How to make the shopping cart secure with an SSL certificate ?

How to make nopCommerce shopping cart secure with an SSL Certificate ?
https://www.register.com/product/security-sslcertificates/extended.rcmx

Please guide me....

1. Open web.config file
2. Find 'UseSSL' attribute
3. Set its value to true

is it perfectly fine to make changes in the webconfig file ? i mean it's just that i don't want to change the default webconfig file of nopCommerce
so if it safe/fine to do this change and it won't affect the whole project ?

1) I tried making SSL="true" but then when i add products in shopping cart and checkout i don't see any difference ?
is there any difference that i should see if SSL is ON ?
Please guide me in a right direction...

2) Does nopCommerce has got it's own SSL certification ? There are so many SSL certification services that are charging money for providing SSL certification so how i can come to know that all the SSL out there are providing the same security that nopCommerce is providing with inbuilt SSL ? i mean does nopCommerce SSL certification is just like all the other SSL certifiaction services out there ?

abcd_12345...

Yes it is "safe" to make changes to the web config file but as with anything if you don't do it right it may have an ill effect, but at least with the web config file you can make a copy of it first then edit the live one and save if the site brakes place all the code in the copy over the live and save again.

As for SSL.

No nopcommerce nor any web apps come with SSL certs.. thats not how certs work. you will need to ask your hosting company for a SSL cert it will usually cost from $20 to $80 bucks depending on who they use and they will install it on the server for your site.
To test to see if it is working simply load your site with an "S" in the http...
So without SSL HTTP://www.your-site.com
With SSL HTTPS://www.your-site.com   <-- notice the "S" at the end of HTTP...??

When your web browser see's you are trying to use HTTPS it switches all communications with the server to be encrypted and it asks the server for a CERT, if the server has one it sends part of it to the client browser so that both the server and the client can communicate in privet/encrypted.

If the client browser likes (trusts) the cert it will show you a LOCK icon in the address bar or in the lower right of the browser depending on what browser you are using.

Well thats the base of it, Your browser also talks to cert issuing company to make sure the cert is real and such but that getting bit deep, hope this helped or it possibly made you more confused.

Shane

thanks a lot Shane for the explanation, i really understood the concept

Just making sure: So when my hosting company will install the certification on the server and i will make SSL="True" in my webconfig,  the http will automatically become httpS in the address bar wheneven the website is being opened ..right ?

Hi abcd_12345,

..."the http will automatically become httpS in the address bar wheneven the website is being opened ..right ?"...

Yes when the user clicks login wants to edit his/her profile or enters the checkout process it will auto switch to httpS making all data between the browser and the server encrypted and the browser shows that nice friendly lock icon making the user feel safe and secure or well thats the idea.

Ohhhh one note.. when asking for an SSl it can be just a bit tricky they will ask "what domain" you may say XXX.COM but you really want WWW.XXX.COM (make sure you request the WWW (well if you do want that in you URL))..

Ok good luck!
shane

thanks a lot shane for all the information you provided me...

Thank you guys for the Secure information.