SSL certificates and https
Hi - I have just purchased a Rapid SSL certificate from my host for my website - this is for PCI compliance as I take payments on my website. However I'm still failing the Trustwave PCI scan.
How do I make people visiting my website go to the home page as https: rather than the default http: ?
I've worked out how to get people to go to the https: version of my payment page by typing in the address in full rather than linking to the page. Sorry for the ramblings - Xara is great for basic websites but this PCI compliance is turning out to be a nightmare. I can't find any info about SSL certificates etc etc using Xara. Can anyone help? thanks :(
Re: SSL certificates and https
I am not very knowledgeable about this but it may involve a script and or .htaccess file
Here is a link that may be helpful
http://stackoverflow.com/questions/8...s-secure-https
Re: SSL certificates and https
Gary's link is good. You effectively need to switch any access via http: to be a https: access.
This isn't my strongpoint writing rewrite rules. Strictly speaking it's not at all a Xara issue.
I did a Google on "http to https" and there was a ton of advice. Have a play and see if it does the job.
Most of the solutions switch the http: to https: as a blanket solution for the whole site, which is no bad thing for a site that is selling stuff.
Re: SSL certificates and https
Ok great - very useful - thanks for your help. I guess it's the step up from a Xara site to a "pro" site with all the coding stuff
Re: SSL certificates and https
Thanks Paul
Pete - from what I could see it is not rocket science. Xara website design applications have been designed both to make it easy to intuitively design your site and with the use of placeholders, to add scripts and widgets to your site without all the coding stuff.
Re: SSL certificates and https
thanks Gary - it's the PCI Compliance that has caused the problems - the scans/questionairres are the same for me (sole trader) as they are for someone like amazon!
Re: SSL certificates and https
If you're in the UK you probably pay more tax than Amazon too... ;-)
You're probably going to need FileZilla or similar to be able to mess with .htaccess
Re: SSL certificates and https
Hi Pete,
It's a while since I used a SSL on a site but if I recall correctly you don't need the whole site to be https, just that part of the site dealing with sensitive content such as credit card details etc. By splitting the site into http and https sections you reduce the risk of falling fowl of security risks. For example having a graphic load from a non ssl section of the site etc.
I believe there are good reasons not to have the whole site on an https section, one of the obvious being caching as I believe https pages can't be cached. For example Tesco or Wallmart sites are not https until such time as you go to checkout.
I've never used Trustwave PCI scan so I can't comment but what errors is it throwing up?
Re: SSL certificates and https
I believe there are good reasons not to have the whole site on an https section, one of the obvious being caching as I believe https pages can't be cached. For example Tesco or Wallmart sites are not https until such time as you go to checkout.
Equally you will find that Amazon is wholly https.
In this case I think the simplest solution is the better solution, so I'd go with making the whole site https. That should save working out exactly which page needs to be https and which doesn't.
If it's good enough for Amazon, I'm sure it's good enough for PeteA.
1 Attachment(s)
Re: SSL certificates and https
Quote:
Originally Posted by
pauland
Equally you will find that Amazon is wholly https.
Are you sure, Paul?
Attachment 94614