I have been looking into credit card payments in marketpress and it seems that to use services like Stripe you need to have a proper SSL.
This becomes an issue because the only way I have found it possible to get SSL working properly with subsites and mapped domains is by using Cloudflares flexible SSL.
The problem with this is that the data is only encrypted between the user and cloudflare. Between cloudflare and wordpress multisite it is in clear text.
This is fine for usual trafic but when a subsite wants to use a service like Stripe in their Marketpress, will they be in violation of Stripes terms? Stripe specify that you must have a SSL on the page that collects their info that transfers to their system to collect credit card data. I am fairly sure that the cloudflare flexible SSL will not be compliant with this requirement. This could lead to possible legal liabilities if a client loses their credit card processing capabilities or data is compromised.
Is there any way to set up wordpress multisite subdomain installation so that I can provide the subsite a proper SSL?
I have cpanel for my hosting at the moment. I can buy a wildcard SSL for " *.mydomain.com " but the problem then comes when a subsite maps their domain. There is no way for me to add a new SSL inside cpanel just for this subdomain.
Has anyone worked out how to do this?
I think this might be a ticking timebomb as I have seen several people mention they have the same cloudflare flexible ssl setup as me. If any of them offer marketpress to subsites or use stripe for blog payments then they could already be breaking the terms of service for Stripe payments.