Jump to content
  • 0

Secure Server?

fogcity

Asked by fogcity,

 Share

Question

fogcity Newbie

fogcity

Posted
Posted

I've installed blesta, set up a test customer and package, and am now stepping through the customer experience. The make a payment step seems bizarrely undocumented and problematic at first glance. 

 

1) Customer is asked to provide credit card information on an unsecure connection with no warning of same. On back end there is no sign of how to set up secure server / SSL. googling "secure server blesta" turns up nothing but descriptions of how blesta cares about security?

 

2) A USE PAYMENT ACCOUNT option appears but is not selectable. No idea how to remove this.

 

3) After removing the ACH option there's still a dropdown for the only remaining option, CREDIT CARD, and it's under NEW PAYMENT DETAILS in the unnecessary FUNDING section. Um...why not remove this FUNDING section altogether when the only option is CREDIT CARD? 

 

4) Biggest issue, I've set up the STRIPE gateway but there's no sign of Stripe anything.

 

Really strange to me how far the default experience is from any online payment I've participated in. What am I missing? The tutorials page on blesta site stops at Installation... 

Link to comment
Share on other sites

3 answers to this question

Recommended Posts

  • 0
Michael Apprentice

Michael

Posted
Posted

I've installed blesta, set up a test customer and package, and am now stepping through the customer experience. The make a payment step seems bizarrely undocumented and problematic at first glance. 

 

1) Customer is asked to provide credit card information on an unsecure connection with no warning of same. On back end there is no sign of how to set up secure server / SSL. googling "secure server blesta" turns up nothing but descriptions of how blesta cares about security?

 

2) A USE PAYMENT ACCOUNT option appears but is not selectable. No idea how to remove this.

 

3) After removing the ACH option there's still a dropdown for the only remaining option, CREDIT CARD, and it's under NEW PAYMENT DETAILS in the unnecessary FUNDING section. Um...why not remove this FUNDING section altogether when the only option is CREDIT CARD? 

 

4) Biggest issue, I've set up the STRIPE gateway but there's no sign of Stripe anything.

 

Really strange to me how far the default experience is from any online payment I've participated in. What am I missi2ng? The tutorials page on blesta site stops at Installation... 

 

1) you need to use a Htaccess commands to do that: http://docs.blesta.com/display/user/Installing+Blesta#InstallingBlesta-ForcingHTTPS

 

2) + 3) I'm not sure about.

 

4) You need to enable credit card accepted (forgot how) and then tick stripe at the bottom of the order form for it to show up as "New Payment Details: Credit card"

Link to comment
Share on other sites
  • 0
fogcity Newbie

fogcity

Posted
  • Author
Posted

1) you need to use a Htaccess commands to do that: http://docs.blesta.com/display/user/Installing+Blesta#InstallingBlesta-ForcingHTTPS

 

2) + 3) I'm not sure about.

 

4) You need to enable credit card accepted (forgot how) and then tick stripe at the bottom of the order form for it to show up as "New Payment Details: Credit card"

 

Thanks for the reply,CubicWebs.

 

However when I enable https via htaccess I get this error in Chrome:

 

 

This is probably not the site you are looking for!
You attempted to reach domain.com, but instead you actually reached a server identifying itself as *.webserversystems.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of domain.com.
You should not proceed, especially if you have never seen this warning before for this site.
 
Note that webserversystems is my web host (site5). 
Link to comment
Share on other sites
  • 0
Michael Apprentice

Michael

Posted
Posted

 

Thanks for the reply,CubicWebs.

 

However when I enable https via htaccess I get this error in Chrome:

 

 

This is probably not the site you are looking for!
You attempted to reach domain.com, but instead you actually reached a server identifying itself as *.webserversystems.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of domain.com.
You should not proceed, especially if you have never seen this warning before for this site.
 
Note that webserversystems is my web host (site5). 

 

 

You will need a Dedicated IP and a SSL to get the https:// for your site, unless they offer a SAN SSL you could buy or get included.

 

If you did a self signed SSL they still would get a error.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to question listing
×
×
  • Create New...