homepage Welcome to WebmasterWorld Guest from 54.197.110.151
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
SSL issue
tesla

10+ Year Member



 
Msg#: 346 posted 4:46 pm on Jul 8, 2002 (gmt 0)

I have an ecommerce site that handles all the credit card processing except for the actual verification of funds. For that I redirect to Authorizenet that then redirects back to my site with the results. This is all done in encrypted mode.

Here is the problem. When the Information is redirected to the authorizenet site the browser pops up a window with a security alert. Here is a URL to the captured pop up window:

https://secure.suite500.net/mou/ssl/Authnet_Security_Alert.jpg

This alert scares customers away. How can I prevent this from occuring?

Thanks,

 

chameleon

10+ Year Member



 
Msg#: 346 posted 2:37 pm on Jul 9, 2002 (gmt 0)

Did you purchase the SSL certificate, or is that provided by Authorize.net?

Usually that message means that your browser isn't aware of the issuing authority for the certificate. Way back when, there only used to be a few companies that issued SSL certificates (VeriSign and Thawte, for example). IE and Netscape shipped with knowledge of these companies, so whenever they came across a certificate from one of them, they knew it was okay.

Over time, more companies have started issuing certificates, however. Older versions of the browsers aren't aware that these companies exist, so they pop up a message like you've shown us asking the user if they should proceed.

Newer versions of the browsers ship with knowledge of these companies, so they don't have a problem.

You're right, it does tend to scare off buyers. Hence, these certificates are usually cheaper than the ones you can get from Thawte or VeriSign. That's the wrinkle -- do you pay more, and keep everyone happy, or pay less, and run the risk of scaring away business.

I hope this helps.

Bryan

[edited by: TallTroll at 4:32 pm (utc) on July 9, 2002]

tesla

10+ Year Member



 
Msg#: 346 posted 4:12 pm on Jul 9, 2002 (gmt 0)


Since the warning occurs as they are leaving the secure directories on my site (https://mysite.com) and being redirected to authorizenet's secure path, I would assume that this problem is caused by authorizenet's SSL certificate. I use a shared SSL on the server that I believe is Twarte.

It sounds like there is no solution for this problem?

Knowles

10+ Year Member



 
Msg#: 346 posted 4:17 pm on Jul 9, 2002 (gmt 0)

If its authorizenet's SSL that causing the message then unless you can talk them into changing who they get their SSL from, then there probably is not a fix. What version of MS are you receiving the popup on? IE users seem more prone to upgrade to the newer versions sooner. So it may just be a matter of time before this is a mute point for you.

tesla

10+ Year Member



 
Msg#: 346 posted 4:36 pm on Jul 9, 2002 (gmt 0)


Its my customers that get the message and I would expect the normal distribution of browser types. The ones using older browser are probably the least savvy and most easily scared off.
I originaly received the message as well about two years ago. But I said to accept the certificate and I believe it stored that away and I no longer see the message as a result.

I have taled with Authorizenet, but they are not helpful at all.

chameleon

10+ Year Member



 
Msg#: 346 posted 4:57 pm on Jul 9, 2002 (gmt 0)

If it's Authorize.net's certificate, there's not much you can do about it then, short of move to another service or the card processing in-house.

That's one unfortunate problem with the web -- you can't force your visitors to drag themselves into the 21st century. Our site still gets hits from people running Netscape 2.x. That browser is probably about 6 - 7 years old.

At somepoint, however, you need to draw a line in the sand and say "you're either moving forward, or being left behind."

Ultimately, having more than 2 certificate authorities is good for all of us -- the competition lowers the prices. If the user community keeps relatively current on their software (within 2 - 3 versions of current), you don't have a problem. It's the people who don't know better, or worse yet, the zealots who won't upgrade because they shouldn't have to that make life tough.

Here's my suggestion to solve your problem:

Add some JavaScript to your site to detect the user's browser. If they're running something old, pop up a message warning them that their browser is out of date, and that they can expect to see a message like you describe when they checkout. Assure them that it's okay, and that by clicking OK their billing information will be kept secure.

Short of that, you're looking at some expensive and time consuming alternatives.

tesla

10+ Year Member



 
Msg#: 346 posted 9:53 pm on Jul 9, 2002 (gmt 0)

Hmmm, that is a good idea. Right now I have a message that everyone sees alerting folks to the potential problem.....although I don't think anyone reads it. I can change it so that only old browser see the message.

I wonder if there is a way to know how many customers are actually seeing the pop up security alert?

chameleon

10+ Year Member



 
Msg#: 346 posted 1:08 pm on Jul 10, 2002 (gmt 0)

My suggestion would be to look at the web site for the issuing company. Usually they will say on their site something like "Browser Support" which will list the browsers that it handles smoothly. It will probably be something like "Internet Explorer 5.5+ and Netscape 4.7+".

You can use that info to warn only customers who don't meet that requirement.

Good luck!

- Bryan

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved