View RSS Feed

Behind The Code, with DrByte

SSL Explained - Back and Front

Rating: 27 votes, 4.44 average.
I frequently see people asking "Do I need SSL", and "How do I fix this SSL error?". There is some confusion in the meanings of the 2 parts that make SSL work, both in the front and back of the website.

There are 2 "levels"/"facets"/"parts"/"kinds" of SSL for a website:

a) Incoming traffic: The public-facing SSL certificate that drives https connections via a browser between your customer and your store. (ie: your customer visits https://your_domain.com). For that customer-browser-to-your-store communication to be encrypted, you need (to purchase and have your hosting company install) an SSL certificate connected to your domain name.
This is mandatory if you're collecting sensitive payment information directly on your own site.
If you're not collecting payments directly on your site, then this is "optional", but it is still highly recommended, since shoppers "trust" https sites more.

You can test the validity and quality of your https configuration via: https://www.ssllabs.com/ssltest/ (This will also test most of the core components in (b) below.) Aim for an "A" or "A+" score. Your hosting company should be skilled enough to fix anything that puts you below an "A" score.

b) Outgoing traffic: The background SSL/TLS core communications infrastructure that allows the server to both encrypt the SSL communications done by (a) above, and also to facilitate secure inter-server communications (over CURL or other means) to talk to payment gateways, shipping quoting services, currency updates, 3rd party order mgmt, 3rd-party tax quoting, and more.
All servers need this background core infrastructure to be working properly. If it's not configured properly, you'll get CURL or SSL errors when trying to do payments or get 3rd-party shipping quotes.

You can test whether CURL errors are likely to occur on your site by using the /extras/curltester.php script that comes with your Zen Cart files, ie: http://example.com/extras/curltester.php
The curltester.php script can't give you a score, but it can point out some potential problems. If you have an SSL certificate on your domain, you should also use the SSLLabs test above and get things fixed so you get an "A" or "A+" score.


MORE READING:
Do I need SSL on my store website?
How do I enable SSL after I have installed Zen Cart?
How do I disable SSL?
What are the Server requirements to run Zen Cart?
What is an SSL certificate

Submit "SSL Explained - Back and Front" to Digg Submit "SSL Explained - Back and Front" to del.icio.us Submit "SSL Explained - Back and Front" to StumbleUpon Submit "SSL Explained - Back and Front" to Google

Categories
Uncategorized
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR