SSL

1. Can a purchased commercial SSL certificate be used rather than OpenSSL?
2. If so, how?

Thanks

OpenSSL is an API library for PHP. It's not a SSL certificate. You only need an SSL certificate for CBSubs if you intend to accept on-site payments. If you're using PayPal you do not need an SSL certificate. Contact your web host regarding obtaining an SSL certificate as it's almost always handled entirely through them.

Okay. I understand about the API and a certificate authority. It's just that, much further into the "User Manual," there is a lengthy discussion about installing OpenSSL on Windows XP (!) and using the newly installed API library to generate private keys and certificates.

(No, I wouldn't do that with Windows XP. I won't do that with Windows 7.)

By the way, I thought I placed this query in the CSubs GPL forum, but I found it here in Professional Member Support. Must've been sleepwalking when I submitted this and the other ones about gateway radio buttons and ACL Overrides.

Cheers.

Okay. I understand about the API and a certificate authority. It's just that, much further into the "User Manual," there is a lengthy discussion about installing OpenSSL on Windows XP (!) and using the newly installed API library to generate private keys and certificates.

Those instructions are purely for generating a PayPal certificate, which is not required unless you intend to use SSL with PayPal.

By the way, I thought I placed this query in the CSubs GPL forum, but I found it here in Professional Member Support. Must've been sleepwalking when I submitted this and the other ones about gateway radio buttons and ACL Overrides.

Your post was moved to the highest priority support available to you. As Professional support has priority over CB Paid Subscriptions support you should always post here.

Yes, we will use the Commodo SSL certificate to protect data transferred from our site to PayPal. OpenSSL has significant vulnerabilities, of course:
www.openssl.org/news/vulnerabilities.html

DHWhite0324 wrote: Yes, we will use the Commodo SSL certificate to protect data transferred from our site to PayPal. OpenSSL has significant vulnerabilities, of course:
www.openssl.org/news/vulnerabilities.html

Yes, if you have an old, unmaintained version. But if you are on a maintained host using a security-maintained Linux distribution, then you shouldn't have any known severe vulnerabilities. That is true with every software. Just that some projects are more open about it than others. The list for Windows, Office, osX, Android, and many other software is much bigger, just not always public. OpenSSL is The gold standard for SSL encryption, and used by most Internet servers worldwide.

You can safely ignore the chapter on OpenSSL for Paypal standard in the CBSubs manual, unless you want to completely make secret and user-tamper-proof your paypal form. But even without that, CBSubs will detect tampering in the form by the paying user, and reject the payment it the server-to-server check with Paypal doesn't match the bought item.

Paypal standard does not make any sensitive financial information transit through your website, by design.