General Q's re: SSL and PayPal Pro

OK... so I am trying to decide between Paypal Pro vs. Express for my project. If someone could shed some light on the whole SSL thing as it relates to ProSites and using PayPal Pro, I would be very thankful! I just want to make sure I understand how it works so I can make an informed and *somewhat* educated decision!

1. Do I need to get the SSL certificate on the main domain (www.maindomain.com) or just for the page with the check out form on it (www.maindomain.com/checkout) ?

2. If I get the SSL for the main domain, does that mean that the site will always be reached at https:// now or does the https:// only kick in when the checkout process is initiated by the plugin?

3. If the SSL is on the main domain, then how does that affect mapped domains and other plugins that reference the site at http:// vs. https://

4. If I decide to use Paypal Pro with an SSL, then where is the customer credit card data stored? I assume my servers, but is that correct? If I use PayPal Express, then the data would be stored at PayPal?

5. Suppose I have a sub domain multisite install ... I assume that I would need a Wildcard SSL in order for each of my sub sites to have an SSL and the regular SSL is only good for the main domain, correct? Suppose one of the sub sites then uses Domain Mapping, then would that SSL no longer work on the sub site and that sub site mapped domain would need to get it's own SSL?

That's it for now...
Thanks in advance! Jennifer

    DavidM

    Hi Jennifer,

    1. Do I need to get the SSL certificate on the main domain (www.maindomain.com) or just for the page with the check out form on it (www.maindomain.com/checkout) ?

    SSL would actually be done on a domain basis.

    2. If I get the SSL for the main domain, does that mean that the site will always be reached at https:// now or does the https:// only kick in when the checkout process is initiated by the plugin?

    That would depend on the cert/script, something you'll want to ask them about when purchasing, though I believe, in general http:// should always be accessible.

    3. If the SSL is on the main domain, then how does that affect mapped domains and other plugins that reference the site at http:// vs. https://

    It wouldn't affect hose other domains, just the domain it's setup for.

    4. If I decide to use Paypal Pro with an SSL, then where is the customer credit card data stored? I assume my servers, but is that correct? If I use PayPal Express, then the data would be stored at PayPal?

    I believe the card data is still not stored locally. I'll ask one of the developers to confirm that.

    5. Suppose I have a sub domain multisite install ... I assume that I would need a Wildcard SSL in order for each of my sub sites to have an SSL and the regular SSL is only good for the main domain, correct? Suppose one of the sub sites then uses Domain Mapping, then would that SSL no longer work on the sub site and that sub site mapped domain would need to get it's own SSL?

    With Pro Sites, you would only need SSL on the main domain. All the checkouts are routed there.

    If your site's using CPanel, here's a great resource that may help:
    http://docs.cpanel.net/twiki/bin/view/AllDocumentation/CpanelDocs/SslTlsManager

    -David

    Mason

    Hiya,

    As we haven't heard back from you we're going to assume the problem was sorted out and mark this ticket as resolved.

    If it wasn't resolved, or you have any more questions related to this thread please feel free to post them below and tick the 'Mark as Not Resolved (re-open)' box below the post area (or else we'll miss it!)

    Otherwise, thanks for using the forums, and for being a member of WPMU DEV, it's a pleasure to help you out and we look forward to being of assistance in the future.

    Thanks