I am on Cpanel VPS CentOS server having 3 important web sites... I just want to enable the SSL on this three sites only on payment page. Rest of all can be normal http without SSL / encryption / https. Reason being that my payment page redirects to Bank Payment gateway which is https & after transaction completion,it while returning, it gives message like "Although this page in encrypted, the information you have entered is to be sent over an unencrypted connection & could be read by third party.. Are you sure you want to continue sending the information ? Continue / Cancel" Option 1 : Make all the server with all three sites as SSL - But I feel that it will slow down the websites on performance basis Option 2 : Create a subdomain on each three sites like secure.example.com, secure.example2.com & secure.example3.com & add the certificate for this domains. I want by default it should always be http ( NO https ) unless user explicitly mention https .. it should not be secured or SSL by default.
I can not give right answer but the same problem with me in big websites. I just ignore that message.
Get an SSL Certificate for your eCommerce website is always wisdom choice. When you are collecting credit card details and much other confidential information from your clients, it is necessary to protect them from hacker anyway. First, I would like to tell you that SSL Certificate would be issue on FQDN (Fully Qualified Domain Name). It is different thing that you do not want to run or display SSL (HTTPS) on your whole website except your payment or login pages. Now, It is totally depends on you that you wants to secure your all three website with single Certificate or you'll get separate certificate each for them. If you purchase SAN (subject Alternative names, it is also known as UCC or Multi Domain SSL), you have a choice to secure your all three domains with a single certificate. Option-1, You should not consider this point that SSL will reduce your web performance. It is depend upon hardware, server software and other network configuration. It will reduce web performance at negligible rate. SSL is a type of protocol and secures your online transactions with robust encryption. Option-2, now we come to your selection part of SSL certificate. It is quite unacceptable to purchase three different certificates for three different domains when there is a single SAN certificate is available to secure all your three domains (It is eligible to secure up to 25 domains). It will be a cost saving and wise decision on your side if you go for SAN certificate. There is no need to create sub domains for each websites. You can lay your clients on the any page of your website after completing payment process.
You could get an SSL certificate for use one site and then direct them to sub-folders on that site for the parts you need to be under SSL from each site. Alternatively is you want to secure each site you could get an SSL for each site. However you would need a dedicated IP for each website then. Or if you are using Apache you can use SNI to run multiple certs on one IP (Not supported by older browsers such as IE6). Sure fire way to make sure it works on one IP with all browsers is to get a Multi-Domain certificate or SAN, as mentioned above. This can include all three domains in one certificate. Downside is they cost a bit more then just getting three individual domain validated certificates. In terms of directing certain pages to https and others to just http you can use htaccess to achieve this. More Info: https://support.servertastic.com/redirecting-pages-to-https-with-htacess/
Creating a sub domain "secure" could be a better solution. Each request sent will be encrypted, you probably know that. Use SSL only on pages needed SSL, especially if you run a CMS like wordpress or magento