Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

SSL and install of OSC

Simplyeasier

By Simplyeasier
in General Support

Recommended Posts

Simplyeasier

Simplyeasier

Posted
Posted

Hi Forum

 

This is a general question and all views are invited :D

 

I have decided on the SSL certificate to use and I am working with my host to instal the same.

 

Question

 

Are there any advantages in terms of SSL as to whether I install the osC in root or in catalog under root ?

 

Also do you have a preference for protecting the whole site or just the payment and checkout pages ? (I am thinking here that you don't want to prevent surfers from visiting if you have a non trusted certificate - but yet you still want their details to be secure WHEN :D they decide to buy from your site)

 

If you secure particular pages how do you go about this in terms of installation and configuration ?

 

Thanks

 

Charles

A kite flies highest AGAINST the wind !

 

"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, a lover in one hand, martini in the other, body thoroughly used up, totally worn out and screaming ~ WOO HOO!! What a ride!"

ozcsys

ozcsys

Posted
Posted
Hi Forum

 

This is a general question and all views are invited  :D

 

I have decided on the SSL certificate to use and I am working with my host to instal the same.

 

Question

 

Are there any advantages in terms of SSL as to whether I install the osC in root or in catalog under root ?

 

Also do you have a preference for protecting the whole site or just the payment and checkout pages ? (I am thinking here that you don't want to prevent surfers from visiting if you have a non trusted certificate - but yet you still want their details to be secure WHEN  :D  they decide to buy from your site)

 

If you secure particular pages how do you go about this in terms of installation and configuration ?

 

Thanks

 

Charles

 

Installing in the root is a better choice unless you have a reason not to such as you already have a site in the root that you want to leave there. As far as protecting certain pages osC does that automatically for you. Once you enable it in your configure.php files it will switch between secure and non secure mode as needed depending on what page the cusomter is on.

The Knowledge Base is a wonderful thing.

Do you have a problem? Have you checked out Common Problems?

There are many very useful osC Contributions

Are you having trouble with a installed contribution? Have you checked out the support thread found Here

BACKUP BACKUP BACKUP!!! You did backup, right??

matcollins

matcollins

Posted
Posted
Installing in the root is a better choice unless? you have a reason not to such as you already have a site in the root that you want to leave there. As far as protecting certain pages osC does that automatically for you. Once you enable it in your configure.php files it will switch between secure and non secure mode as needed depending on what page the cusomter is on.

 

Excuse me for butting in here but I'm going through a similar situation. If osc is setup in the root then your CSR url would be www.yoursite.com and not a subdirectory of this. OSC then switches between http and https without the need for a separate 'secure' directory. Is that correct?

 

Matt

Vger

♥Vger

Posted
Posted
OSC then switches between http and https without the need for a separate 'secure' directory. Is that correct?

 

There are two issues here and they are not directly related. Any CSR will be based on the domain (www.domain.com). So, all folders mapping out from the root of that domain will be covered by the certificate. If you install osCommerce into a folder, say 'catalog' then you just alter the paths to 'catalog' inyour configure.php files.

 

You only need a seperate secure directory when you are hosted with a company that uses this rubbish system, and then it doesn't matter whether your site is in the root or in a folder you still have to duplicate the whole thing in the seperate ssl folder.

 

Vger

JnJSpdShop

JnJSpdShop

Posted
Posted

I also had a question about this, I would've purchased my SSL already if I was sure I was doing the right thing. My OSC site is currently setup on a subdomain like "http://store.mydomain.com"'>http://store.mydomain.com" This subdomain creates a folder under my main domain, so I could either type "http://store.mydomain.com or http://www.mydomain.com/store" So should I purchase the SSL just for store.mydomain.com or just get it for the main domain www.mydomain.com??

 

Thanks

matcollins

matcollins

Posted
Posted
There are two issues here and they are not directly related.  Any CSR will be based on the domain (www.domain.com).  So, all folders mapping out from the root of that domain will be covered by the certificate.  If you install osCommerce into a folder, say 'catalog' then you just alter the paths to 'catalog' inyour configure.php files.

 

You only need a seperate secure directory when you are hosted with a company that uses this rubbish system, and then it doesn't matter whether your site is in the root or in a folder you still have to duplicate the whole thing in the seperate ssl folder.

 

Vger

 

So, the fact that I'm getting my own ssl cert means that I can have all the oscom files in the one place (root) and not have to duplicate them in another folder. The software will automatically switch from http to https when required? The reason I ask is that there are few posts with people mentioning secure.website.com as their 'secure folder'. I guess they must be talking about shared ssl. This is my first time using ssl, so I want to get the CSR right.

Guest

Guest

Posted
Posted

never ever purchase an ssl in store.domain.com as then it is a waste of your money. the only directory it will protect/work with properly is you 'cname domain store it will not work properly as https://www.domain.com

 

thus purchase as www.domain.com and it works with both

Guest

Guest

Posted
Posted

this is not a function of osCommerce but of your host. you need to find out where you need to put files so ssl will work properly

 

So, the fact that I'm getting my own ssl cert means that I can have all the oscom files in the one place (root) and not have to duplicate them in another folder. The software will automatically switch from http to https when required? The reason I ask is that there are few posts with people mentioning secure.website.com as their 'secure folder'. I guess they must be talking about shared ssl. This is my first time using ssl, so I want to get the CSR right.

JnJSpdShop

JnJSpdShop

Posted
Posted
never ever purchase an ssl in store.domain.com as  then it is a waste of your money.  the only directory it will protect/work with properly is you 'cname domain store  it will not work properly as https://www.domain.com

 

thus purchase as www.domain.com and it works with both

 

Well NOW I am completely confused. When I go to instantSSL.com a look at the SSL certs the InstantSSL pro which I am interested in says it protects a "single domain name" and my store is setup under a subdomain store.jandjspeedshop.com , so would the SSL for www.jandjspeedshop.com work for this as well. I was under the impression that is wouldn't because it is a subdomain even though you can still get to it via http://www.jandjspeedshop.com/store

 

HELP ME please

Guest

Guest

Posted
Posted

it all depends upon your cert, i have not read what instantssl provides or how they do it. i just know how things work for systems. and why you can access your site via the second section is how your host has things setup.

any particular reason for using store.domain.com and not the second as you have, www.domain.com/store?

JnJSpdShop

JnJSpdShop

Posted
Posted
it all depends upon your cert, i have not read what instantssl provides or how they do it.  i just know how things work for systems.  and why you can access your site via the second section is how your host has things setup.

any particular reason for using store.domain.com and not the second as you have, www.domain.com/store?

 

Well I have seen a few other store setup with the store.mydomain.com and I think it looks more professional than the www.mydomain.com/store

Simplyeasier

Simplyeasier

Posted
  • Author
Posted
Installing in the root is a better choice unless  you have a reason not to such as you already have a site in the root that you want to leave there. As far as protecting certain pages osC does that automatically for you. Once you enable it in your configure.php files it will switch between secure and non secure mode as needed depending on what page the cusomter is on.

 

Hi Forum

 

My Cert is now installed, but i keep getting This page contains both secure and non secure items - Do you want to display the non secure items.

 

Clicking on yes or no does not seem to prevent anything from working - it's just an annoying message that I need to get rid of to stop worrying my customers unnecessarily.

 

In the address bar the https page is coming up for login, index etc etc -

 

Can anyone help me isolate why the message is coming up

 

Thanks

 

Charles

A kite flies highest AGAINST the wind !

 

"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, a lover in one hand, martini in the other, body thoroughly used up, totally worn out and screaming ~ WOO HOO!! What a ride!"

OceanRanch

OceanRanch

Posted
Posted

The page you are trying to display contains images from an http source not an https source.

 

Look at the page source and find the "images" or ads that are coming from a site that is not https. Move those images to your https location and make the corresponding changes in your files.

 

HTH

Tom

Simplyeasier

Simplyeasier

Posted
  • Author
Posted
The page you are trying to display contains images from an http source not an https source.

 

Look at the page source and find the "images" or ads that are coming from a site that is not https.  Move those images to your https location and make the corresponding changes in your files.

 

HTH

Tom

 

I see where you are coming from but to take this a bit further does the SSL not protect the domain rather than individual directories ? When you say move the "images" to my https location I thought https was a creation of the cert to assure people of the security layer and not a new directory structure where images and other web material need to be located ?

 

I am pretty sure you are right I just don't know what to move (individual images or the entire image directory) and where to move it to (I thought my entire domain and all the directories on the server were protected by the cert ) :(

 

Any further light on this is much appreciated - in the meantime if my tired eyes let me I will go back to the KB and past threads :)

 

Charles

A kite flies highest AGAINST the wind !

 

"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, a lover in one hand, martini in the other, body thoroughly used up, totally worn out and screaming ~ WOO HOO!! What a ride!"

Simplyeasier

Simplyeasier

Posted
  • Author
Posted

OK sorted - and here is the solution for those following this thread

 

The message was coming up because I had a NOCHEX banner gif on my page hosted on the nochex server !!! The banner just told customers I accept nochex as a payment mechanism.

 

I removed the reference to the gif on the nochex server and bingo - life is once again sweet :D

 

Now all I have to do is ask nochex to allow me to copy their banner to my own server where it will be secured by my ssl cert and this will then be OK.

 

Charles.

 

BTW I was also have another unrelated problem in that my config files were using https paths which referenced www.mydomain.com in their paths. However when i bought my ssl cert it references on the mydomain.com without the www. This was causing the web browser to tell the surfer that the cert was invalid or names did not match. I took the www out of the paths for https in the 2 config files and now browsers and server are talking the same language - so no security alert.

 

I have a padlock in the task bar, https in my address line and everyone is a happy camper.

A kite flies highest AGAINST the wind !

 

"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, a lover in one hand, martini in the other, body thoroughly used up, totally worn out and screaming ~ WOO HOO!! What a ride!"

Simplyeasier

Simplyeasier

Posted
  • Author
Posted
never ever purchase an ssl in store.domain.com as  then it is a waste of your money.  the only directory it will protect/work with properly is you 'cname domain store  it will not work properly as https://www.domain.com

 

thus purchase as www.domain.com and it works with both

 

Please see my last post on this thread for more info - but very briefly I was told that you cannot buy the cert as www.domainname.com - you buy the cert to protect the domain not the URL

 

The net result is that you buy the cert without the www and then remove www from the paths of https in the 2 config files.

A kite flies highest AGAINST the wind !

 

"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, a lover in one hand, martini in the other, body thoroughly used up, totally worn out and screaming ~ WOO HOO!! What a ride!"

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...