• Plugins
  • Created On ,
  • Most Recent By WPMS.Network,

MarketPress, Multisite and SSL

The latest update is fantastic because now I can offer my subsite sellers access to different payment gateways instead of just PayPal chained payments.

Now that I can do this, I need to get a better understanding of SSL. I haven't used it before, but I understand what it is - how does it work with MarketPress?

I've opened up the following gateways to higher level Pro Sites members: Stripe, Authorize.net, MoneyBookers, PayPal Express, and PayPal Payflow. I know that some of these (at Stripe and Authorize) require SSL certificates.

If I install an SSL certificate on my server (I would just pay my hosting provider to set it up for me), how does it work for the subsites, and how does it work with Domain Mapping? What kind issues do I need to be prepared for and anticipate? Is there a tutorial available for using SSL on a multisite with the different gateway variations?

    theaj42
    • 31
    • #3661

    Hi Saunt,

    That's a great question, and one I'm interested in having answered, too! Thanks for asking it!

    Mason

    Hiya Saunt Valerian,

    That is a good question. An SSL certificate is assigned per domain. If you wanted to map across subdomains you'd have to get a wildcard certificate which can be rather expensive.

    If you were providing domain mapping, it gets crazy complex. We have another thread on this that may be worth a read:
    http://premium.wpmudev.org/forums/topic/multi-site-domain-mapping-and-ssl

    The different gateway variations won't matter. A page is either secure or it isn't. I personally have only done this with single-sites where I enable payment pages to be secure using this plugin:
    http://wordpress.org/extend/plugins/wordpress-https/

    It works really well, but again, I haven't tried this with any domain mapping.

    Tracy

    We've struggled with this as well. Since we don't want to assign an dedicated IP to each site, we're likely going to build a plugin that will enable users to "unmap" pages with a checkbox option on the edit page for pages that we want to be run using SSL that will enable them to go from mappeddomain.com/application to mappeddomain.multisiteinstall.com/application so that they can use the wildcard SSL for domain.com ..... for sensitive pages like carts and applications ...

    Saunt Valerian

    @tracy - keep us updated on this, since that is a very clean solution. Can't remember right now though If marketpress checkout pages are available in the backend. I think they are dynamically created, which causes a problem with using a checkbox in the backend.

    aecnu

    Greetings Tracy and Saunt Valerian,

    This is very easily accomplished without a plugin by simply using an Apache redirect from the hosting control panel to send even an unmapped domain to the sub domain containing the SSL certificate or a portion thereof as indicated below - no smoke and mirrors needed here.

    i.e. redirect mappeddomain.com/application --> mappeddomain.multisiteinstall.com/application

    Also a simple htaccess 301 redirect will do the same though I prefer the server side solution myself.

    I am closing this ticket considering the content of the ticket and workable options given therein to solve this.

    Cheers, Joe :-)

    James
    • Elite
    • 50
    • #2192

    Sorry to reopen this can of worms but I am not quite understanding. I bought an SSL certificate from my hosting company. Of course now when I use multisite to create a subdomain (so I can use Pro Sites) a message pops up prompting people to not go to that subdomain address because it is not verified. I see the wildcard option from Verisign / Symantec is about $2000 per year which is outrageous.

    Isn't there a way to ONLY apply the SSL cert for registration, login and purchase pages so the remainder of the time there are no issues?

    Please advise!

    Timothy

    It's not really outrages considering the level of protection and the amount of sites it could potentially cover.

    If you want it to work on all sites, all sub domains then you'll need to get a wild card one.

    It won't work for mapped domains if you're thinking about that, they would need their own cert or an even more expensive server level one.

    You can get much cheaper wildcard SSL certs, for example £80 in the UK (Where I'm based):

    https://www.123-reg.co.uk/ssl-certificates/

    There should be US options out there too.

    As this is an old thread, to be sure we don't miss any responses please feel free to open a new thread for further discussion if you need. :)

    Take care and have a great day!