Announcement

**Nova-Host** · 01-06-2014, 07:40 PM

I'd like to see RSP's feedback on this as well.

**c.ivanov** · 02-06-2014, 08:15 AM

Hello Donerite,

By default the Free Reseller Program is meant to be free and this is the line that we are continuing to follow.

However if you provide me with such working example of this feature, I will check it and pass it to our Mangers, no problem.

Best Regards,
Cvetan Ivanov

**doneritehosting** · 02-06-2014, 09:46 AM

Sent the site to you PM, this would be a welcome feature, well on this end at least..

**theLarry** · 02-06-2014, 02:22 PM

along the lines of a "paid" upgrade... i'm thinking we could just buy the $40 cert that would cover our namespace... I believe the last check out page is on RSP's namespace and covered by SSL? (we haven't seen a transaction go all the way through from the customers perspective yet.) If that's the case I'm "thinking" the hand-off between namespaced would be fine because RSP's is covered by another independent cert? In other words, one https site cleaning handing off to another unique https site?

**c.ivanov** · 02-06-2014, 02:39 PM

Donerite,

Thank you for the provided information.

Just to clarify the idea that Donerite has suggested is the order page of the stores to be a SSL secured branded subdomain of your main domain.

I have forwarded this information to our Managers and they replied that there is already an idea of SSL Certificate implementation with the Private DNS Cluster service and that they will consider
this in this future project.

Best Regards,
Cvetan Ivanov

**doneritehosting** · 02-06-2014, 02:46 PM

That is great to hear Cvetan! Thanks for getting back so quickly with this information and I got my fingers crossed!!

Have a great day!

**clivejo** · 02-06-2014, 02:48 PM

Unfortunately the way the order form currently works is that it posts to a remote site, which I believe is encrypted but it is not under the same domain. Although I have not tested this, Im pretty sure a web browser would detect this and warn the user, as a possible Cross-site forgery.

One possible way of doing it might be like how the CP login and demo works under the DNS Cluster. Basically you have a subdomain ie demo.mybrand.com or login.mybrand.com but maybe we could have order.mydomain.com which would be covered by our own SSL ??

**doneritehosting** · 02-06-2014, 02:57 PM

You are correct Larry, A ssl will cover your name space.... However the signup form is pulled to WP reseller sites remotely and will cause all kinds of security warnings with a ssl certificate off your domain.... The payment page itself is also hosted offsite under the duo - servers domain. Yes the remotely hosted payment page is ssl secured but does not verify your own domain to the customer... with some finigalling of the dns cluster and a plugin update it should be possible to have both under a subdomain and ssl secured with your own domain verified on the certificate..

**doneritehosting** · 02-06-2014, 03:04 PM

Thanks Yan!!!! I'm up for alpha testing this one too now!!

**doneritehosting** · 02-06-2014, 03:12 PM

Originally posted by yav0r

@Doneritehosting at the end you WILL be redirected to the payment processor who handles the payments which is secured with another SSL in ANY case, subdomain or not, because your site is a) not PCI compliant b) you have no authority whatsoever to collect credit card information c) you are not handling the billing of your customers yourself. Still it will look and feel better to the customer and give them some kind of comfort feeling in their details I suppose.

I understand that Yan, the idea is to increase a customers sense of security while signing up and filling out payment details..

**theLarry** · 02-06-2014, 05:57 PM

Originally posted by yav0r

@Doneritehosting at the end you WILL be redirected to the payment processor who handles the payments which is secured with another SSL in ANY case, subdomain or not, because your site is a) not PCI compliant b) you have no authority whatsoever to collect credit card information c) you are not handling the billing of your customers yourself. Still it will look and feel better to the customer and give them some kind of comfort feeling in their details I suppose.

...so that kink of sounds like what i thought? you could do your NON PAYMENT page on YOUR SSL, then the next screen takes that info under its own duoserver SSL, or is as donerite says, the handoff wont be clean because your sign up form is domain aware and knows it will be, or is in real time posting to another uncalled (by browser) name space? this makes my head hurt!

**doneritehosting** · 02-06-2014, 07:25 PM

LMAO!!! mine too, I inquired with support when Wp themes first released about putting ssl on the signup page..... was told it would not work without warnings.... I'll let clivejo or RSP jump in for a more detailed explanation

**clivejo** · 02-06-2014, 07:51 PM

Its the magic internet fairies, they cant speak different languages.

**doneritehosting** · 02-06-2014, 08:38 PM

LMAO!!!!!! got a few of those buzzing around over here in bikini's

Announcement

ssl secured subdomain branded order pages

ssl secured subdomain branded order pages

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment