Google Checkout - Confusing Security Information
Posted by Greg Bulmash in Online Marketing And SEO, Techno Thoughts, Web ProgrammingSo, I'm considering using Google Checkout to accept payments for a web site I'm dreaming up.
Since I'd like to give customers immediate access to services they buy, I was considering the Level 2 API integration. That requires you have an SSL secured server.
So, I did a search to see if they accepted self-signed SSL certificates. Nope. They have a list of accepted certificate authorities and their certificate types that Google will recognize.
Since GoDaddy has cheap certificates, I decided to check their price on a "Go Daddy Class 2 CA" from Google's list. That's where the problems begin. The choices available at GoDaddy are "Turbo", "High Assurance", and "Extended Validation". Now, I could assume that the "High Assurance", being the second level, is the Class 2. But I wanted to be sure.
I scrutinized GoDaddy's marketing pages, even searched their FAQs and helpdesk, but there was no mention of "Class 2" anywhere.
I started looking at other certificate authorities on the Google list. Again and again, at vendor after vendor, the names Google used for the certificates did not match the names the vendors were using. I must have spent a half hour looking around vendor sites, looking for the certificates on Google's list and not finding matching names.
If Google wants more merchants to adopt their checkout system, they need to catch issues like this and deal with them. If it was just one or two vendors where the "marketing" names for the certificates that they used to sell them didn't match the "class" of certificate used on the backend, I could see where it might be the vendor's fault. But when the issue is this pervasive, Google needs to get on the ball.
UPDATE: I got a reply from Google Checkout customer service. They acknowledged that the list was confusing and said they'd look into it. In the meantime, they referred me to a thread in the Google Checkout discussion group. In it two people cite certificates they've used successfully, one being the GoDaddy "Turbo" SSL certificate, which is one of the lowest cost certificates you can buy.
Entries (RSS)
I am using google checkout and am in the middle of some serious changes t my shopping cart. I added google checkout as a new payment option and needed to install the moduale, create new tables in my database, purchase ssl all this just to have google checkout as a payment option for people in my shop! I also use paypal but needing to purchase an ssl just to use google checkout with there transaction service is what get me! All i can say is it's a pain in the butt but i think in the end I'll be happy i bought the ssl and have both paypal and google checkout!
Wow, over 3 years since your post and this is still a confusing issue. I just left the following post in the Google Checkout integration forum on this exact topic.
I need to buy an SSL cert for the API URL callback for Google Checkout. Go Daddy has great prices for certs that are in 99% of browsers. Google states that the "Go Daddy Class 2 CA" certificate is supported. However, all certs issued by Go Daddy seem to have an issuer of "Go Daddy Secure Certification Authority". I've checked several websites they've issued SSL certs to, and none of those certs have an issuer of "Go Daddy Class 2 CA". Is the "Go Daddy Class 2 CA" just a generic, marketing reference to the certs issued by "Go Daddy Secure Certification Authority"? As of this posting, I see two certs that Go Daddy sells. They are "Standard SSL" and "Premium SSL", but no details on the actual issuer. Will either of those certs work for the API URL callback?
I used the Digicert tool to verify the various Go Daddy SSL certs I found.
http://checkout.google.com/support/sell/bin/answer.py?answer=57856
http://www.godaddy.com/ssl/ssl-certificates.aspx?isc=sslqgo015b&ci=8979
https://www.digicert.com/help/
The post url:
http://www.google.com/support/forum/p/checkout-merchants/thread?tid=770925055e03e08b&hl=en