I need to state up front that I don't know squat about SSL and am still learning PHP. I don't want to use one of the cart systems where I have to try to make their cart templates (with 4726 interlaced files) look like the site we want.
Our site is hosted on a Godaddy server. We have an SSL certificate installed which was purchased from them. We want a shopping cart because PayPal's free buttons have many limitations and side-effects that make them undesirable for our sight and I don't want to pay PayPal for their more expensive buttons.
I have developed a shopping cart using PHP and have it working just fine in the PayPal Sandbox. Now, I need to encrypt the button before going live with it.
Solution 1: I came across this post - Dynamic Paypal button encryption and I like the answer from kapitanluffy which seemed like a good alternative. I was going to try this using curl to send the cart after the user clicks the button to run my checkout script but then read somewhere else that PayPal wouldn't accept it if it didn't come from a browser. Sorry, I can't find where I read that now.
Solution 2: This script - How-To: Build your own PayPal Encrypted Buttons http://www.stellarwebsolutions.com/en/articles/paypal_button_encryption_php.php now seems like it is the answer I was looking for. OpenSSL is enabled on the server. So, now I just need a private key and a certificate.
I tried generating a key and certificate using OpenSSL for Windows and all I generated was error messages. After a while, I decided to try it with Linux and it worked like a charm. Great, now I've got my key and certificate. When I got to the part about the path to the openssl binary (line 18), I had to call Godaddy. They informed me that the key and certificate have to be generated on the machine that will be hosting the website. See? I don't know SSL.
So,
Would kapitanluffy's suggestion work using curl?
Can I generate my key and certificate on a local machine if our site is hosted on Godaddy?
Can I generate them on the Godaddy server?
If the previous answers are no, what can I do now?
