i develop a asp.net mvc3 shop application which is multi tenant. Each customer (around 1000 sites) has a own website where he likes to embed this solution. I use a extended validation SSL as this increases customer thrust.

so far i use iframes, which is not a good choice as on the payment step the customer does not see that the connection is SSL encrypted. so i choosed to put the page complete behind ssl and the page of the customer is ssl too. this is a unsatisfying approach, as i have problems with scrollbars, positioning of lightboxes etc.

my new approach would use asp.net mvc3 to provide controllers which deliver json results; on the client side i want to use a jquery based mvc framework together with jquery templates.

my question is, how should i handle SSL to let the customer see the traffic is encrypted? I want to avoid that customers need to create a proxy and route the traffic through their ssl certificate as many different CMS systems are involved so i can’t provide a simple “how-to” to the customer.