heliogalvao Posted September 9, 2005 Share Posted September 9, 2005 Does osCommerce 2.2 works with shared SSL? Im asking that cause I?ve tried to use Shared SSL, so, the phisycal directory is different than non-SSL directory. The problem is, when a customer tries to navigate around, the secure links points to another phisycal directory. This issue forces me to have duplicated catalog images, and duplicate website files, right? Is there a way to use shared SSL in osC 2.2 ? Dedicated certificates are too much expensive! Thanks. Link to comment Share on other sites More sharing options...
FalseDawn Posted September 9, 2005 Share Posted September 9, 2005 It's not a different directory, and if $15 (cheapest I can find) a year for a dedicated SSL cert is "too expensive", you are in the wrong business. Link to comment Share on other sites More sharing options...
mushindo Posted September 9, 2005 Share Posted September 9, 2005 To answer your question regarding would it work though if you have two different directories, one nonsecure and one secure, yes it could but creates a whole slew of potential problems which can be caused by the users computer settings and potential security risks. Not the mention the fact they would get that ugly Windows notification that they are leaving your site..when all they are really doing is going to your secure directory. That alone will scare some customers off. A true shared SSL certificate is one that is used for all domains on the same server. Having a hosting account setup with a nonsecure and secure directory, is usually a sign of a cheap host or one that doesn't know what they are doing. A good hosting company will use the same directory for both secure and unsecure versions of your website. Example: http://www.yoursite.com/catalog/ Would be identical to https://secure.servername.com/yoursite.com/catalog/ That is the proper way a shared ssl being used with a shared hosting server should be setup. Sincerely, Bruce 19 contributions submitted Link to comment Share on other sites More sharing options...
Guest Posted September 10, 2005 Share Posted September 10, 2005 falacy: they do not get a message stating they are leaving your site if the ssl (shared) is setup properly. it is not a sign of a cheap host. the original way for secure versus nonsecure files was originally two different directories, in fact was a specification in apache from way back when if your shared ssl is setup properly, it will work however you can not use 'force cookies' Link to comment Share on other sites More sharing options...
mushindo Posted September 10, 2005 Share Posted September 10, 2005 If the shared SSL is setup properly, this is true. They would not get a message telling them they are leaving the current site. And true way back in the day having two separate directories, one for unsecure and one for secure, was how they handled secure sites. I will take it a step further and state some companies even used to keep secure and unsecure versions of sites on two different servers. The disadvantage in setups like that is that it not only forces you to either manage two versions of the same site....or having all nonsecure pages in one folder and secure in another...but more importantly it also can pose issues from anything from sessions to cookie management to some minor security risks. Another issue is site management, whereby setups like the above one can require you to have two separate ftp logins. From a customer service standpoint alone, having a single login for your customers is deal instead of having to explain to them all the time the differences on why they would have to basically maintain two websites. When I state the above setup is an example of a "cheap hosting company", that is true. Back in the day, this was the industry standard of doing things. However now having a secondary secure folder for maintaining your secure pages, instead of a single folder and proper setup of the shared SSL to allow someone to hit any page of your site securely, is usually decided upon by hosting companies to save them money in a variety of areas. That setup though is very outdated, is less secure, and is overall not a good way to setup shared hosting servers if you have more than a few servers averaging 200+ domains hosted on each. Best proof you could get though is take a look at what the big boy hosting companies offer. The reputable ones who have been doing this for years with 100,000+ customers don't do it that way anymore. :huh: Sincerely, Bruce 19 contributions submitted Link to comment Share on other sites More sharing options...
Diaz Posted September 10, 2005 Share Posted September 10, 2005 Aarrggghhh.. What am I missing here? I have been looking at threads for hours now and can not set my site up with secure cart https Where can I find a thread that will help me? :blink: I do not understand how this should be set up from the basic install.. is there anyone here that can explain this in plain english? Link to comment Share on other sites More sharing options...
mushindo Posted September 10, 2005 Share Posted September 10, 2005 In english: If your current hosting provider has two separate folders setup, one for your unsecure site and one for your secure site, you will: 1. Have database connection issues if secure & unsecure sites are on different servers. 2. Have to upload your entire store into both folders for it to work. I would suggest you find a host who doesnt have separate folders for secure and unsecure versions of your site. This will avoid all of that headache. Sincerely, Bruce 19 contributions submitted Link to comment Share on other sites More sharing options...
Diaz Posted September 10, 2005 Share Posted September 10, 2005 Mine are on the same server, can you check this is what the files should read like: // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.mysite.co.uk'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.mysite.co.uk'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.mysite.co.uk'); define('HTTPS_COOKIE_DOMAIN', 'mysite.co.uk'); define('HTTP_COOKIE_PATH', ''); define('HTTPS_COOKIE_PATH', ''); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME'])); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); // define our database connection define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers define('DB_SERVER_USERNAME', ''); define('DB_SERVER_PASSWORD', ''); define('DB_DATABASE', ''); define('USE_PCONNECT', 'false'); // use persistent connections? define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql' ?> Link to comment Share on other sites More sharing options...
mushindo Posted September 10, 2005 Share Posted September 10, 2005 It looks like it should work as it is posted. However if you are on a shared hosting server AND shared SSL, you may wis to verify the following settings with them: define('HTTP_SERVER', 'http://www.mysite.co.uk'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.mysite.co.uk'); // eg, https://localhost - should not be empty for productive servers I would guess the secure URL will end up being something slightly different. Myabe something more like: https://www.mysite.co.uk/~yoursecurefolder/ Let me know how it works out for you. Sincerely, Bruce 19 contributions submitted Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.