How do I determine which pages of the site are put into the “SECURE” folder? OR should I put the entire site there? I purchased a SSL Certificate from Rapid SSL. Installed it on my site, but what is next? I am a novice a e-commerce so any help would be greatly appreciated.
Well is it really needed to use SSL if you don’t manage yourself capture of credit card numbers ? Myself I use only Paypal and my bank proprietary system not hosted on my server so all bank aspects are out of my server so I don’t use SSL !
I am using paypal also, Web Payment Pro, so they never leave my site. So when customers enter there Names, E-mail addresses Etc, it is stored on my server Correct? If it is I would think the safest thing to do is have it in secure folders. I am new to this so if my thinking is not correct please someone let me know. But I would prefer to error on the safe side.
You can enable Secure URL in Magento by going to Admin --> System --> Configurations --> Web --> Secure URL. In there you can set whether to have the Secure URL enabled for the whole site or for the checkout shopping cart only.
Thank you JLHC, Which is more preferable just the shopping cart ot the entire site. Or maybe a better question is there any reason to not have the entire site secure
I would say its not the case if you need a SSL on the checkout cart but what your customers expect? if you was going to lose 1-2 customers per day because they expect to see a SSL in the checkout then I would have one for the $35-50 PA.
Its all about gaining trust from customers and then again should you not provide security for their email address and so on?
I would not have it on the entire site (no one does in my business does) nor on the shopping cart, but once the customer get to the checkout bit where they would start to enter details.
As for paypal and google checkout, I agree why should you have one, but then again what does your customer expect?, myself I would have a secure shopping cart just to show trust, but if you think you would lose no customers then why bother?
I don’t see that you can actually set particular pages or site wide secure pages defined anywhere, JLHC.
I haven’t set SSL up yet, but from looking at the admin configurations it doesn’t appear that there are a lot of options for picking and choosing which parts of the store to use SSL in. In fact, it’s looks to be either an on or off situation only, and seems to be lacking any way to define which pages are going to be secure.
I hope I am actually missing the configuration here, because I do need to be able to define my own secure pages/area on a project and this topic has brought the ‘soon to be a big problem’ to my attention.
Of course, installing the entire store under https would give you site-wide security at the cost of performance (already a problem without SSL thrown in), otherwise you turn on secure front end pages and the typical customer info areas and checkout go to secure pages, and the admin panel if set up that way, which also takes the performance hit.
So the reason not to have the entire site secure is for performance reasons. I was wondering that because the cost of a SSL Cert from Rapid is less than $20.00 a year. Is it a huge hit on performance or is it negilgable?
I am having the same problem as Chuck261 I cannot find where to enable secure checkout cart. In the Admin --> System --> Configurations --> Web --> Secure all I have is Use Secure URLs in Frontend and Use Secure URLs in Admin what should i enable to enable secure checkout
That’s because there is only one option. If you set Use Secure for the frontend, then the customer account pages, checkout, login areas that Varien decided should be secure are set to use secure. And apparently you need to put another entire magento file set to get it to work. There are no configuration options for particular pages at all. You cannot just enable a secure checkout page. You cannot add certain CMS pages to the secure areas list from the admin. To enable security for the entire site, you have to change the base url of Unsecure to be https:// which is not really that great of an option.
You can enable Secure URL in Magento by going to Admin --> System --> Configurations --> Web --> Secure URL. In there you can set whether to have the Secure URL enabled for the whole site or for the checkout shopping cart only.
(my emphasis)
This is not correct. You cannot select anything other than On or Off for the frontend Use Secure Urls. And to get magento to run fully secure you would need to set Admin-->System-->Configuration-->Web-->Unsecure Urls to all be the secure installation.
