Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SHARED SSL: Does osCommerce 2.2 works with it?


heliogalvao

Recommended Posts

Does osCommerce 2.2 works with shared SSL?

 

Im asking that cause I?ve tried to use Shared SSL, so, the phisycal directory is different than non-SSL directory. The problem is, when a customer tries to navigate around, the secure links points to another phisycal directory. This issue forces me to have duplicated catalog images, and duplicate website files, right?

 

Is there a way to use shared SSL in osC 2.2 ?

 

Dedicated certificates are too much expensive!

 

Thanks.

Link to comment
Share on other sites

To answer your question regarding would it work though if you have two different directories, one nonsecure and one secure, yes it could but creates a whole slew of potential problems which can be caused by the users computer settings and potential security risks. Not the mention the fact they would get that ugly Windows notification that they are leaving your site..when all they are really doing is going to your secure directory. That alone will scare some customers off.

 

A true shared SSL certificate is one that is used for all domains on the same server.

 

Having a hosting account setup with a nonsecure and secure directory, is usually a sign of a cheap host or one that doesn't know what they are doing. A good hosting company will use the same directory for both secure and unsecure versions of your website.

 

Example:

 

http://www.yoursite.com/catalog/

 

Would be identical to

 

https://secure.servername.com/yoursite.com/catalog/

 

That is the proper way a shared ssl being used with a shared hosting server should be setup.

Sincerely,

Bruce

 

19 contributions submitted

Link to comment
Share on other sites

falacy: they do not get a message stating they are leaving your site if the ssl (shared) is setup properly.

it is not a sign of a cheap host.

the original way for secure versus nonsecure files was originally two different directories, in fact was a specification in apache from way back when

 

if your shared ssl is setup properly, it will work however you can not use 'force cookies'

Link to comment
Share on other sites

If the shared SSL is setup properly, this is true. They would not get a message telling them they are leaving the current site.

 

And true way back in the day having two separate directories, one for unsecure and one for secure, was how they handled secure sites. I will take it a step further and state some companies even used to keep secure and unsecure versions of sites on two different servers.

 

The disadvantage in setups like that is that it not only forces you to either manage two versions of the same site....or having all nonsecure pages in one folder and secure in another...but more importantly it also can pose issues from anything from sessions to cookie management to some minor security risks.

 

Another issue is site management, whereby setups like the above one can require you to have two separate ftp logins. From a customer service standpoint alone, having a single login for your customers is deal instead of having to explain to them all the time the differences on why they would have to basically maintain two websites.

 

When I state the above setup is an example of a "cheap hosting company", that is true. Back in the day, this was the industry standard of doing things.

 

However now having a secondary secure folder for maintaining your secure pages, instead of a single folder and proper setup of the shared SSL to allow someone to hit any page of your site securely, is usually decided upon by hosting companies to save them money in a variety of areas. That setup though is very outdated, is less secure, and is overall not a good way to setup shared hosting servers if you have more than a few servers averaging 200+ domains hosted on each.

 

Best proof you could get though is take a look at what the big boy hosting companies offer. The reputable ones who have been doing this for years with 100,000+ customers don't do it that way anymore. :huh:

Sincerely,

Bruce

 

19 contributions submitted

Link to comment
Share on other sites

Aarrggghhh.. What am I missing here?

 

I have been looking at threads for hours now and can not set my site up with secure cart https

 

Where can I find a thread that will help me? :blink:

 

I do not understand how this should be set up from the basic install.. is there anyone here that can explain this in plain english?

Link to comment
Share on other sites

In english:

 

If your current hosting provider has two separate folders setup, one for your unsecure site and one for your secure site, you will:

 

1. Have database connection issues if secure & unsecure sites are on different servers.

 

2. Have to upload your entire store into both folders for it to work.

 

I would suggest you find a host who doesnt have separate folders for secure and unsecure versions of your site. This will avoid all of that headache.

Sincerely,

Bruce

 

19 contributions submitted

Link to comment
Share on other sites

Mine are on the same server, can you check this is what the files should read like:

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.mysite.co.uk'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.mysite.co.uk'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.mysite.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'mysite.co.uk');

define('HTTP_COOKIE_PATH', '');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']));

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', '');

define('DB_SERVER_PASSWORD', '');

define('DB_DATABASE', '');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

?>

Link to comment
Share on other sites

It looks like it should work as it is posted. However if you are on a shared hosting server AND shared SSL, you may wis to verify the following settings with them:

 

define('HTTP_SERVER', 'http://www.mysite.co.uk'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.mysite.co.uk'); // eg, https://localhost - should not be empty for productive servers

 

I would guess the secure URL will end up being something slightly different. Myabe something more like:

 

https://www.mysite.co.uk/~yoursecurefolder/

 

Let me know how it works out for you.

Sincerely,

Bruce

 

19 contributions submitted

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...