Https

I've never understood the difference so I was hoping you folks could give me some advice. For starters Im in search of a shopping cart in either ASP or .Net that is compatible with Authorize.net's services. This client already has a merchant account setup with them so it needs to work with it. So the question is two fold...

First off, is HTTPS something that only the server supplies or is their special programming that has to be designed to work as secure https?

Secondly, have any of you used/bought a prebuilt shopping cart package that was compatible with Authorize.net? And if so, do you have any comments about it bad or good?

Ive never dealt with https stuff so Im probably in over my head. But this is how we all learn, force yourself to do something you've never done before! Any advice would be appreciated! Thanks.

Authorize.net is only an electronic payment gateway that connects you to a transaction processor (First Data, Nova, etc). A merchant account is separate - just to let you know. How Does a Credit Card Transaction Get Processed might help you some on that.

As far as carts, there is Comersus, a cart by Metalinks, CandyPress, and aspdotnetstore (.NET) that come to mind.

You will need a dedicated IP address for the SSL cert - Comodo is the one we use.

And then basically all you do is make sure that if you use any absolute paths on your website that you change those to https if you are calling it in a secure fashion. How encryption works might help you out.

Thanks for all the info, thats what I needed to hear. I think Im going to go with candypress because its so widely used. If I run into trouble I should be able to get help from other folks out there.

Im currently hosted on crystal tech, they dont support aspdotnetstore. But it looks like its a nice hefty fee to get a SSL certificate setup with crystal tech. Its $80/yr roughly or $180 for 3 years paid up front. Its amazing how all these fees of online processing keep adding up. Its hard to make money unless you make thousands of sales every month!

$80 is about the standard price. If you can generate your own SSL cert, you can sometimes get Comodo for about $60 or so.

You might check out TechEvolution as well. They support ASP and .NET. And I think you can generate your own CSR from them.

I dont know if this is true or not but someone said they've seen websites that dont actually use the SSL certificates and they had their cart jump straight to Authorize.net's form on their secure page. That would mean your certificate is no longer needed because you are making a direct transaction within Auth.net, does that sound right? It does in my head BUT my head has a few loose nutts and bolts.

That is correct. That is using the Authorize.net SIM (Simple integration method). Linkpoint calls it LinkPoint Basic / Connect / HTML and Payflow calls it Payflow Link. Most merchants don't use this method because it breaks the consistency of the checkout process.