I have developed an e-commerce website and hosted on the production server. I have also opted for a secure payment gateway for the customer transactions.
I have recieved the integration kit from the payment gateway and tested it locally on the production server when i run the application using VS2010. I m able to do the test transactions and recieve response from the payment gateway.
With that in mind I thought of testing the complete process using a client machine. Everything ig going fine till i enter the user details(which includes email, password, shipping address).
After this step i need to pass the user info to the payment gateway page which it has come with the integrated kit. The user will enter his card details in the payment gateway site which is secured.
When I click the button, I m not getting any response from the server. It is not redirecting to the payment gateway page which it used when tested locally on production server.
While searching I had come across SSL certificate for e-commerce site for transmitting user related info securely. It made me to think that, might be it is because of this reason that m not getting redirected to the payment gateway site.
Can anyone tell me that
1. Do i need to go for SSL certificate so that the customer data is sent to server and i get redirected to the payment gateway site?
2. Is there any option that for test transaction i can use a SSL for free and then later i can go for it?
You will need SSL to integrate payment gateway. The reason is because https needs to communicate with https.
For development we usually use self-signed certificate that you can generate using IIS. By using this self-signed, user will be prompt by security exception to continue browsing the page. In production, when you use 3rd party published SSL Certificate, your
user won't be prompted that security exception.
Hope this helps.
Please "Mark as Answer" if this post answers your question.
Yes. Self-signed certificate can be used in dev and stagging site. For your production you need to purchase SSL from 3rd party to avoid security exception warning.
Please "Mark as Answer" if this post answers your question.
saleem2
Member
56 Points
222 Posts
Is it Compulsory to have SSL certificate for an E-commerce Website?
Dec 03, 2012 02:33 AM|LINK
Hi All,
I have developed an e-commerce website and hosted on the production server. I have also opted for a secure payment gateway for the customer transactions.
I have recieved the integration kit from the payment gateway and tested it locally on the production server when i run the application using VS2010. I m able to do the test transactions and recieve response from the payment gateway.
With that in mind I thought of testing the complete process using a client machine. Everything ig going fine till i enter the user details(which includes email, password, shipping address).
After this step i need to pass the user info to the payment gateway page which it has come with the integrated kit. The user will enter his card details in the payment gateway site which is secured.
When I click the button, I m not getting any response from the server. It is not redirecting to the payment gateway page which it used when tested locally on production server.
While searching I had come across SSL certificate for e-commerce site for transmitting user related info securely. It made me to think that, might be it is because of this reason that m not getting redirected to the payment gateway site.
Can anyone tell me that
1. Do i need to go for SSL certificate so that the customer data is sent to server and i get redirected to the payment gateway site?
2. Is there any option that for test transaction i can use a SSL for free and then later i can go for it?
Plz guide on this.
Thanks for your support,
Saleem
ferrymeidian...
Member
500 Points
126 Posts
Re: Is it Compulsory to have SSL certificate for an E-commerce Website?
Dec 03, 2012 03:13 AM|LINK
Hi Saleem,
You will need SSL to integrate payment gateway. The reason is because https needs to communicate with https.
For development we usually use self-signed certificate that you can generate using IIS. By using this self-signed, user will be prompt by security exception to continue browsing the page. In production, when you use 3rd party published SSL Certificate, your user won't be prompted that security exception.
Hope this helps.
Regards,
Ferry Meidianto
www.meidianto.com
saleem2
Member
56 Points
222 Posts
Re: Is it Compulsory to have SSL certificate for an E-commerce Website?
Dec 03, 2012 03:49 AM|LINK
Hi ferrymeidianto,
Thanks for the reply.
As i have mentioned earlier, I have tested it locally on the server when i run the application using VS2010.
Also I dint use "Self-signed certificate" while testing locally on server.
If m getting you correctly, do i need to use a self signed certificate for my site, while testing from client browser?
Thanks for your time,
Saleem
ferrymeidian...
Member
500 Points
126 Posts
Re: Is it Compulsory to have SSL certificate for an E-commerce Website?
Dec 03, 2012 04:51 AM|LINK
Yes. Self-signed certificate can be used in dev and stagging site. For your production you need to purchase SSL from 3rd party to avoid security exception warning.
Regards,
Ferry Meidianto
www.meidianto.com
saleem2
Member
56 Points
222 Posts
Re: Is it Compulsory to have SSL certificate for an E-commerce Website?
Dec 03, 2012 05:12 AM|LINK
Hi ferrymeidianto,
But as far my understanding, we require SSL only if we are collecting some user info, like credit/debit card details on our site.
But in my site i am not collecting any banking related details (credit/debit card). i am just collecting the user address details.
After he as entered his contact details, he will be redirected to payment gateway site for entering his banking details there. So it is secured there.
If this is the scenario, then do i still need to have SSL on my site to transfer form http to https a you mentioned earlier?
saleem2
Member
56 Points
222 Posts
Re: Is it Compulsory to have SSL certificate for an E-commerce Website?
Dec 03, 2012 05:14 AM|LINK
can u tell more about this?
ferrymeidian...
Member
500 Points
126 Posts
Re: Is it Compulsory to have SSL certificate for an E-commerce Website?
Dec 03, 2012 12:07 PM|LINK
It really depends on the payment gateway you're integrating actually and how they handle the communication.
If you use paypal button, you can use it from http site, but for Payflow you will need SSL
https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Marketing/merchant/CompatibleSSLCertPartner-outside
Different protocol are violating Same Origin Policy ( http://en.wikipedia.org/wiki/Same_origin_policy )
Regards,
Ferry Meidianto
www.meidianto.com
saleem2
Member
56 Points
222 Posts
Re: Is it Compulsory to have SSL certificate for an E-commerce Website?
Dec 04, 2012 10:35 AM|LINK
Hi All,
I am still unable to solve the issue. Can anyone who has used EBS Payment Gateway help me in this issue.
Is der anything extra i need to care on serverf while integration?
Thanks,
Saleem
murtaza_t
Member
242 Points
57 Posts
Re: Is it Compulsory to have SSL certificate for an E-commerce Website?
Dec 04, 2012 11:23 AM|LINK
Hello Saleem,
It is highly recommended to install SSL certificate on your site if you are going to have any bank transactions from your site.
Even if you are not accepting any bank details on your site you will still need SSL for the following reasons:
1. Your site will send and accept data from the bank site hence the transaction has to be encrypted. AFAIK EBS will not accept any non-hhtps requests.
2. If your site does not have SSL installed, people will not trust it and you may loose customers because it might raise a security concern to them.
Regards,
Murtaza
Web Hosting UK | VPS Hosting
saleem2
Member
56 Points
222 Posts
Re: Is it Compulsory to have SSL certificate for an E-commerce Website?
Dec 04, 2012 11:45 AM|LINK
Hi murtaza_t,
Thnaks for the reply.
For testing the transaction do i need to use selfsigned SSL? how can i do this?
I mean Can I add the SSL only to the page where I am directing the user in the final step
OR
It should be added to whole site?
Because in my ecommerce site i have site, the normal product display page is not https://,
but when we enter the checkout page then there it https.
How can i do this?
Thanks for the support.
Saleem