Custom SSL Certificate
Allow custom SSL certificates to be installed for RS domains. When a customer goes to https://yourRSportal.yourdomain.com an error is displayed because the SSL certificate does not match the domain. This is also an issue for the Vantiv integrated payments if a customer uses our customer portal link the site does not show that it is SSL protected and there is currently no "secure payment" badged on the Vantiv payment page when a customer clicks "Pay With Credit Card".
This obviously doesn't hide the RepairShopr.com web address from the end user, but what about doing a 302 Redirect for the time being? i.e. setup repairshop.mycompany.com on your own host and have that host do a 302 redirect to mycompany.repairshopr.com. The links you send your clients could still have your branding on them, but their web browser would seamlessly redirect them to the secure page at the repairshopr.com domain. No SSL errors. True the client would see the RepairShopr.com domain name in the URL bar, but the truth is as long as they are not getting an SSL error I'm willing to be 50% or more of the people that use your link will ever notice the URL on the page they are looking at. If someone actually notices most won't care... and those that do and happen to ask just tell them yeah, that's the software you use and that yes that's legitimate. At least until custom SSLs are available :)
Daniel Koster commented
@Dan - a wildcard SSL is already implimented. But as @Rob pointed out, it doesn't help for anyone using a CName to make the interface appear as *.YourDomain.com instead of *.RepairShopr.com.
The only solution is to direct payments to the actual RepairShopr address until such time that RS can allow custom SSL certificates. A multi-domain SSL should work as well but that would be a nightmare for RS to manage so I can see why they are reluctant to do that.
Wildcard certificate isn't the whole answer here. We're using our own domains repairshopr.mycompany.com and rerouting that to mycompany.repairshopr.com
We need a solution where when a customer receives a link from us that points them to repairshopr.mycompany.com and then gets rerouted to mycompany.repairshopr.com it maintains the secure chain. The reason it fails right now is because the browser sees repairshopr.mycompany.com but it's actually at a repairshopr server. Repairshopr can't just implement an SSL certificate that references OUR domains and we can't just implement an SSL certificate that references THEIR servers.
tl;dr it's complicated and wildcard certificates do not solve the problem. not fully anyway.
^ among many other sources. Wildcard SSLs are a solved problem with an affordable solution. I don't understand why it's not implemented.
surely this is a mission critical update????
Ryan (CTO, Pinellas Computers) commented
Yes please. I've had several clients unable to use payment portal because their browser ID's it as dangerous. Calls about it all the time.
Agreed, Many customers bring this up when paying online, please help resolve!
Agreed. This needs to be addressed sooner than later.
I only suggested this like 3 years ago LOL ..
With all of the security hoopla in the news as of late, this is becoming to be a huge deal for our clients.