how do I enable/use/tweek ssl

[Smo]

Hi.

I'm making an shoping cart script for my mother-in-law, and I wanna make the checkout secure(r). how do I do that. I tried using https:// instead of http:// but that doesnt do anything

[Spathiphyllum]

For starters you need to use the appropriate path for all of your links:

https://secureXX.nocdirect.com/~youraccountname/path/to/script.cgi
https://secureXX.nocdirect.com/~youraccountname/path/to/webpage.html

You should already know the secure DNS for your account.

Make sure all links, hard and relative, point to your secure address and things should start falling into place.

[jason]

If you want to use your own domain name with https, you'll need to buy an SSL certificate and have a unique IP address for your account. Sales can help you with all of that. The costs start at about $50/year for the certificate and $1/month for the IP.

If you don't mind using secure##.nocdirect.com for your secure pages then you'll need to do as Spath pointed out. If you need to know the sever number to use, log into the client area at jaguarpc.com, click on Network Status and find your server in the list. The secure URL will be listed.

--Jason

[Smo]

thanks guys.
I think 50/year is out of the question

but that URL should be easily hidden with a frame.

[JPC-Masood]

Originally posted by Smo
but that URL should be easily hidden with a frame.

If you hide an SSL link inside frames, the browser will not show you the SSL lock.

[gerilya]

Originally posted by Smo
thanks guys.
I think 50/year is out of the question

You can get ChainedSSL cert for $19.95 here

[Smo]

is there much difference between buying your own and using jaguars SSL? besides the url that is.
If not there wont be a big need for buying one, it's an art store witch probable wont sell that much, the sales are made on art shows and in galleries where people can see the work-

[Smo]

hmmh, Iron doent have a secure##.nocdirect.com/~username/ listed,

[JPC-Masood]

Some of the legacy aletia servers do not have shared SSL cert. In that case, please open a support ticket and request account move to a new server which has its own shared SSL.

[orbic1]

www.drpinderandpartners.co.uk (1024x768 recommended at the moment, going for a re-write). Go to Repeat prescriptions and take note of the SSL stuff there. That's done the way that you're propsing it.

[jason]

There is no difference in functionality by using the JPC certificate or your own. Both would provide the same type of encryption for any data sent between you and your client. The only difference is that you'd see the nocdirect domain name instead of your own when you use that method.

There is another reason for getting your own certificate. Before they'll issue you one, the certificate authority (CA) that's issuing it does a background check on your business to make sure you are legitimate. So when you use your own certificate you are saying to the world that you are a real company and that you (probably) aren't going to run off with your customer's money. Certificates usually come with some kind of warantee as well. The warantee is an insurance policy for your customers--similar to the way that the FDIC ensures that your money is safe at a bank, the CA is saying that they stand by their decision to give you a certificate. If you do defraud a client, they'll protect the cllient from losses to to the amount of the warantee. (This warantee is a big part of the reason why certificates are so expensive.)

Another option is to have JPC install a "self-signed" certificate. This will allow you to use your own domain name but since it isn't being issue by a CA that web browsers know to trust, they'll display a warning to users the first time they hit a secure page on your site. (For an example, try https://www.interbrite.com. I only use it for my own purposes right now, not for any client stuff, so I don't care about the warning (or the fact that the certificate expired a long time ago...).) Since you are using the certificate to sell products, though, I wouldn't recommend this method.

--Jason

[Connie]

If your primarily selling at trade shows, and don't expect any orders on-line the Jag certificate is sufficient. If you plan to sell on-line I would suggest that you get a certificate for your domain. Getting on-line buyers is a matter of trust. The more you can do to create trust in your site will pay off, even if it cost another $50.00 or so per year.

If I understood all your post I doubt that you really need your own SSL at this time. You might later but not now. Your Mom will be selling primarily at trade shows. I assume that she has credit card processing and a machine to input the Credit Card information to the processors.

Without a off-line merchant account you will not be able to process any Credit Card order. I think you know this but just want to point that out.

So my next question would be, how are you going to process Credit Card Transactions, on or off-line?

[Smo]

She processes Credit Card transactions offline.

I've got it all set up now, and explained to her about SSL.

I think we'll stick to jaguars certificate for now, since most sales take place in galleries and on show.

Another question would be, is anyone here familiar with paypal? I don't have an account of my own so I can't tweek with it, but I'm making a site for another artist and she wants to sell prints online, and she only accepts payments by paypal.

[jason]

I've only done some basic stuff with PayPal, so I'm by no means an expert. The last time I loged in to my business account I started looking at some of their new features and it looks like they are doing a lot of make the process of using PayPal more transparent, but I haven't done anything with any of those features.

In the most basic sense (what I've done in the past), is you make links to the paypal site. In these links you pass an item description, price, and shipping amount. When the user clicks on one of the links they go to PayPal's site (you can update this with your logo or color scheme if you wish), fill out the billing and shipping info, submit their order. You can then specify a page on your site that the customer is returned to (and now there are ways for this page to find out if the order succeeded or failed, if your up for a little PHP coding). The seller then recives an email with the details of the sale so that s/he can complete the transaction.. There is alos a shopping cart available if you plan on having customers purchase multiple items in their orders.

--Jason

[gerilya]

Once again, I am a bit late because I don't get e-mail notifications when the thread is updated

Anyway, Smo, you have to get your own PayPal account if you want to make any testing because PayPal doesn't offer any 'testdrive' accounts for development purposes.

Also, when you get an account, you will be able to download manuals and I think some integration examples.

There are 2 methods to get your site powered by PayPal: by adding 'Buy Now' buttons and by using some cart which supports Instant Payment Notification (IPN) method.