Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

WHM, cPanel, SSL, and osCommerce...


dsatchell

Recommended Posts

I have a reseller account with a company and they are telling me something that I hope is wrong and would appreciate some clarification and instructions.

 

1. I have a client that had a 100mb hosting package with a shared IP at christinajs.com. Now my client wants to install osCommerce and get an SSL and have it setup at secure.christinajs.com. I have used up all of my disk space on my reseller account. My host tells me that to setup SSL I have to create a new account with a dedicated IP in addition to the existing account. I thought this was crazy as it meant that I would have to use up more disk space just to provide SSL. What is the situation here and what should I have done?

 

2. I need an answer to #1 for future reference but I have already deleted the account and recreated it under a dedicated IP plan. I still would like to have christinajs.com as a non-SSL and secure.christinajs.com as a osCommerce install with SSL. I have already created the SSL from WHM and set it as secure.christinajs.com but I can't figure out the correct way to install osCommerce from cPanel/Fantastico so that the store will install correctly.

 

3. If I create the SSL from WHM, is this a true SSL or something else like a shared or self-signed SSL?

 

Thanx, Dave.

Link to comment
Share on other sites

To setup a site for ssl you need to get a certificate in the domain name. You then install the certificate (or have your hosting company do it) You then activate it and set the https: defines in your configure.php files. This is really all you should need to do as once the ssl setting is set to true osC automatictally sends the customers to secure pages as needed. There is no need to have a sub domain or copy your files in more than one location. If your hosting company does require this then they are on crack and you should move somewhere else.

The Knowledge Base is a wonderful thing.

Do you have a problem? Have you checked out Common Problems?

There are many very useful osC Contributions

Are you having trouble with a installed contribution? Have you checked out the support thread found Here

BACKUP BACKUP BACKUP!!! You did backup, right??

Link to comment
Share on other sites

Yes, there's some confusion. Your host might not be on crack, but definitely noobs :(

 

There is no need to create a new account, but you do need a dedicated ip, which will cost a little extra per month. Your host will assign that ip address to this account. There is some propagation, but it's pretty minor.

 

I usually just tell my resellers to send their ssl stuff to me and I will install it, so hopefully your host can do the same.

 

In WHM, you cannot generate an SSL, if it was that easy, we would all do it.

You will have to buy one from an ssl provider, such as InstantSSL or whoever.

Aside from the SSL... in WHM, you have to generate an SSL request, then the request and ssl to you host.

 

Fantastico is pretty cool, but why don't you just download it here and install it manually, it's easy. I see so many people install from fantastico and put oscommerce in a sub-directory when it's usually better to have it in root

Link to comment
Share on other sites

sounds like you are getting what you pay for, not much money for not much knowledge . . . perhaps time to step up to the plate and find a host who can and will help .. .

Link to comment
Share on other sites

So is it possible to have christinajs.com without SSL and secure.christinajs.com with SSL under the same account? My hosting service uses WHM 9.9.7, cPanel 9.9.8-R5, on RedHat Enterprise 3.

 

Cyanide: As for the SSL in WHM I'm curious as to why it gives this as an option:

SSL/TLS

Generate an SSL Certificate and Signing Request

Install an SSL Certificate and Setup the Domain.

 

I'm not disagreeing with you and I appreciate your help but I'm a Windows Admin with 15 years experience so I like to understand why something is the way it is and when you say "In WHM, you cannot generate an SSL, if it was that easy, we would all do it", I do believe you. But now I'm confused because I have played around with this and even though I haven't gotten it 100% correct I do know that I can enable the padlock icon when going to the site and SSL does appear to be enabled. I think that maybe what is in WHM is allowing for a self-signed SSL but I'm not sure.

 

Info would be appreciated.

 

Also, I would appreciate it if someone has a link to some info on SSL. I have found some info but it is either very abstract info like selling to a customer or very technical like for someone that is administering there own box. I need something in between that will describe in detail why each step is being done.

 

Thanx, Dave.

Link to comment
Share on other sites

Maybe there's a slight conflict in speech here ...

 

Generate an SSL Certificate and Signing Request

Also called a CSR. You need to complete this along with the ssl you purchase from a vendor

Install an SSL Certificate and Setup the Domain.

This area is for actually installing your certificate, if you know how.

Most people muck it up, so as I mentioned, it's usually best to just get your host to do it

 

Here's a page that explains ssl

Link to comment
Share on other sites

On the cPanel for christinajs.com, when I go into the SSL Manager and click on Private Keys (KEY), Certificate Signing Requests (CSR), and Certificates (CRT); all three show that I have secure.christinajs.com as being "...on the Server".

 

If I'm understanding this correctly, at this point I have not actually purchased or installed a certificate from a CA so in effect I just have a self-signed SSL; correct?

 

So assuming I will take care of the CA certificate at a later time; my next step would be to install osCommerce into secure.christinajs.com. So do I actually tell Fantastico to install into the domain of christinajs.com and the directory of secure or do I select the domain of secure.christinajs.com and would I need to create a subdomain or a fowarder or what? This is the part that has got me confused.

 

Again, I want to really thank everyone for their input and I hope I'm not a PIA or frustrating anyone too much.

 

Thanx, Dave.

Link to comment
Share on other sites

On the cPanel for christinajs.com, when I go into the SSL Manager and click on Private Keys (KEY), Certificate Signing Requests (CSR), and Certificates (CRT); all three show that I have secure.christinajs.com as being "...on the Server".

 

If I'm understanding this correctly, at this point I have not actually purchased or installed a certificate from a CA so in effect I just have a self-signed SSL; correct?

 

So assuming I will take care of the CA certificate at a later time; my next step would be to install osCommerce into secure.christinajs.com.  So do I actually tell Fantastico to install into the domain of christinajs.com and the directory of secure or do I select the domain of secure.christinajs.com and would I need to create a subdomain or a fowarder or what? This is the part that has got me confused.

 

Again, I want to really thank everyone for their input and I hope I'm not a PIA or frustrating anyone too much.

 

Thanx, Dave.

 

You do not need to have the subdomain. Install your site at www.chrishinajs.com. You purchase a ssl certificate for your domain, install it, and then go into your configure.php file and set ssl to true and set the ssl paths and osC will automatically send your customers to a secure page when needed. What will happen is some pages where ssl is not needed with look liike

 

http://www.chrishinajs.com

 

and when the login or checkout or any page where personal info is being used the path will look like

 

https://www.chrishinajs.com (notice the https:)

 

This is done automatically by osC as long as you change your settings in your configure.php files. There should be no need for duplicate files or having more than one install of your site.

 

Now having said that there are some crappy hosting companies that do require you to duplicate your site and if yours is one of them I would go elsewhere.

The Knowledge Base is a wonderful thing.

Do you have a problem? Have you checked out Common Problems?

There are many very useful osC Contributions

Are you having trouble with a installed contribution? Have you checked out the support thread found Here

BACKUP BACKUP BACKUP!!! You did backup, right??

Link to comment
Share on other sites

I'm with Richard, here

 

I'm starting to wonder why you need to install oscommerce in a directory called secure.

the easiest way to do it, is install the cart in your root directory,

Link to comment
Share on other sites

Yes, there's some confusion.  Your host might not be on crack, but definitely noobs :(

Agreed...

 

So is it possible to have christinajs.com without SSL and secure.christinajs.com with SSL under the same account?

...

Thanx, Dave.

It is entirely possible...just add the virtual directive to the httpd.conf file like this:

<IfDefine SSL>
<VirtualHost 255.255.255.255:443>
ServerAdmin [email protected]
DocumentRoot /home/youruser/public_html
User youruser
Group yourgroup
BytesLog domlogs/secure.yourdomain.com-bytes_log
ServerName secure.yourdomain.com
CustomLog /usr/local/apache/domlogs/secure.yourdomain.com-ssl_log "%t %{version}c %{cipher}c %{clientcert}c"
SSLEnable
SSLCertificateFile /usr/share/ssl/certs/secure.yourdomain.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/secure.yourdomain.com.key
SSLCACertificateFile /usr/share/ssl/certs/secure.yourdomain.com.cabundle
SSLLogFile /var/log/secure.yourdomain.com
UserDir public_html
ScriptAlias /cgi-bin/ /home/youruser/public_html/cgi-bin/
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
</IfDefine>

Also, don't forget to add an A entry to the bind configuration file for the domain. It should look something like this:

; Zone file for yourdomain
@    14400   IN      SOA     ns1.your-nameserver.com. your-webmaster-email. ( 2004111200     ; serial, todays date+todays
                       28800          ; refresh, seconds
                       7200           ; retry, seconds
                       3600000        ; expire, seconds
                       86400 )        ; minimum, seconds

yourdomain. 14400 IN NS ns1.your-nameserver.com.
yourdomain. 14400 IN NS ns2.your-nameserver.com.
yourdomain. 14400 IN A 255.255.255.255

localhost.yourdomain.   14400    IN A       127.0.0.1

yourdomain. 14400 IN MX 0 yourdomain.

mail    14400        IN CNAME    yourdomain.
www     14400        IN CNAME    yourdomain.
ftp     14400        IN A    255.255.255.255
secure	14400	IN	A	255.255.255.255

 

I'm with Richard, here

 

I'm starting to wonder why you need to install oscommerce in a directory called secure.

the easiest way to do it, is install the cart in your root directory,

Just because there is a subdomain on the URL like "secure" does not mean there is a directory that it maps to. You can map the secure anywhere...including the install directory of osC.

Link to comment
Share on other sites

Just because there is a subdomain on the URL like "secure" does not mean there is a directory that it maps to.  You can map the secure anywhere...including the install directory of osC.

True, but I did check out the site in question and there is a secure directory with oscommerce inside it

Link to comment
Share on other sites

True, but I did check out the site in question and there is a secure directory with oscommerce inside it

Newbie web hosts...well, I guess we all started somewhere though. I remember a time when I had the same problems so I'll back off a bit :)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...