSSL in my e-commerce
This is off topic. > store. I do not have any linux background. that's why i'm not really to have > a full understand the installation document. A good explanation would require knowledge of what server software you are using, and I think would be too long to be reasonable to give as free consultancy. > secondly, so i need to pay for a certificate? You don't need to pay for a certificate, and many people will still use your site, as the average punter doesn't understand how SSL provides security. However, if you create your own certificate, someone who has broken into your internet connection, or that of the customer, could create their own free certificate, decrypt the credit card details and save them, then re-encrypt with your certificate before forwarding to you. This is known as a man in the middle attack. What a certificate does is give a reasonable level of confidence that someone reasonably trustworthy has checked that the certificate really has been supplied to the web site (and the company identified in the certificate subject) that it purports to be used for. If you create your own, good browsers will issue a warning, because the person verifying your identity is you yourself. Many users will ignore this, but they could really be talking to anyone. Incidentally, this also applies to using your ISP's credit card processing service. If I haven't heard of that ISP or don't have sufficient confidence in them, I would have to assume that a customer of that ISP may be faking your secure site and you might not even be a customer of that ISP. It is best to have a certificate that matches your web site, but failing that, you need to use someone like Worldpay or at least an internationally known, and trusted, bank to provide the SSL service. Note there is an organisation that uses a grass roots authentication approach, somewhat like that for PGP, to issue free certificates, but their root certificate isn't installed in the commercial browsers. (As an aside, IE trusts certificates with a wide range of authentication requirements, so if a user doesn't disable any of these, they are only really protected to the weakest level.) > Content-Type: text/html; charset=ISO-8859-1 Please try not to send HTML to public lists. > hello,<br><br>is there anyone can explain to me how can i use the Missing DOCTYPE and title and abuse of br. _______________________________________________ Lynx-dev mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/lynx-dev
