Enabling SSL

[Ggib]

Each time I try and enable SSL under the store setting SSL tab by selecting 'yes' and hitting save it reverts back to 'No' for enabling SSL.

Please can you explain what I might be doing wrong.

Thanks

[havenswift-hosting]

Hi

1) Do you have a valid SSL on your hosting - you must have this before attempting to enable although it wouldnt cause this issue

2) Have you set the Store Path and SSL Store URL first and validated they are correct - once this is done, you can then enable SSL

Thanks

Ian

[Ggib]

Thanks for that.

Just spoken to our hosting and we do not as yet have SSL.

Do we need it for the whole site or just for the check out side?

[havenswift-hosting]

Hi

It is good that you are thinking about getting an SSL - we believe that every single live CubeCart store should always have an SSL to at least cover the registration, login, account and checkout areas regardless of which payment gateway you use. However, since Google recently announced that they are rewarding sites that are fully covered with an SSL (see https://www.havenswift-hosting.co.uk/is-google-going-to-add-having-an-ssl-a-ranking-signal/ for details) we are strongly recommending all sites use a SSL across their whole website.

The only issue you may have is some sites have hard coded http:// urls for files such as css / images etc and these can then cause an insecure warning in browsers - this is generally relatively easy to track down and fix for most sites and we have done this for quite a few clients recently

Thanks

Ian

[Ggib]

Thanks for that but is an SSL actually a necessity and is it possible to get the checkout side of the site up and running without enabling SSL.? Especially as we have been told it will take 5 days to get one.

[havenswift-hosting]

An SSL is necessary under certain PCI conditions but that actually affects few sites. All stores should have an SSL for the following reasons :

1) You secure and protect your admin area

2) You secure and protect your customer information when they are on your site

Either or both of these should easily be reason to spend what is a tiny amount per year on an SSL

But just in case, these arent enough......

3) It has been proved that a reasonable percentage of customers will leave a store if they see that it doesnt use an SSL - I will never visit a store or any aite that asks me to enter personal details like name and address if it does have an SSL. If they dont care about their customers why should I care about doing business with them. How many lost sales per year would cover the cost of an SSL ?

4) Google have clearly said that they are already ranking sites that use an SSL across their whole site (ie all pages are secure) and this ranking factor will in the near future increase significantly. As Google NEVER normally talk about any specific factor that they use to rank sites (there are thought to be close to 200 different factors), this strongly indicates that they are taking this very seriously.

Do you want an SSL now ?

Five days to provide an SSL - really ? A simple one can be applied for and installed, normally in less than 15 minutes and this is all that most sites need. An EV (Extended Validation) SSL will take longer but should never take 5 days !

Thanks

Ian

[bsmither]

"1) Is an SSL actually a necessity and 2) is it possible to get the checkout side of the site up and running without enabling SSL?"

 

To directly answer your questions, "1) No" and "2) Yes."

[Ggib]

Hi again!

Getting a bit frustrated now as I cannot seem to get the checkout part of our site working.

We have upgraded our personal Paypal account to a business one and have input the API credentials. 

I have enabled the plugin version of Paypal and disabled the Gateway version and have not enabled the SSL (as we do not have this yet) and switched to Live rather than Sandbox.

On trying to put something through as a purchase however, whether creating an account or by passing this bit, we get the following message coming up on the screen:

 

The following errors were detected:

• Error: Security header is not valid Security error

 

I had assumed that perhaps this message was coming up because we do not have the SSL in place yet but perhaps this is not the case. Let me know if I need to get the SSL to get it all working.

Please can you help me work out where we are going wrong?

Thanks

[bsmither]

We would ask that when entering your "Live" API credentials, that you enter them in by hand. Do not copy/paste as sometimes the copy picks up extra characters (spaces, tabs, other stuff not visible).

 

Other times, the "Live" API credentials may be different than the "Sandbox" credentials. Also, at your PayPal account config screen, look for a setting possibly named "Test Mode" and make sure that is set appropriately.

[Ggib]

When we got our API credentials from Paypal, we chose to use Paypal with a pre-integrated partner (i.e. Cubecart) and then option 2 which was to create our own APIs (applies to custom websites and online shops and pre integrated shopping carts running on our own server)?

 

I cannot seem to find a config page within my Paypal account.

I have a section which allows me to configure how my website communicates with Paypal in terms of API access

 

I have double checked everything I can think of and did not copy and paste the API details but hand typed them in.

I have also checked with Paypal and we are not using Sandbox.

The upgraded business Paypal account is also now up and ready.

 

Still getting the same message.

Any clues?