Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL set up


facelessface

Recommended Posts

I am in the process of setting up SSL access for my shop.

 

the website address is :http://www.yaoh.co.uk

 

while the secure space is at:

https://shared-ssl.xcalibre.co.uk/www.yaoh.co.uk/catalog/

 

do i essentially need two copies of the website, one at each location so it can transfer between one and the other when security is needed and not?

my sites:

----------

www.preciousmetal-online.co.uk

www.liparazzi.com

www.yaoh.co.uk

Link to comment
Share on other sites

Also could I make the entire shop secure - by placing it on my secure server, and then set the server settings as follows:

 

define('HTTP_SERVER', 'https://shared-ssl.xcalibre.co.uk/www.yaoh.co.uk'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', '); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', false); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', '');

define('HTTPS_COOKIE_DOMAIN', '');

 

 

would it still be secure?

my sites:

----------

www.preciousmetal-online.co.uk

www.liparazzi.com

www.yaoh.co.uk

Link to comment
Share on other sites

DON'T do your whole shop. It will make things dramatically slow, especially on a shared server and a shared SSL.

 

Provided Vger doesn't correct me (see here), I'd recommend something on the lines of:

define('HTTP_SERVER', 'http://www.yaoh.co.uk');
define('HTTPS_SERVER', 'https://shared-ssl.xcalibre.co.uk/www.yaoh.co.uk');
define('ENABLE_SSL', true);
define('HTTP_COOKIE_DOMAIN', 'www.yaoh.co.uk');
define('HTTPS_COOKIE_DOMAIN', 'shared-ssl.xcalibre.co.uk'); // ???
define('HTTP_COOKIE_PATH', '/catalog/');
define('HTTPS_COOKIE_PATH', '/www.yaoh.co.uk/catalog/'); // ???
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

whereas, for the admin panel (if you haven't made other provisions for safety), I'd use

 ?define('HTTP_SERVER', 'https://shared-ssl.xcalibre.co.uk/www.yaoh.co.uk'); // this SSL to secure whole admin
?define('HTTP_CATALOG_SERVER', 'http://www.yaoh.co.uk');
?define('HTTPS_CATALOG_SERVER', 'shared-ssl.xcalibre.co.uk/www.yaoh.co.uk');

(plus an appropriate .htaccess)

 

Oops, almost forgot: Just one location for your shop is needed, the 'shared-ssl...' stuff is just kind of proxy that makes you secure but actually accesses the same files you have under 'www.yaoh.co.uk'.

 

HTH,

M.

I don't want to set the world on fire—I just want to start a flame in your heart.

 

osCommerce Contributions:

Class cc_show() v1.0 – Show Credit Cards, Gateways

More Product Weight v1.0

Link to comment
Share on other sites

Oops, almost forgot: Just one location for your shop is needed, the 'shared-ssl...' stuff is just kind of proxy that makes you secure but actually accesses the same files you have under 'www.yaoh.co.uk'.

 

This doesnt seem to be the case for mine, if i FTP to the shared space it is empty, and i can't access files on it as if it were the www.yaoh.co.uk website. Is there any way i can get it to access the same files as under www.yaoh.co.uk?

my sites:

----------

www.preciousmetal-online.co.uk

www.liparazzi.com

www.yaoh.co.uk

Link to comment
Share on other sites

Now that's odd... you can FTP to it?

 

With my provider, it's just a redirection using another server for the certificate stuff, and it proxies me to my own space. They wouldn't even LET me connect to that proxy space. So, like

 

https://ssl-account.com/mydomain.com/catalog/index.php

 

would actually refer to the same file as referenced by

 

http://www.mydomain.com/catalog/index.php

 

which would be (in my case) something like

 

/www/htdocs/contractnumber/catalog/index.php

 

on their machine. And for FTP, I'd only have ONE place:

 

ftp://mydomain.com

 

Hope that's understandable.

 

One never stops learning. Maybe you could ask them how it's actually implemented?

 

To me, it doesn't really make sense having everything duplicated—you won't be able to duplicate TRANSACTIONS.

 

If it's really like you say, AND you have both file spaces on the same server (or have linked filespace AND FollowSymLinks is on), AND they run Apache, you might succeed with putting a nice .htaccess file in your 'shared-ssl' domain that actually only rewrites each and every URL to your actual filespace.

I don't want to set the world on fire—I just want to start a flame in your heart.

 

osCommerce Contributions:

Class cc_show() v1.0 – Show Credit Cards, Gateways

More Product Weight v1.0

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...