I remember reading a thread on here a long time ago whereby Melih was pretty much laughing about SSL cert's signed by CA's, and then he explained how EV cert's were different. He was basically saying that any criminal can display a yellow padlock.Question:
So my question is, why aren't trusted (by browsers) SSL cert's free?
The reason I ask is because I'm currently building a "Security Awareness" Facebook application in PHP which will show Facebook users exactly what data they may be putting at risk when they're about to install a Facebook application. So I need SSL for security, but I don't want to pay for security: I'm not asking for a freebie. I'm asking for general advise.
- I plan to host my Facebook applications on my local VMware ESXi server.
- The "Security Awareness" Facebook application data won't be stored in a database.
- Facebook are forcing app' developers to use SSL by 1st October this year.
- Self-signed cert's may not be sufficient.
I was going to post this on the Facebook forums. But I thought, "Maybe I should ask the experts?"
If I have to pay for security, my Facebook application development attempt ends 1st October this year.