Announcement

**Mike Hughes** · 01-Nov-2011, 09:31 AM

It sounds like it's complaining that information is being posted from an SSL page to a page / script that isn't on SSL.

Which really leaves you 3 options:

1. Turn off SSL on login.
2. Turn on SSL on everything else
3. Investigate a bit more to find out what's being posted to an insecure page / script and fix it.

Mike

or of course the fourth option. Turn off the warning in Firefox and hope it doesn't bother your customers. (Wouldn't be my choice)

**Daveb** · 02-Nov-2011, 02:36 AM

Mike
You are absolutely right. Disabling the SSL solved all the V11 problems. Also read Lee's posts on the same subject.
Now trying to figure out what to do about it. Having a padlock on your checkout pages is pretty much a must here in the States.

Thanks
Dave

**Kombu** · 02-Nov-2011, 06:51 AM

+1 Dave - same here in Australia - a padlock on our checkout pages is a must...so while disabling SSL might fix one problem it raises bigger ones. Wondering if V11 was thoroughly tested on SSL as it appears to not be used so much in the UK now?

**DannyBoy** · 02-Nov-2011, 08:41 AM

Hey Guys!

It doesn't matter where in the world you are from when you are requiring your customers to input sensitive/private information into your website it is your responsibility to insure that it is secure, I'm sure that the financial services authorities in your countries are similair to here in the UK.

You really need to re-enable SSL or disable the checkout, allowing your customers to enter credit-card information over http is absolutely a no-no and is NOT safe.

The error you see could be the actual SSL cert or the installation of the SSL, I suggest you re-enable it and post back the link where it flags the error and see if someone can help you fix it.

**Mike Hughes** · 02-Nov-2011, 09:41 AM

Hi Danny.

Almost everyone now uses a psp for collecting card information. SSL on it's own is no longer enough to satisfy the PCI-DSS regulations.

If you're still doing this you need to read up on PCI-DSS.

Mike

**Kombu** · 02-Nov-2011, 10:09 AM

Depends where you are in the world Mike...Danny, agree totally, would never allow any of my customers to checkout without SSL

**DannyBoy** · 02-Nov-2011, 10:59 AM

Originally posted by Mike Hughes View Post

Hi Danny.

Almost everyone now uses a psp for collecting card information. SSL on it's own is no longer enough to satisfy the PCI-DSS regulations.

If you're still doing this you need to read up on PCI-DSS.

Mike

Hi Mike
My attention was toward the original posters website, where he is doing exactly what I mentioned, and yes a PSP is compulsary and saves alot of time money and additional effort from trying to level yourself with PCI standards and more importantly your customers complete safety. We use a PSP but still offer our customers a SSL encrypted connection when entering any less sensitive information.

**Daveb** · 02-Nov-2011, 11:18 PM

The link is:

http://www.baypressservices.com/

Start order for anything from FF and login in as test@test.com, password 12345

In FF you will see the security warning, and when completing the loggin as a test, you will see that after login you are not returned to the product page or checkout, but redirected to the catalog page.

Thanks
Dave

Announcement

Although this page is encrypted

Although this page is encrypted

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment