1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

SSL for payment page of my 3 websites

Discussion in 'Security' started by hzzg6y, Apr 26, 2013.

  1. #1
    I am on Cpanel VPS CentOS server having 3 important web sites... I just want to enable the SSL on this three sites only on payment page. Rest of all can be normal http without SSL / encryption / https. Reason being that my payment page redirects to Bank Payment gateway which is https & after transaction completion,it while returning, it gives message like "Although this page in encrypted, the information you have entered is to be sent over an unencrypted connection & could be read by third party.. Are you sure you want to continue sending
    the information ? Continue / Cancel"

    Option 1 : Make all the server with all three sites as SSL - But I feel that it will slow down the websites on performance basis
    Option 2 : Create a subdomain on each three sites like secure.example.com, secure.example2.com & secure.example3.com & add the certificate for this domains.

    I want by default it should always be http ( NO https ) unless user explicitly mention https .. it should not be secured or SSL by default.
    hzzg6y, Apr 26, 2013 IP
  2. hzzg6y

    hzzg6y Greenhorn

    Messages:
    37
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    18
    #2
    Sorry, I see no one has answer my query.. I am not sure whether I posted any in-correct heading.
    hzzg6y, Apr 28, 2013 IP
  3. humtuma

    humtuma Well-Known Member

    Messages:
    1,148
    Likes Received:
    21
    Best Answers:
    3
    Trophy Points:
    165
    #3
    I can not give right answer but the same problem with me in big websites. I just ignore that message.
    humtuma, Apr 29, 2013 IP
  4. Roger Pelt

    Roger Pelt Active Member

    Messages:
    120
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    53
    #4
    Get an SSL Certificate for your eCommerce website is always wisdom choice. When you are collecting credit card details and much other confidential information from your clients, it is necessary to protect them from hacker anyway.

    First, I would like to tell you that SSL Certificate would be issue on FQDN (Fully Qualified Domain Name). It is different thing that you do not want to run or display SSL (HTTPS) on your whole website except your payment or login pages.

    Now, It is totally depends on you that you wants to secure your all three website with single Certificate or you'll get separate certificate each for them.

    If you purchase SAN (subject Alternative names, it is also known as UCC or Multi Domain SSL), you have a choice to secure your all three domains with a single certificate.

    Option-1, You should not consider this point that SSL will reduce your web performance. It is depend upon hardware, server software and other network configuration. It will reduce web performance at negligible rate. SSL is a type of protocol and secures your online transactions with robust encryption.

    Option-2, now we come to your selection part of SSL certificate. It is quite unacceptable to purchase three different certificates for three different domains when there is a single SAN certificate is available to secure all your three domains (It is eligible to secure up to 25 domains). It will be a cost saving and wise decision on your side if you go for SAN certificate.

    There is no need to create sub domains for each websites. You can lay your clients on the any page of your website after completing payment process.
    Roger Pelt, Apr 30, 2013 IP
  5. andygambles

    andygambles Member

    Messages:
    7
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    31
    #5
    You could get an SSL certificate for use one site and then direct them to sub-folders on that site for the parts you need to be under SSL from each site.

    Alternatively is you want to secure each site you could get an SSL for each site. However you would need a dedicated IP for each website then. Or if you are using Apache you can use SNI to run multiple certs on one IP (Not supported by older browsers such as IE6).

    Sure fire way to make sure it works on one IP with all browsers is to get a Multi-Domain certificate or SAN, as mentioned above. This can include all three domains in one certificate. Downside is they cost a bit more then just getting three individual domain validated certificates.

    In terms of directing certain pages to https and others to just http you can use htaccess to achieve this.

    More Info: https://support.servertastic.com/redirecting-pages-to-https-with-htacess/
    andygambles, May 1, 2013 IP
  6. healzer

    healzer Greenhorn

    Messages:
    16
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    13
    #6
    Creating a sub domain "secure" could be a better solution.
    Each request sent will be encrypted, you probably know that.
    Use SSL only on pages needed SSL, especially if you run a CMS like wordpress or magento
    healzer, May 10, 2013 IP
  7. Admin ESSL

    Admin ESSL Peon

    Messages:
    3
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #7
    If you still need some advice on your options please PM me.
    Admin ESSL, May 13, 2013 IP