Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Shared SSL Cert


buzltyr

Recommended Posts

I have yet to see a thread with this dilemma..My server has a shared cert but to use it you have to point to https://ssl.hostprovider.net/~myusernumber/. Instructions are pages uploaded to the root ssl folder can be seen. If I want the user sign up and the shopping cart checkout secure, what files do I load and how to point the forms to this address? Thanks in advance.

Link to comment
Share on other sites

When you use a shared ssl, you are using the hosts certificate. Since the certifcate is usually created to match the server you are on, that type of url is common. To use it, you just need to fill in the https and https cookie strings in the includes/configure.php file. You also need to set use ssl to true in that file. Oscommerce will do the rest.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

When you use a shared ssl, you are using the hosts certificate. Since the certifcate is usually created to match the server you are on, that type of url is common. To use it, you just need to fill in the https and https cookie strings in the includes/configure.php file. You also need to set use ssl to true in that file. Oscommerce will do the rest.

 

Jack

 

Jack:

Do I need to load all of the catalog files to the ssl folder? I tried setting the configure to that url and I got the parent folder...I don't want slow the whole site down by uploading all the files.

Link to comment
Share on other sites

I have yet to see a thread with this dilemma..My server has a shared cert but to use it you have to point to https://ssl.hostprovider.net/~myusernumber/. Instructions are pages uploaded to the root ssl folder can be seen. If I want the user sign up and the shopping cart checkout secure, what files do I load and how to point the forms to this address? Thanks in advance.

 

Actually, the easiest way is if your hosting provider will change your SSL folder to be the same as your web site root folder, than this will work with one copy of the the code (I am assuming that the SSL folder is currently a separate folder below your web site root folder.)

Link to comment
Share on other sites

Actually, the easiest way is if your hosting provider will change your SSL folder to be the same as your web site root folder, than this will work with one copy of the the code (I am assuming that the SSL folder is currently a separate folder below your web site root folder.)

 

You are correct. It is outside the root...They say: You are not able to use your domain name for SSL request due to the nature of SSL certificates and encryption techniques.

Link to comment
Share on other sites

this is all dependent upon your host, how they have things setup for you to use the shared ssl cert.

 

We have bought a shared SSL certificate for all customers to use free of charge. To use it you need to create a directory via FTP in your account root ( / ) named: ssl

 

Pages uploaded to the ssl directory can be viewed via the web here:

URL: https://ssl.hostprovider/~myusernumber/

Link to comment
Share on other sites

We have bought a shared SSL certificate for all customers to use free of charge. To use it you need to create a directory via FTP in your account root ( / ) named: ssl

 

Pages uploaded to the ssl directory can be viewed via the web here:

URL: https://ssl.hostprovider/~myusernumber/

 

I could tell from reading your statement that this was probably the case. Actually, if your control panel has an option to enable SSL, this ssl folder should be created automatically. If you need to create the folder yourself, ok.

 

While it is true that the default location for this is outside your web site's root (in your account's root in fact), if your hosting company knows what they are doing they can modify this setting/location for you so that the folder that the SSL URL points to is your web site's root, which would allow you to only have one copy of the code. When I asked my hosting company if they could do this, they both knew how to do it and made the change with no fuss.

 

If they can't or won't accommodate you on this, you have some choices -

 

1) Put oscommerce into the SSL folder and only run it in SSL. This will experience the well known page load speed penalty as everything well be encoded and decoded when it is sent to the browser.

 

2) Put a duplicate copy of oscommerce into the SSL folder. I don't know enough about oscommerce to know if this configuration is supported (I seem to remember seeing something about a session problem when switching between SSL and non-ssl pages, but someone else here may know the definitive answer to this...)

 

3) Buy your own SSL certificate so that http://www.yourdomain.com and https://www.yourdomain.com will both point to your root web site.

 

4) Find a hosting company that can and will accomodate your needs on this.

Link to comment
Share on other sites

MaBiSmAd

 

Thank you for the understanding of the dilemma....In contact with the host provider they are understanding that they need to offer a dedicated SSL Cert. That is in the near future....I figured that if I were to put the appropriate files in the ssl folder that it would be recognized. I uploaded check out, register and all the most common that would need to be secure but it would not recognize so there is more to the coding that is beyond me. But again thank you, thank you for responding...Happy New Year

Link to comment
Share on other sites

MaBiSmAd

 

Thank you for the understanding of the dilemma....In contact with the host provider they are understanding that they need to offer a dedicated SSL Cert. That is in the near future....I figured that if I were to put the appropriate files in the ssl folder that it would be recognized. I uploaded check out, register and all the most common that would need to be secure but it would not recognize so there is more to the coding that is beyond me. But again thank you, thank you for responding...Happy New Year

 

I did find a section in the FAQ about using a shared SSL, but it was clearly for the case where you are using a single copy of the code. I have not found anything about splitting the code between two folders for SSL and non-SSL.

 

Perhaps some of the long time users know if this is possible with oscommerce???

Link to comment
Share on other sites

Some hosts who use an old fashioned system have two folders one for http docs and one for https docs. The http docs need to be duplicated in the https docs (or ssl) folder.

 

Some hosts can get around this problem by creating a Symbolic Link between the https docs folder and the http docs folder, thus removing the need to duplicate files/folders.

 

But from Buzz's post it doesn't sound as if his hosts know much about ssl at all.

 

Vger

Link to comment
Share on other sites

Some hosts who use an old fashioned system have two folders one for http docs and one for https docs. The http docs need to be duplicated in the https docs (or ssl) folder.

 

Some hosts can get around this problem by creating a Symbolic Link between the https docs folder and the http docs folder, thus removing the need to duplicate files/folders.

 

But from Buzz's post it doesn't sound as if his hosts know much about ssl at all.

 

Vger

 

Vger:

I also believe the host is uninformed..I have tried to get them to reconsider yet they are adamant that theey will not do anything else other than direct the uploaded pages to the ssl folder that is created by me. They will be offering a dedicated soon, but I am not sure whether I want to wait. I am losing sales now because I have no secure pages. Bummer...Thanks for replying.

Link to comment
Share on other sites

Vger:

I also believe the host is uninformed..I have tried to get them to reconsider yet they are adamant that theey will not do anything else other than direct the uploaded pages to the ssl folder that is created by me. They will be offering a dedicated soon, but I am not sure whether I want to wait. I am losing sales now because I have no secure pages. Bummer...Thanks for replying.

 

You can purchase your own dedicated SSL certificate, without waiting for your hosting company to offer them. However, your web hosting company must install this for you, which may be asking too much. Check if they are willing (or knowledgeable) to install a certificate that you purchase on your own.

Link to comment
Share on other sites

You can purchase your own dedicated SSL certificate, without waiting for your hosting company to offer them. However, your web hosting company must install this for you, which may be asking too much. Check if they are willing (or knowledgeable) to install a certificate that you purchase on your own.

 

Tried that and their reply is the same "You are not able to use your domain name for SSL request due to the nature of SSL certificates and encryption techniques." Other than this issue I have been with them for over a year and they are a reliable host....I really hate to change now and they are working to get a dedicated cert offered. Thanks I appreciate it.

Link to comment
Share on other sites

One piece of advice which you were given, to run everything from the ssl folder, is incorrect. If you do this then all pages will be https and you'll get no search engine rankings at all - because search engines don't rank https pages.

 

You say you paid for your shared ssl cert - you got ripped off. The majority of hosts provide the shared ssl cert as part of their basic service.

 

Some hosts won't provide full ssl certs because to have one on a shared server it means that site having a dedicated ip address of its own, and they won't provide that facility.

 

Vger

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...