/    Sign up×
Community /Pin to ProfileBookmark

https – Mixing cerificates and iframes.

Copy linkTweet thisAlerts:
May 12.2008

Hi all,

My company is developing a payment system which runs its pages from https. The plan is that our customers (who are online retailers) will be able to utilize the payment system from within their own sites inside an iframe.

Now Ive checked and it seems fine to have the payments pages served as an iframe running https, with the outside (retailers) page running http.

However, we would like to set it up such that the retailer could also serve their end of the payment pages (i.e. the pages that contain the iframe) as https also.

My question is: Is having the retailers page as https, with https payment screens inside an iframe (running a separate certificate), going to mess up the security or cause security warnings to appear from the browsers of people using the sites?

Thanks,
-Mark-

to post a comment
Full-stack Developer

2 Comments(s)

Copy linkTweet thisAlerts:
@ryanbutlerMay 14.2008 — I don't see if messing up security unless the certificates are from a different authority or if the security procedures on your end aren't the same as the payment processing end. Browsers might not like it though, and there might be some data conversion issues, though I'm terribly sure. Probably wouldn't be a bad idea to test this if you can before deployment.
Copy linkTweet thisAlerts:
@mengleyauthorMay 14.2008 — Thanks for the reply Ryan you seem to be correct.

I tested using a locally generated and authed cert on a page which had an element off an externally certified page (on a different domain). This didnt give any errors (apart from about the duff local cert) and furthermore showed as being secure, whereas pages I tried with a mix of secure (main page) and unsecure (elements) gave security warnings.

As a side note, pages which were unsecure (main page) with secure elements, showed as being completely unsecured, but equally gave no warnings or errors.
×

Success!

Help @mengley spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.2,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,
)...