I would like to add SSL encryption to my Smith Cart check out process.  DNN allows you to set it up on your portal so that SSL encryption can be enabled on a per page basis.  This seems like what I need.  On which pages do I need to enable SSL for a Smith Cart transaction to be fully protected?  Is it the "Store" page that shows the categories?  Is it the "Product Details" page that shows the product's details?

When a user clicks the Check Out button and starts the check out process, this is when encryption should be enabled, right?  But which of the site's pages are used for check out?

Thanks.

 

 

Thank for your help.  I have followed those instructions and seem to have some wierd problems as a result.

My site is hosted at 3Essentials.  I set up a Shared SSL solution there, so I had to fill in the "SSL URL" field and "Standard URL" field in the Site Settings page.

If I do not check the "SSL Enforced" box, ALL the pages on the site go through SSL, even the ones for which I do not set the "Secure" box.

If I do check the "SSL Enforced" box, then only the pages on which I check the "Secure" box go through SSL, but I get a some new problems when I'm logged in to the superuser (Host) account:

1.  Whenever I try to go to the Host page, I am redirected to the Home page - wierd.

2. When I go to the one page on which I have checked the "Secure" box, none of the admin features are available.  No module setting link, no admin control panel at the top, nothing.

3. None of the images on the secured page are displayed.

Any clue what's going on?

Thanks.

Here's an update...

I have abandoned my attempts to use the DNN implementation of SSL security. The secured pages must be rerouted through a https path (as opposed to non-secure http path). DNN wants to set up aliases for the re-routing.

Anyway, none of it worked. The alias engines is a big disappointment and it appears to be central to DNN SSL implementation.

Muddying the waters more is the fact that I'm trying to use a Shared SSL certificate.

I have purchased and installed a module called SSLRedirect: http://www.snowcovered.com/Snowcovered2/Default.aspx?tabid=242&PackageID=4103

After some configuration issues that arose because I'm using a Shared SSL certificate, the SSLRedirect module is working great for me.

The only problem I now have is that the yellow banner that you get when you don't have a license for the Smith Cart is getting displayed. Even though I have a license, and the license files are in the root location as they are supposed to be, that yellow banner that says I don't have a license is still being displayed.

I have a post in another thread here for the yellow banner issue. Since I installed and configured the SSLRedirect module, the Smith Cart page on my site is now secured as I wanted it to be. So the issue this thread is tracking has been resolved.

Thanks Scott.  Your post has helped me understand better what is going on.  I think you are on the right track as to why the yellow banner is being displayed.  As you suggest, I think is has to do with the redirect.

I purchased the Smith Cart license for the domain hideaboard.com.  However, in order to use the Shared SSL certificate at 3Essentials (the hosting company I am using), calls must be rerounted through https://ssl26.3essentials.com/hideabo...... 

where "hideaboard_secure" is a virtual directory that I set up according to instructions from 3essentials.

Perhaps if that domain path (including the "hideaboard_secure" virtual directory) were contained in the license, the yellow banner would not be displayed.  That appears to be the last piece of this puzzle.

Thank you very much for your point about the dedicated IP and it's price vs purchasing the SSLRedirect module.  It does appear to be an affordable monthly fee ($2.95 per month at 3essentials) to get a dedicated IP.  However, annually that comes to about $35.  And, if I understand it correctly, even with a dedicated IP, I would still have to reroute through 3Essentails's path to use their Shared SSL certificate.  And that puts me right back where I am now.

Am I correct that it would take both a dedicated IP and a dedicated SSL certificate?  The SSL certificate is $60 per year at 3essentials.  For both the dedicated IP and the dedicated SSL, the total cost comes to about $95 per year.  My customer is really pushing back on me against that added costs of doing a dedicated IP and SSL certificate. If I go the dedicated IP/SSL route to solve this problem, I am probably going to have to eat the added costs. And I just don't have that much room in the annual hosting fees I'm getting.

Anyway, those are business issues.  From a technical standpoint, if my understanding is right, I could use the Shared SSL option if the path through 3essentials's Shared SSL (including my "hideaboard_secure" virtual directory) were in the license.

Do you know what would it take to include the path through the 3essentials Shared SSL, including my "hideaboard_secure" virtual directory, into the license?  If that path were in the license, I'm thinking it would all work.

Thanks.