Closed Thread
Results 1 to 2 of 2

Thread: https and Google Chrome

  1. #1
    Intermediate Participant
    Join Date
    May 2010
    Location
    St. Joseph, MO
    Posts
    51

    Default https and Google Chrome

    I know that Google's https requirement deadline has been pushed back repeatedly, but it appears we are getting to the end of the road. Do ShopKart subscribers need to be concerned about the index page to our sites being http and not https? When a person gets to the home page, Google Chrome is showing Netsoft ShopKart sites as not being secure. On the surface, this has me a bit concerned. Can you enlighten us on this issue?
    David Takes
    Expressions Engraved, Inc.
    St. Joseph, MO
    www.expressionsengraved.com

  2. #2
    NetSoft Studio Team M. David Matney's Avatar
    Join Date
    Mar 2009
    Location
    Reno, Nevada
    Posts
    544

    Default Re: https and Google Chrome

    Shopkart supports both http and https. By default, only the web pages that transmit "sensitive" data are encrypted (e.g. checkout pages). There is no need to encrypt image files, css files, javascript files, and html files (non-sensitive data). The ONLY time data must be encrypted are on form pages (e.g. Checkout pages), and by default, these pages use PCI compliant, latest TLS 1.1+ encryption. These are pages that transmit sensitive data from from client (i.e. Web browser) to the Shopkart Server and vice versa.

    With that said, if you want all your pages encrypted (including those that do not transmit "sensitive" data, such as the index page) you can (although, not necessary), there are two things you must do:

    1. request a custom SSL certificate by sending a request to our tech support help desk to order a custom certificate. Custom certs are $150/year for a DV Cert. You must have a custom certificate because certificate authorities embed the authorized domain into the certificate, forcing the certificate to only be valid for the domain name it was purchased for.
    2. in your web store, change the store's primary url and secondary URL to https://www.domain.com replacing domain.com with the domain name embedded in the custom certificate. The certificate must be installed (Netsoft Studio will handle all the technical details to install the custom cert) before making this change.
    Lastly, be aware that because certs have a domain name embedded into the cert, you cannot use multiple web stores unless the additional web store's domain is also included as a SAN (Subject Alternative Domain) when the custom certificate is ordered from the Certificate Authority. Certificate Authorities charge an additional fee for each additional SAN requested.

    Whether you decided to encrypt pages that DO NOT need to be encrypted or not, is a business decision that you need to make. Shopkart supports both methods, and as long as you use https (notice the s) for the secure URL, then all pages that send/receive sensitive data (e.g. Checkout pages) WILL BE ENCRYPTED and will be PCI compliant, and are marked secure by all web browsers, including Chrome v. 68+. Using https (again, notice the s) for the primary URL will mean all pages that DO NOT need to be encrypted, will be encrypted anyway.
    Best Regards
    M. David Matney
    Chief Developer
    NetSoft Studio
    http://www.NetSoftStudio.com

Closed Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts