dcsimg
www.webdeveloper.com
Results 1 to 9 of 9

Thread: [RESOLVED] SSL Certificates

  1. #1
    Join Date
    Dec 2005
    Posts
    2,984

    resolved [RESOLVED] SSL Certificates

    How do I determine what type of SSL certificate I need? I plan on accepting (but not storing) customer credit card numbers to be transmitted to paypal via Website Payments Professional.

    There are tons of different certificates out there and extremely widely varying prices. Which one do I need?

  2. #2
    Join Date
    Mar 2010
    Posts
    2,803
    I'm pretty sure the PayPal url you will be sending credit card numbers to will use a https connection from your web page. Are you sure you will need a ssl certificate?

    If you are sure, I would imagine PayPal's documentation will provide more info on any certificate, if any, you might need.

  3. #3
    Join Date
    Dec 2005
    Posts
    2,984
    I am aware that the URL that I will be requesting from PayPal will be HTTPS, but the issue is that the user has to enter their credit card number on my site, so the question is, would you enter your credit card number on a site with just an HTTP connection? I would not.

    I will check PayPal's documentation though, I never thought of that before.

    Addendum: Nothing in the documentation about what kind of certificate you need.
    Last edited by aj_nsc; 07-23-2010 at 08:20 AM.

  4. #4
    Join Date
    Mar 2010
    Posts
    2,803
    ok, no problem.

    Just out of curiosity, why does the user need to enter their credit card number on your site.

    I have integrated PayPal's online payment system on client web site's in the past and the shopper doesn't have to enter their credit card number until they are taken to the Paypal online payment form on Paypal's secure site.

    You're probably already aware you can customise the Paypal page to some extent with your own company logo and background colour and it is on this customised Paypal page that the user is prompted to either use their Paypal account or their credit number to make their payment. I have never had a need for a shopper to enter their credit card number on the client web site.
    Last edited by tirna; 07-23-2010 at 08:56 AM.

  5. #5
    Join Date
    Dec 2005
    Posts
    2,984
    Because I need to use the PayPal Website Payments Pro package (not the standard one, like you have used). I have also implement PayPal website payment standard on many sites in the past as well, but I will need access to PayPal's API to perform a DoReference transaction so I can recharge a customer at a later date and all I have to do is reference a past transaction ID, I don't need the credit card information again.

    Access to the API is not allowed if you only have a website payments standard account.

    Also, I can't simply use a one time recurring billing charge as are available through website payments standard because the specific date when the second charge will be made is unique and important.

    And finally, while I have nothing bad to say about website payments standard, I often think more of a company when I enter the credit card information on their site, rather than be taken to a third party site, regardless of the customization that makes it "look" like it's still the original website.

  6. #6
    Join Date
    Jul 2010
    Posts
    4
    You will need just the general purpose SSL cert for that.

  7. #7
    Join Date
    Dec 2005
    Posts
    2,984
    Quote Originally Posted by stielle View Post
    You will need just the general purpose SSL cert for that.
    Fantastic stielle. But could you provide a little more info? Why don't I need a fancy SSL that turns the address bar green? Why is a "general purpose" SSL ok for that? What is a "general purpose" SSL? Is it the 14.99/year one that godaddy offers?

  8. #8
    Join Date
    Jul 2010
    Posts
    4
    The SSL functionality is the same for your purposes. The EVSSL (green bar) is the Extended Verification SSL, which just means you jumped through a few more hoops to get that 'extra' validation. EV is a nonofficial set of more stringent standards that is gainin more popularity, though is not required.

    If the green bar and, in Comodo's case, the extra 'corner of trust' logo will either make you or your customers feel more at ease, then it maybe worth the extra money, but functionally you will be good with the general purpose.

  9. #9
    Join Date
    Dec 2005
    Posts
    2,984
    Thanks for all your help stielle, I guess I just needed somebody who's dealt with SSL before to tell me about it so I could have some confidence.

    I think the green bar will just make me feel a little bit better about the website, although I do completely understand your point. Fortunately enough, GoDaddy's EV certificate is really cheap compared to everybody else, around $75 a year if you buy one for 2 years!!!

    Again, I really appreciate your help!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles