You can not host your own certificate on Business Catalyst at this stage.
However, every site comes with a secure URL e.g. yoursite.worldsecuresystems.com. You can find yours listed under Admin -> Manage Domains. So, you get an SSL certificate without having to pay for it every year.
Total Tosh this one, sorry
If you do not design and build your websites properly, lots of factors cause this.
A smooth, easy to use cart process, going to the worldsecuresystems to make payment on the main form and then either off to the payment gateway or using seamless payment and then a nice thank you page, good options clear showing what happens and what the person will do next.
Good aspects of information such as security etc.
No Problem at all, we work hard on our eCommerce sites to do all that and bar the real issues with the BC eCommerce like some of the bugs etc our clients enjoy good sales using BC.
Are you refering to what I said? Because I've done A/B testing between a domain ssl and a shared ssl going to a different domain and it was a tremendous difference in conversion rates. Same exact site, only difference was the domain switch. Afterwards, we did an extensive survey and the switch in domain DOES make a buyer feel less secure and, in the buyer's eyes, seems "less professional" and "shady"... their words, not mine.
If the site has not been done in a good way, Probably will.
But we have had our clients think this, do the tests and found the opposite because the experience is a lot better. It is not ONE thing, do a lot of elements right and this does not matter.
The only issue we have had with it is breaking out of worldsecuresystems etc but we have that sorted these days and the BC enginers have put a few improvements on that and more to come too.
You can not A/B test this on a BC site anyway because you do not have an option to not go to worldsecuresystems and have https://yourdomain.com.
While with a good user experience can help I do have to say that with URLs changing will worry some users. I have had a case where I would not make a purchase because the domain changes. A good user experience is great to have and can definitely help users feel secure. However, there are still cases when a custom secure domain would be preferable.
Craftyalien is correct. We have a regular hosting solution and then we also use the Business Catalyst solution. We offer a storefront option for both. When giving a client the option and explaining the differences, they ALWAYS baulk at the thought of not having their own secure certificate on their site. This is BEFORE we even design the site according to the concept you mentioned earlier. It is the clients and site visitor's PERCEPTION that counts, not the developers. While I agree that the site is JUST as secure (if not more secure) the problem is the client and the user have an issue with it no matter how well the site is planned and developed. I believe Business Catalyst needs to truly considering opening up to allowing SSL installations for each site.
More then one of our clients have gone from Magento and other open source sollutions to our BC setup and trippling their sales.
Like I said, it has a lot to do with how you build the user experience.
You moved your client to BC, obviously with a new design & checkout process. And for all we know, perhaps there was some marketing involved too. You have zero idea how the change in domain name for secure connections is affecting the sales. No idea at all. If and when BC allow this, take the same design, same checkout process, and A/B test it with an SSL & a redirect. Then monitor how many carts you drop, and come back & post the stats & tell us that the change in domain is irrelevant.
It's been proven that when the domain name changes, trust is reduced. When trust is reduced, sales are reduced. That's a fact, and it's not rocket science.
BC really need to address this and provide a solution for customers to use an SSL on their own domain.
Though correct setup of analytics and viewing the abonrates and contacting our clients on this to help improve our framework we do actually thank you.
And the difference is not there. I have other eCommerce sites using different systems even in similar fields as the other sites.
I still strongly stand that there will be very little difference.
Do you realise that even not under https a page taking payment is still used by simply putting lock icon on the form? It is true. HTTPS or not the same form and page got the same application rate from tests before.
Your making a lot of assumptions on what I have and have not done. I have put extensive time into the eCommerce aspect of BC and research before, after and during.
I know this is an older thread and hopefully a post will "ping" those that are on it to see if this can be resurrected. I'd like to encourage ABC to offer the ability (even if this is at an additional cost to the customer) to allow us to install their own SSL Certificate on the site so that we can have https://www.sitename.com.
I understand that by using the shared SSL Cert, ABC saves the customer from having to purchase their own Certifcate, which is nice. However, from a branding perspective, if a client wants to offer a https:// expeirence for their visitors across the entire site, this is not possible without making the URL change (and breaking the brand) when the site loads.
There could be a variety of reasons why a client would want to have https://www.sitename.com showing when the page loads. They may be collecting user name and password information on their home page to allow members to log in to a secure zone and want to ensure that visitors informtion is protected. The client could also be in a sensitive industry such as helathcare, insurance or banking and offer visitors (customers) the assurance that they are on a secure site. Whatver the case, it would be nice to have this as an option, and may open up an additional revenue stream for ABC as I have several customers that would be willing to pay for this enhancement.
I do a lot of work with community banks and find the ABC system is a great, easy to use and simple (yet powerful) CMS that enables the marketing managers to keep their site updated. We have got "around" the site-wide SSL issue with some internal landing pages where customers can enter login inforation to access their online banking accounts (which is on a different system, NOT on ABC). However, if this is a requiremnet that the bank has to be "full https" on their site, we cannot go with the ABC system and end up developing on a different system. I'd prefer to have all of my clients using ABC, making it easier for me to supprot and more economical for the client.
Fingers crossed this can be revisited and something can be done that will create a win-win here for everone.
I would not hope or expect any movement on this, this year or early next. With the infrastructure work on the system this year and then the role out of delayed features to come after that... This if considered would be a long way off.
Can i turn off SSL? It is causing Exchange autodiscover problems with Outlook 2013 clients.
Outlook first looks at (www).domain.com and then throws a certificate error. This only happens with 2013. But all of our desktop users are making the move to 2013.
Just got this request to make an existing site https and found this thread.
I have said that the ecommerce is fine and secure ( I hope )
However not the contact forms.
I can see that the contact form will show on the secure domain, does this quantify as secure?
And also I cant seem to find any BC resource that states what level of security there is for BC, can anyone point me in the right direction?
I would like to say that the above URL is secure to this standard...blah blah
Like one of the BC guys said, https is for vanity in a lot of ways.
A contact form is secure, if you just had the action https it is ok, but what you done there is fine.
BC is PCI level one compliant - thats official. You can google PCI if you want.
Outlook 2013 - internal exchange email with a valid cert.
Outlook clients are connecting over https externally
New setups and upon starting outlook with an expired password outlook searches to www first and tries to validates its certificate and it is invalid as BC does not have my name on the ssl cert.
hit ok on www and no www and then finally it finds autodiscover.
[personal info removed by moderator]
Sent from my iPhone
BC is not a microsoft exchange server.
If your using BC email service and set up as here:
You should not have any issues.
BC is my web host. But the email is internal
Outlook 2013 looks at www for auto discover.
Then goes to domain without www and fails
Then goes to autodiscover.
I know BC is not exchange server but their certificate practices gum up outlook 2013 implementation.
Sent from my iPhone
I agree 100%. I have a client right now who is adamant that the domain name not change to the worldsecuresystems url, they want to keep their own domain name throughout.
I would be more than happy to pay for the certificate just to get a consistent domain name for a website. I've seen posts online going back as far as 2010 requesting this feature, disheartening that this is not being taken more seriously by adobe.
We are new to BC and I'm shocked to find out that we are prohibited from having our own SSL certificate. This is unacceptable and will cause us to migrate our eCommerce platform to another provider in the future. It's frustrating because we expected this to be a standard feature and didn't learn about it until the final testing phase prior to launch. I asked my designer, "Do we need to buy a SSL certificate?" and he kept saying, "No, it's included". But that's not right. It's not the same thing to have purchases routed through worldsecuresystems.com
It is not a "vanity" thing. It's a branding thing. It's all about the customer experience and reinforcing trust through consistency. Also, there is no way to verify that our company is the owner domain like is offered with Premium SSL domains that list the owner in the navigation bar.
It's clear that I'm not the only consumer who believes this to be true. Adobe seems to belive that we should all be happy with a service that reminds me of the days when we had to use AOL keywords instead of going to the www.
Offer this feature immediatly or we will plan our next site revision to be on a different service!
I do not mean to be blunt but the system is a SAAS and a shared ceriifcation reduces the cost greatly for everyone and a core element to the system as it operates.
This can not change quickly or any time soon and I do not think BC has any consideration to do so anyway. So you will need to use another service for your next site if your own SSL is what you want.
While I know its not anytime soon (if ever) it would be nice to have as an option. Maybe an upgrade option that cost $ extra and is not standard. All BC plans have the included shared certificate but you can upgrade any eCommerce site to your own SSL at for extra. That would be a nice feature for those who want this ability.
Just a thought. =>
This would require a complete restucture not only in how BC works but how it is marketed and how you pay for it. BC even may be more expensive as a result of a change.
You need to be fully aware of all sides to the two options here.
It is not a straightforward thing and would be a fundermental core change in BC to implement and you basically building a new version of BC for all new sites as you could not just termniate the old way as it would break every other BC site currently.
why would this NOT be the first thing that gets fixed? I would be ok even if I would have to get the SSL from Adobe itself - but changing the domain name just to get HTTPS...hmm...
Most of the recent updates deal with stuff that none of the Partners really use or Plain Users can use effectively.
BC is becoming sort of like a Phone that is full of features, but cant make a phone call - IE, none of the Core features are being fixed(CRM, SSL, Email delivery, SEO(finally got an update only recently)).
This is not a bug to be fixed. Its a core feature of the system and the platforms core concept of being afordable all in one sollution.
It would mean a massive overhall of the system and changing one of the core principles of the platform for what would be a small percentage of the people who would want it.
You saying it is like a phone that cant make calls is a bit off. Can you make a website and take secure payments? Yep. Does it save you overall cost in that year with that built in or your client? Yep.
Liam, I can see your point but all I (and we) ask is that "Can we have our own SSL options? or will it be available at some stage ?”
I'm sorry but I have to be honest that series of your answers were bit ignorant and annoying. you are making assumption and a lot of us aren’t building the website properly and that causes the concerns about the SSL ? Well, you may be right and you may be wrong. Anyway, it is true that while shared SSL greatly reduces cost for everyone it also makes eCommerce websites look less professional. We had a client worked with external conversion managing agency that requested us to use matching domain for SSL, then we said “No we can’t.” Sometime this can be quite frustrating and makes us look less professional.
Of course it won’t be a “quick update” thing and it’s not something to be FIXED but this question has been going for a while so it’d be nice to be ADDED at some point. Maybe you should give us more productive feedback like “YES” or “NO” rather than ignoring our enquiries and depending on shared SSL.
Your reading a lot that is not there, it is quite a suprise, looking at what I have said and for you to say I am making assumptions and telling people they are not building their website properly. I have not even come close to covering that sort of concept. That is a very odd thing to say here when that has not even come up in the conversation, you are the only one that has raised that here.
Your situation is very bespoke and often will need a custom build sollution, yep I can see why you would need that but BC may not be the right fit in that case then. I have also stated while it is a nice to have it does not appeal to the mass requirements of users. Fixing a few things on how BC handles this between domains etc are defiantly needed and will positivily effect most of BC developers but like I said, you can not just request BC to change its implementation like people have asked here. It would be a complete uturn on a core feauture, be costly and be a very big change and a lot of people would have to change their sites and API.
BC wont do that for those reasons. They may extend and offer a higher plan that has this ability in the future maybe, but people need to accpet that this has never been something on any roadmap by the BC team and wil likely be something that even if it happened you wont see close to any time soon.
And you finish with the "Yes" , "No" comment, again, looking at the thread over again, in no way what you state is what is going on in this thread, what are you reading? Confused. Be it me or anyone else, please do not just attack a person because you need a feature you want and they outline it is either not an ability of BC or would be a feature of BC.
Not that persons fault.
I have only stated the actual fact of things and outline the realistic nature of requests and what they would mean and what I know of what BC has said and doing.
My problem is that Outlook 2013 first looks at https://www.mydomain.com<http://www.domain.com> for the autodiscover to find my mail server which is not hosted by BC. When it gets there it throws up a red flag saying the domain and the certificate do not match.
Very annoying to my users… and there does not seem to be a way around this.
Craig Reilly | Director, Software Development |
American Audio Visual Center<http://www.americanavc.com/>
office 480-596-9880 fax 480-596-0942 mobile 480-206-5575