Adobe Community: Message List - Can I install my own SSL certificate for my domain?

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Thu, 23 Oct 2014 15:32:26 GMT

Liam I read the blog and am aware of the BC Next. It will bring new way of manipulating all the resources which is great, however it still won't bring whatever doesn't exist there yet.

Yeah maybe 10 years later everything will be there I guess. I hope it's not gonna be the V3 case, fingers crossed.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Thu, 23 Oct 2014 07:25:22 GMT

Read the blog. BC.Next to start with.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Thu, 23 Oct 2014 06:13:52 GMT

I agree Lynda,

There are still tons of premature parts in BC. This might be concern in the future but not now.

Is BC really working on improving basic functionality of the system ? or just working on another fancy admin wrapper

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Tue, 14 Oct 2014 00:41:51 GMT

While I agree that I would love to see BC add custom SSL functionality I must agree I would rather see other improvements first.

About Google and SEO there was a study done that shows HTTPS doesn't boost rankings after Google released their announcement: http://searchenginewatch.com/article/2363270/HTTPS-Doesnt-Boost-Rankings-Study

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 13 Oct 2014 23:57:43 GMT

Over 2, Wow, time does fly by.

But thanks for the comments Mario. Its hard when I am agreeing with people that - It would be nice, but the excuses for BC to jump on it ASAP and its killing business... etc are just not valid reasons and BC wont do as Mario and I have pointed out, all that work and drop everything to do this. People need to be realistic.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 13 Oct 2014 23:45:34 GMT

Hey Liam,

It's been over 2 years now

I think that because of the way BC's multi-tenancy is built it may be a

huge task to introduce SSL certificates. I think that most partners would

like to see other improvements to BC done first before their engineering

team commits 6 months to implementing SSL certificate framework. Most of

the net is still http so I don't think Google will be too quick to punish

sites for not having SSL certs. I think BC still has couple of year to go

before they have to invest time in this.

That's my 2 cents.

Cheers,

Mario

On Tue, Oct 14, 2014 at 8:44 AM, Adobe Forums <forums_noreply@adobe.com>

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 13 Oct 2014 22:43:14 GMT

Simon, Mario has not worked for BC for well over a year

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 13 Oct 2014 21:44:51 GMT

@ mario_gudelj Probably not where you thought this discussion might go, but could you comment on the HTTPS issue with Google as relates to BC and it's single SSL certificate? I think the short question is, will BC enable sites to use a SSL certificate with their own domain name to, amongst other reasons, align with the new Google search criteria?

Thanks

Simon

dotsilo.com

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 13 Oct 2014 21:42:21 GMT

Are you replying to me? Because if you are, I am not sure what you are talking about. Could you please clarify what you are saying? Thanks.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 13 Oct 2014 21:31:15 GMT

I can get a number of statements from banks this week if I sent out and found time to do so that would go against that. That is not true. If that was true the way you pay on the web would be very very different. This is not the case. 1 or 2 cases does not equal all.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 13 Oct 2014 18:51:37 GMT

Changing http to https in page links (href sources) does not seem a big issue, but true if you source something (like an iFrame) from some other site that is not https would be a problem (as it would compromise the https status, some items would show as insecure to viewers). Can't say I encounter that anymore as mostly we are just sourcing links with HTTPS as standard, like fonts and scripts.

Google say ... that while only 10% of the crawled and discovered URLs on the web are HTTPS URLs, that 30% of the first page search results contain at least one or more HTTPS URLs. So if you are looking at all the queries done on Google, 30% of the first page of the Google search results for each of those queries have at least one HTTPS URL listed in the results.

That still seems a small result, and in line with the 'ranking signal' being very low right now. Some of those HTTPS URL listed in results would be there because of other factors (as well) like good SEO and just plain popular.

Nevertheless, I'd like to hear what BC officially think. Then we can get on with things and leave them to sort it out one way or another.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 13 Oct 2014 13:45:11 GMT

If people changing over scripts, external sources, etc so they don't have issues on their site is the main concern for a change like this I could see a potential solution. This is assuming that BC has already redeveloped the system to handle unique SSL.

One potential way to approach something like that would be to allow any sites that have already been built to continue to use the worldsecuresystems shared SSL. Any new sites could use this or purchase a unique SSL at an additional cost. Older sites could also be upgraded to a unique SSL but only after they are informed of the potential issues by doing so. This is all assuming that Adobe wants to even go this direction in the future. Just my two cents.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 13 Oct 2014 09:50:28 GMT

They would say the same as myself Simon, so what I have put down I would consider what they would say.

Question is will this become an important search preference? The way google has worded it is no dates and a very clear "maybe in the future". And on the google discussions people have very clearly voiced their issues on it. Very much considering the current SSL and HTTPS is not secure, in fact a lot of recent hacks etc have been through these protocols in fact. In many ways it is a comfort thing, and does not mean you can not encrypt your data. And there has been a push for a better https protocol anyway. There are lots of factors here and just rushing in on this when it is not that important and drop other things like actually fixing up the eCommerce would actually be a very bad idea.

No one is saying wait and see as such Simon, it is more that - It would be good to have the offering but it is something Bc should not just spend the time and money and jump on right away. You do not see the whole web to rush to make this change do you? Because the same decisions and reasons apply.

Even if you do have a certificate, it does not instantly mean you switch everything to https for you site as there a lot of considerations. If people use iframes then there are big changes and limitations. You can not just call external scripts or plugins just like you would etc.

Which leads me to re-iterate that on our end/ client end people not actually properly thinking through all such changes. The way you call scripts, the fact in some cases because such services DO NOT have a https protocol you can call on will mean you CANT use them any more for example. People will very likely go off an moan at BC but its not their issue. I can form a big list of things (only mentioned a handful on this thread) that would impact on how you build a site. You just can not carry on as the norm. Take with BC apps when they forced https on them -There was a number of changes you had to make because it killed them in many aspects.

Again I want to just reiterate BC should not offer this, At some point it would be good and if they sold them and setup a wholesaler for SSL certificates they may make a bit of money from it. But people need to think things through and I think people often do not. I am just trying to be the voice of reason, people need to understand BC and other companies for that matter can not just jump to it.

There are lots of BIG sites on BC as well making massive turn overs and this is NOT an issue with the worldsecuresystems, so trying to through excuses like this are not valid, Again its not as smooth as same domain - true, but its not like "OUR clients are loosing money! IT is because of this". I think even here I have said a few things on why some people wont be doing well with UX etc.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 13 Oct 2014 07:40:45 GMT

Gosh I've just been reading through all these comments. Lots of good comments. Clearly genuine concern.

What is missing here is any constructive feedback from BC Staff on the Google HTTPS initiative.

The very real and practical problem we face is do we recommend and commit our new commerce clients to BC when they will expect us to enable private SSL certificates when this becomes an important search preference? It's just not practical to say we will 'wait and see', in fact it would irresponsible for us to gamble on something that could end up costing us or our clients a lot of money to move to another CMS and commerce system if BC did nothing or was just too slow out the gate for our clients on this. Very frustrating as BC is so good in most other ways.

Look forward to seeing some official BC input on this discussion concerning Google. The longer the silence is, the more speculation there is that either BC don't have a solution or even a plan in mind.

I'm hoping BC will respond to its partners. Thanks.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Fri, 10 Oct 2014 03:35:52 GMT

I think your comments here are the key for you Stuart.

You do not know what BC has worked on and rolling out.

Liquid in a sense can be called new feature but they re-wrote the rendering engine of the platform.

To be able to do the stuff people want, be able to put things like liquid and the new modules etc announced and make things more flexible they had to do this. They also need to work on the stability of the platform, the code is quite old.

Yep they need to work on the core functionality as well, but the handful of people here vs a lot of people wanting other things... This is lower down the list and you need to accept that.

In terms of your last comments, I get people who say I help them a lot and would not agree with you at all. You take as you take it. That is the key there. I do not agree with your thoughts here on SSL being A MUST! etc so you have a negative opinion of me. That is fine.

And the fact you do not think I am open minded really shows a lot of this, because if you actually looked at all the things I have done in terms of BC, the things I have complained about and more, that could not be further from the truth.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Thu, 09 Oct 2014 03:45:23 GMT

Big changes? So v3 for admin was a big change, the stuff they are doing now for the next version are big changes... So the SSL stuff is doable, IMHO they need to improve what they currently have instead of adding new features. Allowing for private SSL certs. will make life a lot easier for us all.

No doubt you get thanked a lot Liam, however in nearly all the posts I read over the years, I do see you being narky in your responses to people, it doesn't appear to be open minded it appears to be very much the opposite.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Thu, 09 Oct 2014 03:31:28 GMT

I think I am being the most realistic and opened minded here. I have used just about every CMS solution out there.

People who do not get in there way always produce the same sorts of comments.

Firstly, I have said many times here that having a dedicated SSL option is a good idea. People so far are not grasping the big changes not only for BC but for them as well, and the cost.

Bit surprised as well with your comments about me, but also not so much because I am not agreeing with you. I get thanked nearly every day on here. I use lots of my free time helping the community, just finished presenting at Adobe Max showing cool stuff for partners. Pretty has Brass Tacks that teaches people about new stuff coming to BC that I and Brett do.

I am always talking to BC, working with them, pestering them for updates, new things, changes... I test heaps for them, provide heaps of feedback to make BC better for everyone.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Wed, 08 Oct 2014 23:20:33 GMT

Hi Liam,

Now if BC continue to do the shared https over allowing people use a custom one (seriously, BC could sell the certificates and make a killing if they want to), I believe this will harm more websites than do good. I've always hated the way BC used a shared SSL cert. I'm yet to find anyone that has convinced me that its better than having their own installed etc. I know of client complaints because of the way BC does their shared SSL, as I write this we are involved in yet another issue caused by this.

Liam, have you ever dealt with building outside of the BC ecosystem? Because it seems like your very close minded and in every forum post you have on these forums it seems that it's your answer or nothing when dealing with people (this thread is a classic example of your arrogance towards other BC users).

Also have you ever used CDNs like maxCDN? Yes they have a shared SSL but also give the ability to install private SSLs, if they can do it why can't BC?

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Thu, 21 Aug 2014 22:33:15 GMT

No Change because you can read in detail what google said. Less then 1% ranking factor, very small and not a core aspect of the ranking yet. May be increased in future but its just a status of intention from google, not an immediate change.
As such no change - You can read the other forum posts for more details.

Are you ready to make the changes you need to do if BC did? Likely not.

If you have a site with BC comments, social media comments, social likes, good SEO ranking now. You will LOOSE all of this! So if you made the switch You will initially drop in your search ranking. It will actually cause lots of issues to sort both by BC and yourself.

BC would not only have to change the whole system but have 301 redirects created, you would need to do work to update the site as well and YOU WILL loose ranking as a result of all this.

So for sites you do this on, you will actually loose out on google ranking to start with, clients will not be best happy seeing themselves drop.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Thu, 21 Aug 2014 14:55:56 GMT

Today you could read, that Google plans https as ranking factor. And now?

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Tue, 12 Aug 2014 22:38:51 GMT

This announcement is an excuse for the small amount of people complaining about it right now. Sorry if you feel that is aimed at yourself BUT...

When you consider the amount of people developing on BC globally and the client base each has... The number of people complaining about worldsecuresystems vs https:// Is actually low.

Again... This is not to say it would be nice to have, I am not saying I would not want it (I would!) but basically what points to just complaining is not constructive and wont lead to a change any time soon.

It would require a big update and change to the system - This is fact. With that and the low amount of request for it over the requests and what BC are working on, this will not be something that will jump the queue.

Now, Google have said this will start to effect ranking. Their announcement is more of an intention to do this to try and force the web to go all out HTTPS. As a note, and you can google this... https and ssl is NOT instant security, very often it is more of a warm blanket for people and things like heartbleed shows it is instant security! (Important to note this!)

BUT with this intention it does mean BC will need to put this work on their radar, now, with what they are working on right now with BC.Next, when they have said they hope to finish, the things they have said and things that need to be done right after (like some pretty big bugs and medium bugs that need sorting ASAP! for things to actually work) - You can bet this will not happen any time this year.

Will they loose a lot of people in terms of this feature (it is not a bug) ? - No.

So Yep, they will need to introduce an option to not use worldsecuresystems and attach an SSL and early or mid next year when google likely actually starts making this a higher ranking importance - YEP. But this year - Not very likely.

So it is important to understand these and threatening to jump ship etc... You wont see BC change on this.

I am on the partner advisory board so I know what they outline but BC still need to give some solid comments on this topic, but you can bet that it will be along the lines of the above.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Tue, 12 Aug 2014 12:44:18 GMT

Like Liam said this is more of a perceived issue right now than a real problem. Where it could become an issue is if you have a potential client that is deciding between different platforms and a competitor uses the "Look what Google is doing and BC can't do it so your SEO will suffer" line to influence their decision making. That is where it would be nice to have something from Adobe stating they are aware and will be adding it to the roadmap so that when it is truly needed it will be available.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Tue, 12 Aug 2014 12:18:22 GMT

Can we be more productive here rather than arguing about "how much you are losing from no SSL" ?

It's probably good idea that some person from Adobe turns up and say whether it's going to happen or not. We used to have wish-list and we, partners could have clue on what is happening and what is not.

Seriously, apart from this issue, BC lacks a lot of common sense functionality and now it feels like we're swimming in the dark water.

Back to the SSL discussion, I agree that it's not taking huge portion on SEO side yet but what if the portion gets bigger ? Maybe 2 years later when the portion is much bigger (say 20%) will you still be saying "it's not a big deal yet so relax people" ? Yes it's not a big deal yet but when people want to become a paid partner or want to build a website in a long run this is probably one of the bolded checklist item (not for now but for future). We need answer, not advocacy.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Tue, 12 Aug 2014 11:55:33 GMT

Simon Did you read my quote directly from google?

They have further commented on knowing the transition time in several articles on the web. This is not "GO https or you wont rank", Far far from it. This is more of an intention. BC is already busy with a schedule they have outline this year that they need to complete, so I doubt you will see any movement on this. They have yet to comment but if that is your thinking and it is a big issue for you, then you should look to move off BC sooner then later if you feel this is important for you.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Tue, 12 Aug 2014 11:12:23 GMT

With the new edict from google re SSL, Business Catalyst needs to get on board ASAP, or we will have to move our site

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Sun, 10 Aug 2014 18:14:57 GMT

I wished that I knew the limitations of BC before I signed up.

I know the issues may seem minor, but the more I want to do, the more limitations I find. (e.g. not being able to reply to a blog comment!)

No SSL is a big problem for me. Even penalised by 1% by Google can make a massive difference in a competitive keyword market.

Liam, I know you do not work for BC, so maybe someone from BC should answer some of their customers concerns?

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Sat, 09 Aug 2014 14:06:42 GMT

Direct quote from google:

"For now it's only a very lightweight signal - affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content - while we give webmasters time to switch to HTTPS," Google's Zineb Ait Bahajji and Gary Illyes said in the blog post.

"But over time, we may decide to strengthen it, because we'd like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."

So how effective is it right now? Not much at all so its like another browny point to your SEO but its not going to make a massive difference right now.

This is the clarification we needed.

So there is no panic and no need to jump on it asap.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Fri, 08 Aug 2014 22:27:07 GMT

Just saw this today from the official Google Webmaster Blog and thought of your post. HTTPS as a Ranking Signal. Seems they may be accelerating the previously mentioned treatment of HTTPS.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Fri, 08 Aug 2014 18:32:44 GMT

Do bank and credit union websites "require" a SSL certificate? The answer is no. The issue comes when the bank/credit union customer, and we have found this to be the case in multiple focus groups, does not discern between what is the "online banking" part of the site which is required to to be under SSL (as well as a bunch of other security standards) and the front facing informational website. This is where the issue arises with BC. Since there is no way for BC currently to let you use https://myawesomebank.com many, not all, banks/credit unions will choose not to use use BC due to the perception by their users that it is not secure since they don't see a fancy lock in the address bar.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Thu, 07 Aug 2014 19:03:02 GMT

I just caught the article from Search Engine Land (Google Starts Giving A Ranking Boost To Secure HTTPS/SSL Sites) stating that Google is going to be providing some "small ranking benefits" to sites that are using https SSL URLs. While I'm fully aware that BC offers the sub-domain "worldsecuresystems.com" option for https, I don't think that anyone would want to have their www.domain.com website always resolve as https://domain.worldsecuresystems.com across the board due to branding concerns. The way the service works now, it's much better suited for a site that is going to offer some areas of the site that will need to be https (secure) but not when the entire website needs to be protected.

I too do a lot of work in the banking space (I was a banker for 15 years) and we only have used the "worldsecuresystems.com" option if/when we are collecting user names for the bank's online banking service on a separate /login page or a form where we are allowing the entry of sensitive information (and then we modify the workflow notification process to ensure that data is not being sent via email). We do not implement the https option site-wide. I'd be interested in anyone out there who is using the "worldsecuresystems.com" option for the default domain name - as that's likely not practical and breaks the brand of the company.

I understand that implementing the https for site-wide use so that we can have https://www.domain.com will take a bit of creativity (and work) at Adobe. However, this is one more reason to give this consideration when sites like Google are starting to give preferential SEO treatment. Does this mean that a WordPress developed site that is able to be https site-wide now has some ranking advantages over a site built on BC? I've said this before, but I would even be willing to pay a premium for this feature if Adobe felt that was necessary. I think our clients wouldn't argue with the additional cost, given they are getting an extra layer of security and protection for their visitors in the process. Hopefully there is some sort of a business model here that can be developed to make this work for everyone.

Thanks,

Eric

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 28 Jul 2014 22:21:31 GMT

Ask around about Pretty or Fuel Design, both companies I have worked for and they have high praise from both clients and other BC partners with great hard working teams from top to bottom. I could get Brett to comment here who is the longest standing BC partner and through all that time and complaints, he would say the worldsecuresystems from clients would not be one of the top ones.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 28 Jul 2014 14:53:18 GMT

Well it can be a "case" but it cannot be a source to support that ZebraGraphic's statement is not true. You may have one or two of the "happy financial cleints" but that doesn't mean every customer's satisfied. I'm just saying ... Over last few years working on BC I've had same enquiries too. Some clients complained about why the URL changes when they view shopping cart. I don't think it's got anything to do with the "design" though

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 28 Jul 2014 13:21:13 GMT

You said design has no relevance, so it does. And as I said before I have done financial institute sites and they are happy.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 28 Jul 2014 12:36:46 GMT

Just because you can prove that you have sites that are "exceeding thousands of dollars a week" is again, not relevant to the point of this conversation. Not everyone site that uses a shared SSL is interested in selling something. Our last two clients happen to be financial institutions. They do not want to sell anything. It's not about how much money they can make from the site. It's about the information that they want to be shared or information that want to protect. When THEIR clients were making daily calls to them saying that they are getting a message that says the SSL may not be secure and asks them if they want to continue, it raises red flags to them AND it affects the amount of time the bank's phones are lit up with support phone calls. That had NOTHING to do with the design and EVERYTHING to do with the shared SSL.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 28 Jul 2014 12:27:33 GMT

When there are lots of us proving this different as mentioned before and with sites exceeding thousands of dollars a week with good design and implementation, this is not true.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 28 Jul 2014 11:28:51 GMT

You can build your web site perfectly but NOTHING will change the fact the domain name CHANGES when it uses the shared SSL. The viewer then has the perception that it may not be safe because they are NOT familiar with the worldsecuressytems.com domain name. They expect to remain on the site they navigated to and are possibly purchasing something from. Your statement about design is completely irrelevant when it comes to the web site visitor's perception.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 28 Jul 2014 00:26:04 GMT

SSL: No workaround, you must use the https://site-name.worldsecuresystems.com.

You must have something wrong if you are seeing a security error to allow an exception on the site. Ensure you are using https:// and not http:// otherwise you will see that error. I run several eCommerce sites on BC and none throw that error.

About SEO:

SEO takes time and if you just launched the site you may not see any returns just yet. I have sites on BC that have great SEO. Many factors with SEO and BC has little effect on the SEO of my sites.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 28 Jul 2014 00:09:36 GMT

Hello All, yes-just finished a website for a client who is running for Board of Trustees at the local school district. He is going to need a cart set up for donations: the SSL certificate is a big thing: as I have liked a couple comments in this thread, I would like to know the workaround if there is one? If I a viewer of my clients website has to allow an exception because the security certificate is not recognized because of Business Catalysts set-up: Why would I encourage a client to use Business Catalyst? makes NO sense. Basically, ADOBE-when you fix this let me know, until then My business partner and I will steer people away from hosting on business catalyst. also, I built my SEO into this website and I am not getting any returns in search engines yet.... even using the domain name-does business catalyst effect Google or Bing search engines also? or am I missing something?

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 14 Jul 2014 17:11:06 GMT

I am not here to call you out on being wrong on the SSL stuff, but Zebra is correct about that the banks are supposed to have notification popups when you go to a url that is not the bank's url. We have personally had to implement this for a bank we built. They are required to have them for some reason. I do not have the documentation to link to on this, but just confirming this is also what we had to do.

I personally would love to have custom https domain names, and hope that Adobe implements them sometime in the future.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Tue, 17 Jun 2014 11:38:28 GMT

Hi there,

Firstly, I think you seem to think I am someone on the BC team, I am not, I am a BC partner and defiantly not on the defensive, I am not sure what your referring to there.

In terms of Business Catalyst - the system has a full level once compliance and has also been audited so it very much conforms to this, Anyone that tells you it is incorrect and on request (you can make a ticket) there is documentation I think BC is sending people who do to show this.

With regard to a financial institution site, I have done about 15 minutes of such site requirements, I can see a lot of things that are needed but BC can do a lot of them, I could not find anything that states that on site leave you need the notification and one that states it has to be one single domain. Could you link to such information at all? Would be good to read up on that if that is the case.

With the site on BC, what was the user interface between transition like, what was said, what was indicated, what elements on the page had information about the security of the site or a read more etc? Did you have any of that? If not, then of course this will, on any site lead to questions by some.

And 301 redirects can be set up, Not knowing what you did as mentioned before, the little details are important but I think I could implement a solution and as mentioned have done similar with no issues in this area.

Your tone has been one of anger and that this is a 100% must change for everyone and first thing BC should do ASAP, I am simply pointing out that is not the case, and the manner of posting thats not constructive wont change that and I am only pointing out that for me, I feel if I was doing that project there are steps I know I can take that would have pretty much eliminated all your issues if not all of them.

You can disagree with me and I am entitled to my opinion on that but I feel with my knowledge of the system and the requirements for similar sites I have done in the past - Not ran into these issues but as I said its not an ideal and there are negatives to everything, such as how BC use the shared certificate system but it also has a lot of positives.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Mon, 16 Jun 2014 20:04:53 GMT

It AMAZES me how you are still not "listening" to what your clients are saying or at least to what I said above. Now I get a vague response and you have become defensive? There was NO scoping and planning missed on setting up the site. The financial institution we were building the site for had a PCI compliance officer, a security officer and multiple audits. Banking procedures in the US REQUIRE "speedbump" links. For example - if a visitor leaves the site, they are prompted/warned that they are leaving the site and that the bank is not responsible for the content on the other sites. Relative to that, people also are fully aware that they are at a web site with a specific domain name. On the FIRST day that the site went live they had a barrage of phone calls and customers said that they noticed it was no longer that bank's URL and wanted to know if it was safe to go to the worldsecuresystems.com URL. On top of that, their previous site had been indexed in search engines with the secure URL. Explain to me what could have been planned better. It sounds like you are grasping for a valid argument. Of course I can blame the platform for the that. In fact, it is the ONLY platform that has EVER caused this problem and days of work in the 18 years I have been designing/developing web sites.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Thu, 05 Jun 2014 03:24:50 GMT

With any site, especially with an existing site, observing and noting how that works and how to replicate things you need to, fix and improve on others, simplify...... all this and more is the sort things you would undertake.

The pages to take payments etc where it matters are easily setup in BC to be secure and you could have avoided all those issues. I have done several finical based businesses into BC and they are all happy.

From what you said there, there was just some very important scoping and planning missed in regard to the existing site and how it works. You can not blame the platform for that.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Wed, 04 Jun 2014 20:08:58 GMT

Of course it has to do with customer experience and that is the entire point. Let me give you an example here... My client (a financial institution) began hosting their site with us but one day after it went live, they received a flood of phone calls. The site was previously hosted elsewhere and the entire site (because it was a financial institution) was secured with their own SSL. Since the whole site was secure, it was obviously indexed in search engines with the secure URL. Imagine the USER EXPERIENCE when they did a search for the web site and clicked on the link. (Yes, people actually do a search instead of typing in the actual URL - we can't control that). Then they call the bank in a panic because their browser warns them that the site may not be secure. THAT is the user experience! I don't think your reference to "tripling their sales" could be accurate or if it is it could be because they had a horrible web site and now ordering is easier. It would not have anything to do with changing it to a shared SSL. I think you continue to miss the point.

Because this bank had issues and their clients had issues with the SSL warning, we had to move the whole site away from Business Catalyst and so far it has cost us 4 days so far!

You keep referring back to the fact the site is secure and that you have to build a good user experience. You and Adobe don't matter. Do you not understand that? The CUSTOMER matters. Their perception is what matters. Sure, we have some happy customers on BC but it's because of their lack of knowledge.

The bottom line is that we will never be able to put a financial institution on BC again, at least not the ones who have the same bank examiners.

If I had the time I would move all of our customers to a different hosting solution. Even the ones that did not require an SSL.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Tue, 03 Dec 2013 01:09:06 GMT

My problem is that Outlook 2013 first looks at https://www.mydomain.com<http://www.domain.com> for the autodiscover to find my mail server which is not hosted by BC. When it gets there it throws up a red flag saying the domain and the certificate do not match.

Very annoying to my users… and there does not seem to be a way around this.

Craig Reilly | Director, Software Development |

American Audio Visual Center<http://www.americanavc.com/>

office 480-596-9880 fax 480-596-0942 mobile 480-206-5575

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Tue, 03 Dec 2013 00:33:37 GMT

Min,

Your reading a lot that is not there, it is quite a suprise, looking at what I have said and for you to say I am making assumptions and telling people they are not building their website properly. I have not even come close to covering that sort of concept. That is a very odd thing to say here when that has not even come up in the conversation, you are the only one that has raised that here.

Your situation is very bespoke and often will need a custom build sollution, yep I can see why you would need that but BC may not be the right fit in that case then. I have also stated while it is a nice to have it does not appeal to the mass requirements of users. Fixing a few things on how BC handles this between domains etc are defiantly needed and will positivily effect most of BC developers but like I said, you can not just request BC to change its implementation like people have asked here. It would be a complete uturn on a core feauture, be costly and be a very big change and a lot of people would have to change their sites and API.

BC wont do that for those reasons. They may extend and offer a higher plan that has this ability in the future maybe, but people need to accpet that this has never been something on any roadmap by the BC team and wil likely be something that even if it happened you wont see close to any time soon.

And you finish with the "Yes" , "No" comment, again, looking at the thread over again, in no way what you state is what is going on in this thread, what are you reading? Confused. Be it me or anyone else, please do not just attack a person because you need a feature you want and they outline it is either not an ability of BC or would be a feature of BC.

Not that persons fault.

I have only stated the actual fact of things and outline the realistic nature of requests and what they would mean and what I know of what BC has said and doing.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Tue, 03 Dec 2013 00:15:32 GMT

Liam, I can see your point but all I (and we) ask is that "Can we have our own SSL options? or will it be available at some stage ?”

I'm sorry but I have to be honest that series of your answers were bit ignorant and annoying. you are making assumption and a lot of us aren’t building the website properly and that causes the concerns about the SSL ? Well, you may be right and you may be wrong. Anyway, it is true that while shared SSL greatly reduces cost for everyone it also makes eCommerce websites look less professional. We had a client worked with external conversion managing agency that requested us to use matching domain for SSL, then we said “No we can’t.” Sometime this can be quite frustrating and makes us look less professional.

Of course it won’t be a “quick update” thing and it’s not something to be FIXED but this question has been going for a while so it’d be nice to be ADDED at some point. Maybe you should give us more productive feedback like “YES” or “NO” rather than ignoring our enquiries and depending on shared SSL.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Wed, 06 Nov 2013 22:23:50 GMT

This is not a bug to be fixed. Its a core feature of the system and the platforms core concept of being afordable all in one sollution.

It would mean a massive overhall of the system and changing one of the core principles of the platform for what would be a small percentage of the people who would want it.

You saying it is like a phone that cant make calls is a bit off. Can you make a website and take secure payments? Yep. Does it save you overall cost in that year with that built in or your client? Yep.

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Wed, 06 Nov 2013 21:57:04 GMT

why would this NOT be the first thing that gets fixed? I would be ok even if I would have to get the SSL from Adobe itself - but changing the domain name just to get HTTPS...hmm...

Most of the recent updates deal with stuff that none of the Partners really use or Plain Users can use effectively.

BC is becoming sort of like a Phone that is full of features, but cant make a phone call - IE, none of the Core features are being fixed(CRM, SSL, Email delivery, SEO(finally got an update only recently)).

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Wed, 11 Sep 2013 14:05:26 GMT

But this shared cert is also screwing up autodiscover in outlook 2013.

It's more a Microsoft issue maybe...

Craig Reilly

Sent from my iPhone

Re: Can I install my own SSL certificate for my domain?

forums_noreply@adobe.com — Sat, 20 Jul 2013 01:38:16 GMT

BC is my web host. But the email is internal

Outlook 2013 looks at www for auto discover.

Then fails.

Then goes to domain without www and fails

Then goes to autodiscover.

I know BC is not exchange server but their certificate practices gum up outlook 2013 implementation.

Craig Reilly

Sent from my iPhone