I’ve never really used SSL in a developer/web master sense and I find it to be very cumbersome. Don’t get me wrong. I love the fact that I can securely buy something online and that certificates verify that http://www.newegg.com/ is in fact NewEgg and not some site in Europe ready to steal some information. In the last few days I’ve read up on how it works and how to set it up with Microsoft IIS 6.0 and it can be a pain!
What I find cumbersome is setting it all up. First off a certificate can cost you anywhere from $250 (cheap end) to $600 a year. That’s a lot of money for encryption! Sure, its chump change to a business but it sucks for the little guy. Once you have bought the certificate you have to create one on from your site, and then get the hash from your provider. No big deal yet. Create a certificate file with the hash and enable SSL port 443 and your good to go. Not really. If your using IIS 5.0 or higher you’re most likely going to have to mess with Socket Pooling where IIS in all of its glory and wisdom decides to bind port 80 or 443 to all available websites. So you do a Google search and find a command to disable Socket Pooling. It didn’t work? Oh yeah, you know need to install a suplimental tool to manage Socket Pooling. Thanks Microsoft, give me a tool that doesn’t work and then make me install yet another tool to make the first one actually work.
Needless to say I now have to go to our sys admin and have him install all these tools just to get a test website up and running! This is going to suck when I have to install the web app on a client’s computer!