Jump to content
  • 0

How does ssl work with Cloud ?


cywc

Question

I am new to cloud based PrestaShop and fairly new to PS. I've been working on a self-hosted site with PS, so I've tried setting it up but haven't yet opened it. I wanted to try the cloud shop first to see if I liked it better before going live.

 

My question is about ssl certificates.

 

Since this is a form of shared hosting, do we need ssl certificates and can we run the prestashop without it on cloud ?

 

I ask because some of the payment systems I'm considering require a ssl certificate. I'm looking at Simplify, for instance.

 

If not, how will the buyer know the transmission is secure ?

 

I did not see this question asked yet, and hope I'm not repeating a question.

  • Like 1
Link to comment
Share on other sites

46 answers to this question

Recommended Posts

  • 0

@ubergirl - so you're thinking we each have a dedicated ip address ? How do you know which one you have ?

 

I'm seeing that the ssl is turned on in my shop to as well as front office being more secure. That is not the case with my self hosted PS. I tried to turn it on without the dedicated ip and it went haywire. My self hosted shop was down an entire day due to some type of attack on the shared server, so I'm leaning toward PrestaCloud right now.

Link to comment
Share on other sites

  • 0

@ubergirl - so you're thinking we each have a dedicated ip address ? How do you know which one you have ?

 

I'm seeing that the ssl is turned on in my shop to as well as front office being more secure. That is not the case with my self hosted PS. I tried to turn it on without the dedicated ip and it went haywire. My self hosted shop was down an entire day due to some type of attack on the shared server, so I'm leaning toward PrestaCloud right now.

 

 

we don't have dedicated ip address.

you can find your ip on store details page

5ndjxrJ.png

 

if you will check it with reverse ip lookup tool:

http://www.yougetsignal.com/tools/web-sites-on-web-server/

 

you will see that this ip hosts several pages.

  • Like 1
Link to comment
Share on other sites

  • 0

@vekia - If that is the case, it's really exciting. I'd love to have an additional shop for my non-wedding fashion or to try out a different style shop. Thank you for posting that information.

 

Any idea how to set up for a hosted checkout - where it happens on your site, like with Simplify ? I am guessing if we have some sort of ssl, we may be able to just set up accordingly, but I want to be sure before I allow any accounts to be created. I'm just in catalog mode right now.

Link to comment
Share on other sites

  • 0

Thanks vekia. I did find quite a few other shops listed with the same IP address. It took me a while to locate the store details page :) Not sure how the hosted checkout will work without a dedicated IP, but at least account passwords for buyers might be secure.

 

I'm not sure how to proceed. I'm trying not to use Paypal. I normally use Braintree, but the payment modules are expensive. I'll look for another off-site checkout payment processor.

Link to comment
Share on other sites

  • 0

This is a major issue and with the lack of response of the admin team I am guessing that they maybe working on some sort of solution to this problem. I sur hope they are as I am concerned about this also.

Link to comment
Share on other sites

  • 0

Thank you to all those following this post. I'm continuing to develop my shop with the hope we will be able to have some kind of ssl for the payment processors. I'd be happy to use one of the normal processors or a type of direct checkout hosted by PS if it's not too expensive. I'd like to have a Paypal alternative, since I prefer not to use them.

Link to comment
Share on other sites

  • 0

up  up!  hehehe

 

please PrestaShop!  add SSL option!

 

another suggestion is add Reverse DNS Lookup.

 

if do

nslookup IP

 

do not return the server name...  not properly configured..

 

The Reverse DNS Lookup is required by many payment gateways authentication.

Link to comment
Share on other sites

  • 0

If you want a secure method of payment for your clients, most companies which take payment on your behalf have ssl.

 

in the free payment module you have klikandpay, I have open an account with them and the process was very easy and straight forward everything was done online and by email.

The % is much lower than paypal and they accept different method of payment.

Edited by milleetunesoies (see edit history)
  • Like 1
Link to comment
Share on other sites

  • 0

 

Any idea when the ssl will be available ? I'd like to sign up for Simplify and the deadline for their promotion is in April (30th). First 10,000 transactions are free. Any chance this could be available by then ? I have to get set up and actually transact for that to happen, and with wedding dresses etc. that can take a while. I'd appreciate more details on the timeframe if possible.

 

Thank you.
Link to comment
Share on other sites

  • 0

Hi,

 

Is it possible to buy an SSL certificate from GoDaddy and install it on my Prestashop Cloud store? If so, what are the steps that I need to follow in order to install it? I cannot find any Prestashop Cloud documentation relating to this. Do I need to purchase a dedicated IP address?

 

If I wanted to transfer my store from Prestashop Cloud to a hosted network is it possible? 

 

Also, according to Xavier du Tertre's post from Feb.9, 2015 (see above), Prestashop Cloud will soon have SSL, does anyone have an approximate date in mind? I would like to launch my e-Commerce store ASAP. I don't mind paying for an SSL certificate as long as I can install it. Any comments or feedback from this forum is greatly appreciated. :-)

 

I thank you in advance for your suggestions, assistance and cooperation.

 

Kind regards,

 

Fran

Link to comment
Share on other sites

  • 0

Well, it's now many weeks later and it would be awesome if SSL is very soon an option on PS CLOUD - otherwise there is no way any Prestashop Cloud Shop will roll out in Germany where this is the first thing clients expect (even if not taking payments). 

Link to comment
Share on other sites

  • 0

I want to use SSL on prestashop cloud and still be able to use my own domain name. To the Prestashop team: are you working on making this option available soon??? It leaves me with either the option of using a non custom domain name with SSL or the option of using a custom domain name without SSL.  I like none of these options. Keep us posted.

Link to comment
Share on other sites

  • 0

That's kind of crazy.  How can Prestashop Cloud be taken seriously as an Ecommerce solution if you can't use SSL during checkout?  Maybe I am misunderstanding but how do people using the cloud option make their checkout secure?  I have been working on setting up a site using cloud for a week or so but this has me changing my mind.

  • Like 1
Link to comment
Share on other sites

  • 0

Simply solution: self hosted Prestashop. Search for a good hosting company and install Prestashop by yourself. Some hosters also offer ready Prestashop hosting packages (inkl. SSL certificate). You cannot expect that Cloud which is free, fulfil every requisites users need. Also I'm sure that if SSL is implemented on cloud, it will be not for free, cause for SSL you need to have a dedicated IP. Cloud has only a shared IP . The only way to run SSL on Cloud is by using expensive wildcart SSL.

Link to comment
Share on other sites

  • 0

While i agree that a free cloud solution (not really free, their business model is to give you the basic software and sell you addons) doesn't have to have everything, SSL is an absolute must.  You can't run an ecommerce site without having a secure checkout.  Yes, I could download and install it locally but the point is, Prestashop Cloud shouldn't be offered if it doesn't have some solution (could be a fee) for SSL during checkout.

  • Like 1
Link to comment
Share on other sites

  • 0

Do not agree. I don't have SSL on every customer shop I'm hosting/administrating. Some customer want/need SSL others not. A shop with 200 products of a running local shop don't need to have a SSL checkout. Their customers know them personally, and if there is any problem the went to them locally. So not really a must have. Their customer trust in them also without SSL. BTW the costs of SSL certificate he in this case should add to his prices. SSL ist not a must have, but an extra you can need or not.

 

It is planned to add to cloud, but who knows when ??

Edited by selectshop.at (see edit history)
Link to comment
Share on other sites

  • 0

Doesn't matter how small a site is or if they know their customers.  If credit card information is being entered along with personal information on the form, SSL is a requirement.  The only way I could see around it is to ensure that the entire checkout process takes place on a 3rd party site like PayPal.  Hopefully that is what these sites are doing, making sure the cc information is being entered at the processors end and not on their cloud site.

  • Like 1
Link to comment
Share on other sites

  • 0

Simply solution: self hosted Prestashop. Search for a good hosting company and install Prestashop by yourself. Some hosters also offer ready Prestashop hosting packages (inkl. SSL certificate). You cannot expect that Cloud which is free, fulfil every requisites users need. Also I'm sure that if SSL is implemented on cloud, it will be not for free, cause for SSL you need to have a dedicated IP. Cloud has only a shared IP . The only way to run SSL on Cloud is by using expensive wildcart SSL.

 

Sorry, but that is in my opinion a rather poor and often repeated answer. Prestashop has given the impression that it would "soon" be possible to use the cloud version with SSL. Several months later, it is still not possible and no date of when it might reliably be so are missing as well. As there is NO way to properly move a Cloud based PS setup to a non-cloud version, all work spent on setting things up and testing it on the cloud becomes obsolete once people realise you can not use SSL on the cloud. Thanks for wasting our time there, PS! What the heck is the cloud version for then, if not to use for hosting real-world-online-shops?!? If it will never mature, just have a simple demo of a PS installation and call it a day. Save your developers time, and ours too.

 

But to those repeating the annoying statements a la "just use the self-hosted version": The ENTIRE POINT of using a cloud solution is to provide people who want to run an ecommerce solution without a dedicated support team for fixing bugs due to a million different server/OS/PHP/databse-versions and variations with an option to doing so - with the added benefit of those PS people supporting it knowing nobody has tweaked some server memory parameters etc. or installed some new patch somewhere which might screw things up somewhere far below the PS application layer, which first needs to be discovered through time-consuming testing and forensics.

 

This attitude of "if you want the darn basics of a secure webshop then you have to use a self-hosted solution because the cloud will not even support SSL", is imo pathetic. That turns the PS Cloud into pure vapourware and a marketing machine for something it isn't. As we've stated before, we would not mind paying for SSL integration or even the cloud version, but stop wasting our time with developing a non-secure Cloud version then for crying out loud. FOCUS PS!

  • Like 1
Link to comment
Share on other sites

  • 0

But to those repeating the annoying statements a la "just use the self-hosted version": The ENTIRE POINT of using a cloud solution is to provide people who want to run an ecommerce solution without a dedicated support team for fixing bugs due to a million different server/OS/PHP/databse-versions and variations with an option to doing so - with the added benefit of those PS people supporting it knowing nobody has tweaked some server memory parameters etc. or installed some new patch somewhere which might screw things up somewhere far below the PS application layer, which first needs to be discovered through time-consuming testing and forensics.

 

 

You are wrong in this point. On Prestashop Cloud there is no other software installed as the same you can install by your own. The same problems, same configuration, same bugs. Prestashop is not solving bugs on Cloud. Other thing, is that the version on Cloud is not upgraded. So if you installed a version 1.6.0.11 you are not able to upgrade to 1.60.14 for to debug some errors). And of course you don't need on a self hosted package to know php, SQL, etc. There are sever provider offering proper pre-installed Prestashop on their servers as a ready for use package (you don't need also there knowledge of php, SQL, etc), with the advantage to stay flexible for to expand your project on what you need.

 

The requisites on a server is documented on the official Prestashop docu and also here in the forum by experienced Prestashop users. 

 

Again I can say: if Prestashop Cloud does not meet your expectations, you are free to host by yourself on each other provider. There are several shops running on Prestashop Cloud without any problems.

 

For me as proficient user, Cloud is due to the restricted FTP and DB access, not an option, but each user should choose that what he need/want. And BTW all free things in the world are not perfect and/or cover all events (for everybody). Try and decide. If does not cover what you want than choose another option, there are several...

Edited by selectshop.at (see edit history)
Link to comment
Share on other sites

  • 0

Except the reality is, NO ecommerce site that accepts credit cards should be operating without an SSL.  That is not debatable.  It's against Visa/MC terms and conditions, it's not PCI compliant and you, as the store owner, are 100% liable for stolen cc information because you accepted and allowed that information to be transmitted over an insecure connection.  Argue for it all you want, a cloud solution shouldn't be a marketed solution if it can't offer this basic necessity of any Ecommerce store unless the only payment option allowed is PayPal or the like where the transaction takes place on someone else's website that is secure.

 

Yes, I know I can install it on my own.  That is not the point, the point is, cloud shouldn't exist if it can't meet this basic need.  if it's too expensive, charge for it.

 

I appreciate all the help you provide on this forum Selectshop, but completely disagree with this point.  This is one of those fundamental, must have features of any ecommerce site.

  • Like 1
Link to comment
Share on other sites

  • 0

I'm not debating with you about the generally need of SSL or not, but whether the package Prestashop Cloud meets your needs or not. If it does not meet what you need you should take another package into consideration.

 

I did some research:

 

about 1.400 Domains hosted on IP 37.59.161.130 - http://www.tcpiputils.com/browse/ip-address/37.59.161.130

about 550 Doamains hosted on IP 192.99.143.140 - http://www.tcpiputils.com/browse/ip-address/192.99.143.140

 

and only some few users here claiming SSL need on cloud ? Well the real scenario is: some few claims against real Cloud hosted satisfied 1.950 users. Think this discussion is superfluous.

 

It is planned to integrate SSL into Cloud. When and at which conditions, nobody knows. But coming back TO YOUR PROBLEM with Cloud, at the moment SSL not available, so you have two choices: self hosted, or wait for to open your shop on Cloud still Cloud offers you SSL.

 

Take a self hosted package for your project if the Prestashop Cloud does not meet what you need is the only solution at the moment for your problem. BTW there is not only Paypal on the market for to accept credit cards without SSL, you forgot to mention (Skrill, Authorize.net, Blue Snap, HiPay, PayULatam and several other payment solutions available for Prestashop).

Edited by selectshop.at (see edit history)
Link to comment
Share on other sites

  • 0

You are wrong in this point. On Prestashop Cloud there is no other software installed as the same you can install by your own. The same problems, same configuration, same bugs. Prestashop is not solving bugs on Cloud. Other thing, is that the version on Cloud is not upgraded. So if you installed a version 1.6.0.11 you are not able to upgrade to 1.60.14 for to debug some errors).....

Perhaps my understanding on a CLOUD based solution is then wrong, or at least different to every other cloud based service I've ever encountered...

 

"Prestashop is not solving bugs on Cloud."

 

Of course they are not solving issues related to a client's catalog misconfiguration etc., I get that. But SURELY they are making sure that the basics on the cloud are running smoothly, otherwise it would be absolutely and completely irrelevant to offer it - can we at least agree on that?

 

"Other thing, is that the version on Cloud is not upgraded."

 

Same applies to that statement - if it were true, that would be a load of bollocks. Are you seriously telling me that it won't be upgraded and looked after? Then congratulations to wasting the cloud developers time on even launching the cloud service. Imagine Dropbox Cloud software being released three years ago and each installation was stuck at the level it was installed at. Of ____ course it is being maintained and upgraded - the entire operation is otherwise moot and obsolete.

 

"I did some research:

about 1.400 Domains hosted on IP 37.59.161.130 - http://www.tcpiputil...s/37.59.161.130

about 550 Doamains hosted on IP 192.99.143.140 - http://www.tcpiputil.../192.99.143.140

and only some few users here claiming SSL need on cloud ? Well the real scenario is: some few claims against real Cloud hosted satisfied 1.950 users. Think this discussion is superfluous."

 

That is another misleading and irrelevant comparison. First of all, not everyone raises the issues. Most go away, leaving PS for something else. As soon as something is offered for free, you get lots of people signing up - not all of them ever intend to use it. I've got an Instagramm and Tumblr Account - never used it...

But crucially, some - like us - are still setting up and configuring things in order to launch it at some point SOON - provided the promises earlier on are not turning out to be vapourware. And to state that the Cloud offering won't be updated is certainly only a silly remark from your side. btw - we can all FTP into the cloud solution as well, albeit somewhat restricted. I hope people with actual insight into the cloud offering start to respond soon, to continue the discussion with the arguments you provide is indeed a waste of time.

 

 

Final note: Perhaps I'm reading your english statements too closely, and you can better explain it in German, dann geht das auch wunderbar von mir aus. Ich leite diese Diskussion auf jeden Fall mal an Herrn Meischner weiter, sicher kann er präziser antworten, was mit der Cloud gedacht ist. Diese wilden Aussagen von dir lassen die Cloud Lösung bestenfalls als ein verunglücktes Projekt dastehen - wenn die Cloud nicht weiterentwickelt wird (wie du zumindest auf englisch schreibst!) dann ist das der Gipfel des Schwachsinns in der Geschichte der Softwareentwicklung.

 

Beste Grüße aus Schweden,

Jonas

Edited by techimab (see edit history)
Link to comment
Share on other sites

  • 0

 

Final note: Perhaps I'm reading your english statements too closely, and you can better explain it in German, dann geht das auch wunderbar von mir aus. Ich leite diese Diskussion auf jeden Fall mal an Herrn Meischner weiter, sicher kann er präziser antworten, was mit der Cloud gedacht ist. Diese wilden Aussagen von dir lassen die Cloud Lösung bestenfalls als ein verunglücktes Projekt dastehen - wenn die Cloud nicht weiterentwickelt wird (wie du zumindest auf englisch schreibst!) dann ist das der Gipfel des Schwachsinns in der Geschichte der Softwareentwicklung.

 

Beste Grüße aus Schweden,

Jonas

For discussion in German there is a German Forum section available. Please feel free to add your statements, problems or doubts there.

 

 

"Other thing, is that the version on Cloud is not upgraded."

I'm talking about facts and not speculations:

 

And no, for the moment it is not possible to make upgrades on Cloud. Perhaps Prestashop will add a possibility for to upgrade on major releases, like from 1.6.0. to 1.6.1 ? But of course and I'm sure on this that if there were crucial bugs found, what means security leaks, Prestashop will take action and upgrade their core on Prestashop Cloud by themselves. For this you should not open another speculation, cause it is not necessary. I'm working with Prestashop since years and know their caution with their software and name.  But it is true that the upgrade option on Cloud is not available. The 1-click module is not available and you cannot install it afterwards. Not at the moment. I added my developer shop beginning of the year to the Cloud (actual version that time was 1.6.0.9 1.6.0.11). It is still 1.6.0.9 1.0.11 Opened a support ticket asking about upgrade of the store. This was the answer received:

 

 Hello ,

 

 

You could

delete your store from your account https://www.prestashop.com/ > My store

> store details > Delete this store.Do not hesitate to contact us if you have other questions.Best Regards

 

Laurent N'DAWSupport Team

 

 

Of course all the versions given out on Cloud are running smoothly, and this is the crucial point why Prestashop does not allow users install non non certified things on Cloud. The problems let me say "bugs" are not coming from Prestashop core, but from free and paid non certified addons, creating several overrides and making the core unstable. So the version on Cloud is stable and usable out of the box.

 

Finally:

Sorry but I could not understand the sense of this discussion. Doubts and problems added here are answered as more precisely as possible. If Cloud is not fulfilling your needs or it is not the option for your business, so simply don't use it.

 

There are several users using Cloud out-of-the-box without any problems.

More precise details on shops on cloud you can take from Prestashop's day  presentation: http://fr.slideshare.net/PrestaShopOfficial/keynote1-49448932.

If the added shops are active or not nobody can say. It's up to each user to today open a shop and tomorrow or in a week close it again... You will never have an exact statement about "how much" of them are in production.

 

EDIT: screens added

post-741527-0-02436800-1434714184_thumb.jpg

post-741527-0-10615700-1434714222_thumb.jpg

post-741527-0-25904500-1434714239_thumb.jpg

Edited by selectshop.at (see edit history)
Link to comment
Share on other sites

  • 0

Agree completely with techimab.

 

Just because their are 1900 sites hosted doesn't mean there are 1900 sites that found this solution to work for them. I am one of those 1900 accounts and will never go live with it but my account still sits there.  I am sure that some percentage of those 1900 users are actually using it to run a live store and that is scarey.  That could be over 1000 sites accepting transactions insecurely.  Most people new to Ecommerce (I am not) may not know what SSL is or that they need it.  Since it's not offered or part of the setup, many may not have any idea that they are supposed to have it and the kind of risk they are opening themselves up to.  Prestashop is the expert here and they should know better than to offer a solution like this to 1900 people without making sure the bare security essentials are addressed.

 

I also agree that it doesn't make sense to continue the conversation.  I have said my piece.  I do not think the cloud offering should be offered and I would guess there are many sites usiing it that have no idea what kind of security hole or liability they are placing on themselves.  Prestashop is marketed as an easy beginner solution and it's really not a solution. 

Edited by GiantRobo (see edit history)
Link to comment
Share on other sites

  • 0

I don't understand why so many non sense posts in this last month.

The PrestaShop guy said the SSL will be implemented.. This is enough..

 

Try to read the replies on first page before post something.

+1. Im totally with you.

It seems to be the elapsed time from first "ask if possible", the promise of "it will be implemented" and the "elapsed time on not yet implemented". Answer is very simple: if you cannot wait for SSL than use another hosting package. If you can wait than simply wait still Cloud has SSL...

Link to comment
Share on other sites

  • 0

I still can't believe this is true. SSL Support should be the first thing implemented. PrestaShop, as the provider here has some responsibility for their costumers. Beside limiting module installing etc it should been self-evident that you must enable SSL for all shops. They should even force to use SSL on projects that are not clearly labelled as development or test systems.

 

If PrestaCloud would have been my project I would have delayed it till SSL if fully working!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...