Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

1and1 shared SSL


dewed

Recommended Posts

I've spent the past day and a half trying various solutions found in the forum to try and get a shared SSL cert from 1and1 working. I've concluded it can NEVER work...

 

Building on the helpful post, I created the famous myenv.php file and added to it.

 

<?php
require 'includes/configure.php';
echo 'HTTP HOST: ' . "$HTTP_HOST";
echo '<br>Server Port: ' . getenv('SERVER_PORT');
echo '<br>SSL Status: ' . getenv('HTTPS');
echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER');
echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST');
echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY');


?><hr>
<form name="test_form" action="<?php echo HTTPS_SERVER . $_SERVER['PHP_SELF']; ?>" method="post">
enter something <input type="text" name="data"> <br />
<input type=submit>
</form>
<?php if (empty($_POST['data'])){echo '<h2>No detectable submitted data</h2>';} ?>
<hr><pre>POST ARRAY 
<?php

print_r($_POST);
?>
<br  /><br  />

<hr><pre>SERVER ARRAY 
<?php
print_r($_SERVER);
?>
</pre>

 

No amount of coaxing (eg; tweaks to the configure.php file) results in the posted data being returned back to the form that submitted it.. results,

any secured form fails since it never even sees the submitted data.

 

No matter how I view this extended myenv.php, either

 

https://ssl.perfora.net/domain.com/myenv.php (which simply redirects to http://domain.com/myenv.php)

 

or directly http://domain.com/myenv.php the getenv() functions are all blank.

 

Submitting the form to the same URL that the OSC secured form would use does not populate the $_POST array, and there is still nothing in any of the related

enviroment variables to indicate the form was submitted, redirected.. etc.

 

and to top it all off. I am now out of coffee and aspirin :huh: .

Just call me Dewed ...

Link to comment
Share on other sites

well.. if anyone is listening ...

 

I'm now convinced 1and 1 has made some sort of clerical error .... Here's the full scenerio ..

 

2 sites,

wholesale at http://www.wholesalectg.com/ this has a dedicated SSL cert and works

and retail at http://www.cottagecomforts.biz/ this is using the shared SSL cert, and all secured forms never see the submitted data

 

 

using HTTPS in the url to view a secured version of the shared SSL site eg; https://www.cottagecomforts.biz/

loads the wholesale site. The site's looks similar , but the wholesale site has the word "wholesale" in the title

 

This url should also load the retail site .. and it does but its not encrypted via SSL

https://ssl.perfora.net/cottagecomforts.biz

 

 

No secured forms will work, since the forms post the info to https://ssl.perfora.net/cottagecomforts.biz which them redirects to a non secured page, losing the submitted data in the process. .... is that how they (1and1) actually expect it to work ?

Just call me Dewed ...

Link to comment
Share on other sites

  • 2 weeks later...
try changing your configure.php to use https ://ssl.perfora.net/www.cottagecomforts.biz

 

 

I'm pretty sure I had tried both with and without www ... but now, with no obvious changes otherwise, it suddenly works. For future 1and1 shared SSL victims, here is what I wound up with ..

 


 define('HTTP_SERVER', 'http://www.cottagecomforts.biz');
 define('HTTPS_SERVER', 'https://ssl.perfora.net/www.cottagecomforts.biz');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'www.cottagecomforts.biz');
 define('HTTPS_COOKIE_DOMAIN', 'cottagecomforts.biz');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');

Just call me Dewed ...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...