I have a website that plans on accepting payment orders. My host (heroku) offers piggyback ssl (free). My payment gateway (stripe) needs ssl in order to process payments. Is heroku piggyback ssl enough to process stripe payments?
From stripe's site:
If you want to go into production before setting up SSL, you could consider hosting your site with a provider that gives you a secure
subdomain. For example, Heroku allows you to host at
https://yourapp.heroku.com.
Yes it will work fine.
You could even use a custom domain for your http traffic and then the https://yourapp.herokuapp.com for your SSL if you want to keep the cost down rather than having to buy an SSL and pay for the addon.
Related
On Windows10 I have an internal website on iis, which I access through a url https://localhost:44300.
Currently I have the security messages come up when I first load the url and I have the broken padlock.
Unfortunately the network I'm on blocks security certificate warnings and I can't get to my site.
Is it possible to buy an SSL certificate for an internal site?
At the moment I'm using mkcert to be my own CA, but I'm told this is not suitable for a production site.
Thanks Ian.
I have a website called http://jobdirecto.com/ that I want to turn into HTTPS.
The site is hosted in Heroku and the domain I got from Namecheap.
I got the paid version of Heroku since that lets me configure the SSL (and I think that's what I have to configure to make it HTTPS). They ask me for a "public certificate" that I don't have though.
I also bought a SSL from SSLs.com and they gave me a private key but no public certificate.
I am lost in what I have to do now to make my website secure.
There's no need to purchase anything. Use Heroku's Automated Certificate Management, which is powered by Let's Encrypt:
Run heroku domains and make note of the .herokudns.com domain it lists
Set up a CNAME record for your custom domain pointing to the .herokudns.com domain from the previous step
Run heroku certs:auto:enable to start the certficate provisioning process
Run heroku certs:auto to see your certificate's status
Please note that
It usually takes between 45 and 60 minutes to generate a TLS certificate for your app’s custom domains
This will let your site run over HTTPS, but it won't automatically redirect requests from HTTP to HTTPS. To do that we'll need to know more about your application.
I've got a heroku free plan, which is running on a custom domain with the PointDNS add-on so it can provide nameservers for DNS provider, if that matters.
I've got the website up and running on my custom domain, on https, but the ssl certificate points to *.herokuapp.com.
I suppose I need another SSL certificate for my custom domain, but after looking around for a long while I still couldn't find anything that doesn't require a paid heroku plan.
Is it even possible to add an ssl certificate, on a free heroku plan, on a custom domain? If so, please help me out.
I'm really over my head here and my knowledge about anything-ssl or dns is very limited.
From the PointDNS add-on doc (https://devcenter.heroku.com/articles/pointdns), I don't see how you can do this easily.
But, if you have purchased the domain (and not ddns), this should be pretty easy with cloudflare.
Setting up a Custom Domain name and FREE SSL certificate for Heroku Apps
Add DNS record to point to your site and redirect to heroku.
Enable the Crypto certificate, after this the certificate will be automatically distributed by Cloudflare.
We're using PayPal REST API for processing user transactions and recurring payments. In few weeks we are going online, and the last piece of information I need is SSL certificate. Do we need to install SSL certificate on our website in order to PayPal integration work well?
Thx!
The answer is no, you do not have to install a SSL certificate on your website in order to work with PayPal API properly, but your server has to be able to establish secure connections with PayPal servers.
I'm looking to integrate Sagepay Direct, their onsite payment gateway option but I've read that it requires an SSL certificate for secure data transfer. Is the Cloudflare pro DNS SSL a valid option for this payment method or would I need a true onsite SSL?
"Is the Cloudflare pro DNS SSL a valid option for this payment method or would I need a true onsite SSL"
It sounds like that they are requiring that you have a valid SSL certificate directly on your server, something we don't provide (Flexible would only do so between browser and our network). This really explains the difference in the SSL options.