Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL Certificate???


sk1design

Recommended Posts

Hi i'm a newbie here...

 

i just started trying to integrating my oscommerce cart with paypal. and i'm a little unsure of what steps i need to take to do this (please bear with me). First; do i need to get a SSl certificate and install it on my site? Or is there a way to pass secure data through PayPal without my site having being secure? Any help will much appreciated...

Link to comment
Share on other sites

Hi i'm a newbie here...

 

i just started trying to integrating my oscommerce cart with paypal. and i'm a little unsure of what steps i need to take to do this (please bear with me). First; do i need to get a SSl certificate and install it on my site? Or is there a way to pass secure data through PayPal without my site having being secure? Any help will much appreciated...

 

 

Do you NEED ssl ? No - osC works fine without it, but...

 

Should you use SSL - yes - if you take payments from customers and verify \ process them thro a payment gateway.

 

your site visitors who make cash payments to you will not only expect security - but if in the course of you passing those details onto a third party such as payment gateway they are intercepted - you could find yourself in hot lawsuits for negligence.

 

How to get SSL ? you do it in conjunction with your host -

 

1) they will generate certain info for you that you

 

2) will pass on to the vendor of your SSL cert (make sure the vendor has root certificates that are installed in most common browsers - their selling copy \ faq will tell you this)

 

3) once your cert is issued get your host to install it.

 

4) Amend your configure.php files to indicate that you now have SSL and you are done.

 

Sounds more complicated than it is :D

 

Charles

A kite flies highest AGAINST the wind !

 

"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, a lover in one hand, martini in the other, body thoroughly used up, totally worn out and screaming ~ WOO HOO!! What a ride!"

Link to comment
Share on other sites

actually, even though it is best to use SSL....

 

If you use a 3 party payment provider, paypal, 2co, worldpay et.al...it is not strictly necessary, since those sites use ssl encryption when collection the payment details.

Link to comment
Share on other sites

actually, even though it is best to use SSL....

 

If you use a 3 party payment provider, paypal, 2co, worldpay et.al...it is not strictly necessary, since those sites use ssl encryption when collection the payment details.

 

I recently setup a store with Authorize.net thinking I wouldn't need SSL, but this is wrong! OSC will actually ask for CC information on Page 2 of the Checkout Process, so your customer's CC is NOT SECURE! BE WARNED! YOU ALWAYS NEED SSL.

Link to comment
Share on other sites

So what about customers logging into their accounts without encryption, submitting their details to you when signing up etc? Not to mention the osC control panel itself.

 

I would never use an online store that did not have ssl capabilities.

 

Vger

actually, even though it is best to use SSL....

 

If you use a 3 party payment provider, paypal, 2co, worldpay et.al...it is not strictly necessary, since those sites use ssl encryption when collection the payment details.

Link to comment
Share on other sites

I recently setup a store with Authorize.net thinking I wouldn't need SSL, but this is wrong! OSC will actually ask for CC information on Page 2 of the Checkout Process, so your customer's CC is NOT SECURE! BE WARNED! YOU ALWAYS NEED SSL.

 

You are using the autorize net direct module, ie. the cc info is inputed at your site and as such you do need ssl.....

 

And autorize.ned is actually not a 3 party provider, they are a payment gateway, ie. you do need to have a merchant account at a bank as well.

 

A 3 party provider , is a company which provieds a payment solution and also lets you use their merchant account instead of making you open your own.

 

if you use a linked version, which is the most used system for 3 party providers, the customer is not asked about any cc information at your site, but redirected to the payment providers site after having confirmed their order at checkout_confirmation.php

Link to comment
Share on other sites

So what about customers logging into their accounts without encryption, submitting their details to you when signing up etc?? Not to mention the osC control panel itself.

 

I would never use an online store that did not have ssl capabilities.

 

Vger

 

Its a choice to make.

 

To have ssl with a certified certificate is ofcourse preferred.

 

But its not the only way, and its not absolutely necessary....

 

I have clients who use ssl and clients who do not.....and it is working smoothly for all of them regardless of their choice in this particular mather......

Link to comment
Share on other sites

if you use a linked version, which is the most used system for 3 party providers, the customer is not asked about any cc information at your site, but redirected to the payment providers site after having confirmed their order at checkout_confirmation.php

 

Oh! I didn't even know this existed. I have an Authorize.net account...do you know how to turn on the Linked version for payment? Is this done through my A.net control panel?

 

These forums are great, here I am thinking I knew everything and this great news comes out.

Link to comment
Share on other sites

To have ssl with a certified certificate is ofcourse preferred.

 

Hi..

 

i have a question. I made my own cert and the stuff for SSL then had it set up by the hosting support. But it comes up as an uncertified certificate. So my question is how do u get a certified one? You have to pay for iT? And what is the point of it? Like if i get a certified one, whats the advantage?

Link to comment
Share on other sites

Hi..

 

i have a question. I made my own cert and the stuff for SSL then had it set up by the hosting support. But it comes up as an uncertified certificate. So my question is how do u get a certified one? You have to pay for iT? And what is the point of it? Like if i get a certified one, whats the advantage?

 

I just faced that same issue...

 

When Bob in Indiana pulls up the site, his site gets the certificate, and needs to verify that it verifies that you are who say you are

 

...i think

 

that's what the fee is for. instantssl.com was where i got a 30 day free ssl for testing.

Link to comment
Share on other sites

Hi..

 

i have a question. I made my own cert and the stuff for SSL then had it set up by the hosting support. But it comes up as an uncertified certificate. So my question is how do u get a certified one? You have to pay for iT? And what is the point of it? Like if i get a certified one, whats the advantage?

 

The advantage may be: customer confidence.

 

A SSL certificate is more than just an encrypted connection: It also certifies to your clients that the domain you are using is really your domain. This way clients may rest assured that their personal data (credidcard, and other) will only travel to your web domain - or the one of your creditcard handler (paypal, etc.) - and not to the domain of a "phisher".

 

Still, the certifier must be trusted. This is a bit arbitrary, but web bowsers have a number of certifiers (aka certifcation authorities) pre-installed in their software package. Anyone having a SSL-certificate bought from one of those certification authorities will no have a warning popup in their/or the the customers browser. If you don't, the warning popup will appear.

 

You can check in your web browser which certification authorities have SSL certificates pre-installed, assuming you didn't add more certificates yourself.

In Firefox: Tools -> Options -> Advanced -> Manage Certificates -> Authorities

In IE: Tools -> Internet options -> Content -> Certificates -> Trusted Root/Intermediate Certification Authorities

 

You can buy SSL certificates from Certification Authorities like VeriSign, Thawte (expensive), GeoTrust, GlobalSign, etc. The last two are at about US$ 170 - 250 per year. You can get cheaper ones too (e.g. 30 - 50 dollars per year) but these are probably not pre-installed in your browser software and will generate a popup warning that is not good for client confidence. In some cases the cheap certificates are really bad, in the sense that they do a very superficial check on your shop and your domain, or no check at all. This type of 'certification authorities' should not be trusted IMHO.

 

Cheers,

Al

Link to comment
Share on other sites

May as well throw in my 2 cents worth here.

 

I purchased an SSL cert (comodo) after reading various threads like this, and it does show a little more professionalism if not only secure.

 

If you go to my page HEREat the lower right see the logo, move your mouse over it and it will show you that the ssl cert if related to the web address you are at currently, and likewise, if you click my accounts at the top, the yellow padlock will appear informing you you are now on a secure link with the website and anything you input while secured is encrypted.

 

may not help, but it may !

Born - Scotland

Location - Kent, England

Job - hunting for one

Link to comment
Share on other sites

Help?

I found this one. What do you think of it? http://www.thedotshoppe.com/Services/default.asp

hmm, the site doesn't give much info. You may want to compare with these ones, which are certification authorities included in most recent web browsers:

http://www.geotrust.com/web_security/quickssl.htm

http://www.globalsign.net/digital_certific...rsign/index.cfm

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...