Hello,
When i create self signed certificate, i dont like the firefox warning when connecting over ssl.
Can i also use paypal and UM without ssl?
Can users login to the user page in UM without the ssl?
How secure is it, and what are the risks if i dont use the ssl conection for UM and paypal?
I dont want to use ssl, because i think that many hotspot users will get scared after the self signed certificate warning in firefox, and will not continue.

Thanks

If you are transmitting usernames, passwords and payment information, use SSL.

Felix

If you are transmitting usernames, passwords and payment information, use SSL.

You can use https while managing user accounts in User Manager web interface. PayPal payments can be made also without SSL. Uncheck the box "Secure response" for the subscriber. It means, that PayPal sends payment result details to User Manager in plain text. If there is some "man in the middle" it can sniff which PayPal user (email address) transfered how much money to your account. However it does not mean, that an attacker can make fake payments, because User Manager makes secure SSL connection back to PayPal and checks whether it really sent the data which is received by User Manager.

It is relatively easy to sniff this plain text data for users, who are in the same network (other HotSpot users), there are tools available, including freeware.

By not using SSL (https) you risk to publish your client data:
*) Email address
*) User Manager (HotSpot) login and password
*) Transfered money amounts - possibility to track your income

However no kind of credit card information is visible to hackers and no fake payments are possible.

Thank you, thats what i wanted to know.

Finnaly i have managed.
I got a free 30 days trial ssl from rapid ssl.
I imported it and works great.
This is all what i will need for now.