Some users will change the home page to something else to protect it from being discovered while being tested. You should test every function - i.e. if you are offering real time shipping, test it. If you offer affiliates, test those. Keep in mind that some testing might cost you (i.e. using the gateway during the transaction) but chances are this will be less than $1.00 - and this will probably save you a lot in the long run.
And yes you should test in SSL. It will not hurt you or cost you anything. You will be testing it anyway. You want to make sure that you are not mixing non-SSL / SSL together.
I imagine that by not mixing SSL and non-SSL he means that all objects on the page should point to one or the other. For example, I've seen sites where the secure pages have non-secure objects such as images that are served from http links instead of https. Also, don't put a login form on an http page that submits form data to https. You should take the customer to an https page before requesting login.
As far as testing the gateway connection, go ahead and do a live checkout. You can always void the transaction at the gateway before it gets batched. This way you know for sure all points are working before accepting customer transactions.
BannerView.com - Energize your Business Online, powered by BannerOS, the platform that turns your website into a powerful business tool. Build your own website powered by BannerOS with our DIY service.
authorize.net is probably is one of the most used gateways and all you have to do is apply for a test account and my experience is they will give you login info within a couple of hours. I think the key is probably which gateway you use. A lot of gateways emulate authorize.net as it is one of the biggest so its usually pretty easy once you've proved out.
My thinking is that one the best way is to set up a directory like "secure" for the actual financial transaction and configure this part of your site to be accessed as secure.MYSITE.com. That way the only links that need an https:// are the secure.MYSITE.com. Then do a certificate for this directory - I have found that for me its easiest to get the certificate provided by the host - in my case it may cost and extra $10-$15 - and let techs install it as it can save LOTS of time.
Also, most of the the sites that sell certificates usually have pretty specific directions,
It is definitely worthwhile doing a few LIVE transactions from start to finish once your development is completed. Even though in a perfect world, the TEST version should work just fine when you flip the switch into LIVE mode... keep in mind that you are now working with a different environment and there is always the possibility of error.
In fact, if you are running on a tight timetable, as soon as you get your payment access credentials for your merchant account & gateway, it never hurts to run a quick LIVE transaction on the virtual terminal for say $1 and then void it - just to make sure everything is running properly.
That way, if there IS ever any kind of snafu - you can sort it out quickly while you continue to development using the test account in the mean time.
I should also mention that these kinds of errors are quite rare but I am a firm believer in Murphy's Law.
CDGcommerce.com - Trusted Merchant Account Solutions since 1998
Many thousands of successful, growing businesses benefit from our expertise every day. You can, too!
We help merchants to eliminate gateway costs, reduce & mitigate fraud and achieve streamlined PCI compliance. Learn more today at http://www.cdgcommerce.com - we look forward to helping your business grow!
Does the Godaddy SSL covers the whole site or just part of your site?
Normally SSL covers the whole website
the difference is wildcard (support all sub-domains, example: any-name.your-domain-name.com) and single root (support only one URL, example: www.your-domain-name.com).