Do You Need Your Own SSL Certificate?

The following information applies to users that:
1. ask for credit card information on their reservation page, and
2. want to emebed their reservation page in their website.

An issue arrises when users want to embed a ReservationKey reservation page that asks for guest’s credit card information into their website using iframes, but they don’t have their own SSL security certificate.  Whenever the reservation page includes credit card fields ReservationKey automatically uses https  instead of http.  But when the link to the iframe is buried in a larger page, the fact that the iframe content is secure is not obvious to the guest making the reservation.

Because the iframe is secured, you don’t have to get your own SSL certificate, but your guests might not feel quite as comfortable entering their credit card numbers into a site that appears to not be secure. 

When you see a site with https that means it is using a secure SSL certificate.  When all the content on the page is secured (no links to content using http) many browsers will show a green padlock in the browser address bar.

 Sometimes a https page will pull content from sources using http and the user will get a warning that not all the content on the page is secure, and then browser will show a broken padlock.

The above example shows that even though the page is on our server, not all the content is secure.  This is because we have linked to some images that are hosted on our user’s website and are not located on our server.  If this user wants us to host their page then we will copy all images that are linked to from their reservation page and put them on our server.  This way, there is not a problem with some content being located on a http server. 

For users that want the system to be embedded in their own website the solution is to obtain their own SSL certificate.  That is a matter of talking to the hosting company and purchasing a SSL certificate, which range in price from $10 to $60+ per year, depending on where you purchase the certificate.  Once the certificate is purchased and properly setup on your server, you can then use the https://www.yourdomain.com version of your website.  

If you want your reservation page to be embedded in your website, but don’t want to get your own SSL certificate, we can host the page on our server, using our SSL certificate.  The drawbacks are that users will know they have been redirected away from your site for the reservation system, and, if you want to change the page that the reservation system is embedded into, you will have to contact ReservationKey in order to have those changes made.


Leave a Comment