I have a payment page I would like to use SSL. I have the certificate installed... now what? Can I just refer the the page using https? When I do that I get the following error: SSL received a record that exceeded the maximum permissible length.
+2
A:
Your specific error means that something isn't set up correctly on your web server. For example, if you're using Apache, have you installed mod_ssl? (Configuring an SSL host on Apache without mod_ssl installed generates the poster's error.)
Some further suggestions for setting up your secure payment page:
1) Add sw so that if some loads http://secure.foo.com/yourSecurePage, they will be redirected to https://yourSecurePage.foo.com. How to accomplish this best depends on your web stack.
Make all of the pages in the payment process secure. This helps increase the customer's confidence.
2) Remember that all included images and files in your secure page must be loaded using https or users will see warnings about "insecure" contents on the page. Either use relative links or use links in the form /another_dir/image.foo or //asset_server.foo.com/images/foo.jpg. Do NOT use http://asset_server.foo.com/... (Of course any other server also needs to support SSL for this to work.)
3) If you're collecting credit card info on your secure payment page then you should add information about how either:
a) Your web site has been certified to be in compliance with the credit card industry's PCI Data Security Standard
OR
b) The collected credit card information is never stored on your server, it is only sent to your bank.
You can have these sorts of details spelled out on another page, but you may well want to have a link such as "We're secure" or "Your information is safe" on the payment page itself. Depending on your audience, they can be quite gun-shy about submitting credit card information to a website.
4) Use Google Analytics (free) or another tool that will enable you to accurately determine the number of "abandoned carts" -- that's the number of people who started to order your product/service but then didn't complete the payment process--abandoning their shopping cart instead of purchasing it. This is a key metric for your site.
Remember that you can use Ajax to store the data the person is entering as soon as they type it into a field--you don't have to wait for a Submit button. This technique can give you additional information to understand at what point people are abandoning their carts.
The payments page and other final parts of the buying process are great places to give the potential customer a phone number to your sales people, opportunity to live chat, etc.
Happy selling,
Larry
Larry K
2009-05-18 04:55:29
+1
A:
SSL received a record that exceeded the maximum permissible length.
I got that error while running apache because I had incorrectly defined my virtualhosts. My error was that I had used a * as the IP address when defining virtualhosts for *:80 and *:443. Try instead using your servers IP. XXX.XXX.XXX.XXX:80 and XXX.XXX.XXX.XXX:443 as the NameVirtualHosts