SSL

Here is a little tutorial: https://medium.com/laravel-4/forge-ssl-66b4252db7d8 You will have to buy your certificate for a production server.

Thanks for the tutorial, It costs £200?

It depend on what you need. It starts at $9/year, I like namecheap: https://www.namecheap.com/security/ssl-certificates/single-domain.aspx

The only thing I can't talk to is the Stripe part of your question.

In regard to Laravel, my experience is that you should use either Nginx or Apache (it's the latter over at Fortrabbit) to redirect all traffic to https. Google that - it's everywhere.

In regard to Fortrabbit, you'll need to pony up a little extra per month to host your SSL cert. I think it is either 10 or 20 ... what is it ... Euro? ... a month. The cert will cost you almost no matter what - budget 100 - 300 USD.

a @rem told you a ssl certificate usually it costs 34€(min.) depending what you need and transactions type, if you want for a domain and subdomains or only the domain... for example see in gandi https://www.gandi.net/ssl

The gandi one looks good, does wildcard mean wildcard subdomains?

So do I need to use SSL with Stripe's embedded form?

You should. Anytime someone enters a CC on a page it should be on SSL regardless of how you handle it.

Stripe will send the CC info over SSL to their server and return back a token. That way the CC never touches your server but you can still bill them.

However, your users don't know and don't care about that. If I were on a page asking for a credit card that wasn't run over SSL I would leave and not come back.

I'll probably just leave the payment side of this app, it all sounds a bit scary. Thanks for the information though.

@jackthedeveloper, there is really nothing to be scared of, look at the videos here at laracast explaining how to set up Stripe. The only thing to keep in mind is that the users credit card data must never reach your server. To do so, you must NOT include a "name" attribute on your fields. To avoid all mistakes, you can also use the embeddable stripe form, look here: https://stripe.com/docs/tutorials/checkout

Good luck!

I'm alright at implementing stripe securely, it's the SSL side of things that I'm scared of.

You can't go wrong either. If your bar displays the green icon, then you are doing it good. Otherwise it's wrong. That said, sometimes chrome says green, and firefox says red, so you'll have to test with multiple browsers, or with an online checker.

Ok so I just purchase an SSL certificate and then add it to my host, then I'm all good?

That a bit simplified, but it's more or less that simple yes. Why don't you try to begin with a self signed certificate ? You won't ever get the green bar but you will be able to test if your config is correct.

Ok, is there any tutorials on self signing and SSL config in general?

nginx or apache ?

I'm using homestead, I think it's nginx

Then it is even simpler! https://medium.com/laravel-4/forge-ssl-66b4252db7d8

So can I sign certificates locally?

Yup, generate a csr from forge => ssl section. the ssh into your server and find a folder inside /etc/nginx/ssl/***. And run the following:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Then update your nginx config accordingly. You'll find plenty of examples on the web

Brilliant, thanks for all the help mate!

Always a pleasure!