TheNexus Posted September 27, 2005 Posted September 27, 2005 Hi guys, I'm looking for a recommendation on my best option for a small independant record label based on my situation. I hope you can help. Presently implemented--paypal email links for physical cd's http://www.sandbarmusic.com/main.html Wanting to implement - buy download media (albums, inidvudual songs) , physical media products, Chose OScommerce for present and future goals. Wish it be a front end with the option for paypal (saw osc plugins for that) Have it installed (not paypal osc plugins yet) http://www.sandbarmusic.com/oscommerce/ Click on the creat new account button: Houston, we have a problem! 1. The database is not located locally on sandbarmusic.com--its on hosts84 1.5 Their Ssl cert it self generated--and lazily at that. 2. I generated a ssl via the cp, problem is i read in another thread, they are useless. and after reading that from Voyager, er i mean Vger :), i have not asked them restart my apache yet. 3. To be honest we cannot afford the buy a Real SSL--for sure after getting a better buying expereice in place first and down the road get one when some more liquid funds are generated. 4. From what i can tell even if wedid get a real SSL, we would still be connecting the hosting companies self generated lazy butt SsL , thus defeating the purpose. Am I correct on this? Here are some details about by host and domain..... host company http://www.canaca.com/ Site Name sandbarmusic.com IP Address 66.49.172.197 Services & Options Domain Aliasing Bandwidth Monitor (for cycle beginning Thu Sep 01 2005) Used / Threshold: 1778 MB / 80000 MB (1864892250 bytes / 83886080000 bytes) Cycle Start: Day 1 of month Analog Web/FTP Log Analyzer Webalizer Log Analyzer Apache Web Server: http://www.sandbarmusic.com/ Domain Preview: http://66.49.175.87/sandbarmusic.com/ CGI: details Script Alias: cgi-bin Modperl for Apache Secure Web (SSL) Server Side Includes Generate Web Logs FrontPage Server Extensions Subdomains File Manager Backup/Restore POP3 + Imap Server Email: mail.sandbarmusic.com Mailing Lists (Majordomo) Vacation Auto-Responder Spam Filtering SquirrelMail Web-based Email: Read Email MailScanner / Virus Scanner Development Tools Telnet OpenSSH Secure Shell MySQL As you can see, I'm not 100% sure if that an IP based domain or shared....it looks like shared. even so i wouildn't want to shair their Ssl, as it is self generated The Money guy, likes his paypal sytem in terms of info and wants it implemented becasue of world wide sales, legitimace, ect ect But we wanted the OS commerce slicker front end for the shopping experience and to reduce Paypals cut on the fees. Any suggestionson the best approach? I hope I explained that clear enough, if you need any more info, i'd be happy to provide it. Appreciated you reading this novella Thank you.
TheNexus Posted September 27, 2005 Author Posted September 27, 2005 1. I added the db ip addy/www.host.com in the cofigure.php file that got rid of the "this not host.com but hostb .com(db location) error, but as I suspected I user is greeted with "this is not a trusted ssl issuer" error, as it is my db hosts self issued ssl cert. So even if i got a real ss cert the user would still be greeted by th db hosts self issue ssl cert right? l next i disabled ssl in the configure.php file. Now i can register but at http and not https not cool--- if peeps are inputing cc stuff any way around this? Maybe i can get them through a basic registration, no cc stuff and maybe a can bring a shopping cart total to the paypal https? Since paypal can do paypal and (CC with with no registration)?? what say you? thanks
♥Vger Posted September 27, 2005 Posted September 27, 2005 Your website does have a dedicated ip address, so you could have your own ssl certificate to replace the shared cert provided by your host. How do I know it's a dedicated ip address? Just type http://66.49.172.197/ into your browser - and your site comes up! When you generate a self-signed cert yourself from your control panel you should then see a box with some code which starts: -----begin certificate request----- You should copy and paste this into a text file - this is your Certificiate Signing Request you need to buy a full ssl cert - but make sure you filled in your details correctly before you generated the self-signed cert, especially the two letter country code. Once you've got your CSR you can go somewhere like ev1servers.net and get a Geotrust Express SSL Cert for $49 a year. When you complete the process you receive an e-mail with a lot of text (the cert) which you then 'Import' into the ssl section of your control panel. After that you get your host to reboot Apache and you're done, except for editing your configure.php files. One other thing you do need to know in order to buy your cert is which type of cert you need according to your server. This may be displayed in the ssl part of your hosting control panel. It may be something like Apache + Mod SSL (but you need to know this for certain). Vger
TheNexus Posted September 27, 2005 Author Posted September 27, 2005 Appreciate the response. May I assume that becasue you adressed the cert aquisition /implemtation issue, and not some other of my q's that ther no way aroung getting a cert? Just get the cert and save a whole bunch of hassle.. i got a tad confused on the ip thing, there is the hosting IP/ then the site ip, thanks for clearing that up. 49 dollars isn't bad at all, i was seeing around 150 Canadian for something dubbed for 'ecommerce", that certainly makes it affordable even on a the limited budget wehave, Thank you very much.
♥Vger Posted September 27, 2005 Posted September 27, 2005 I always recommend either a full ssl cert or a 'Trusted' and usable shared cert for sites. The reason being that if you don't have either then when customers go to Create An Account, Login, Edit Account, or go through the Checkout Process the details they send you are unencrypted and can be intercepted by any half-decent hacker. People are still very wary of buying on the internet (and rightly so) and a good ssl cert is a sign of your commitment to protect them and their details. Look at it from their point of view - why should they give you their money if you're not going to spend a small amount to protect their details? Vger
TheNexus Posted September 28, 2005 Author Posted September 28, 2005 I always recommend either a full ssl cert or a 'Trusted' and usable shared cert for sites. The reason being that if you don't have either then when customers go to Create An Account, Login, Edit Account, or go through the Checkout Process the details they send you are unencrypted and can be intercepted by any half-decent hacker. People are still very wary of buying on the internet (and rightly so) and a good ssl cert is a sign of your commitment to protect them and their details. Look at it from their point of view - why should they give you their money if you're not going to spend a small amount to protect their details? Vger U bet...before i knew i could get a cert for that price (the site u gave me is even offering a 1 year rapid ssl for 14.95--i checked a rapid ssl site in both ffox and IE and things seem good) I was considering just getting a non secured name address email through osc, then bring them after the cart is loaded to a paypal secure checkout. (may still do that even with an ssl becasue we want the option of a non CC payment method) I certainly was not considering comprimising the cutomers cc details. Again,thanks for your help and all the threads that helped me piece some things together, i'm sure i'll be back. The Nexus
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.