SSL Install Problem

[delpiero]

So here's the deal: I thought everything was working, but it isn't.

 

We host with iPowerWeb, who sold us a non-shared SSL Certificate. And installed it. Now, my shopping cart doesn't work at all...

 

I was looking through the help pages and I found something that's probably relevant, about moving the whole catalog over to the /secure/ folder.

 

Unfortunately, I DON'T HAVE a secure folder, as far as I can tell.

 

So I guess my questions are, how do I find out where the SSL Certificate was installed, since my hosting company is about as helpful as a brain tumor would be to an altzheimers patient? What does an SSL certificate LOOK like?

 

What would a secure folder be called, and where should it live in a typical directory structure?

 

When I ftp in, all I have are: public_ftp, public_html, and users... there's nothing in the first and last, and there's /catalog/ in public_html. That's it. There's no secure folder. In this structure, where SHOULD it be?

 

iPowerWeb's latest advice (it took three emails just to get them to actually READ my emails) was to make the entire shopping cart secure and go hire a programmer.

 

Ahem.

 

How would I make the entire shopping cart secure? Is there somewhere I can read about this? I'm not stupid, but I'm not getting ANY help here, and although there are four different books here on the floor, I don't think I can read all four of the buggers in the next day.

 

And barring that, is there SOMETHING I can say to my '@#$@# hosting company to get them to get off their butts and help me out here? I mean, my testing server is with them, and before they did the whole SSL thing, the shopping cart was working just fine.

 

I'm pretty desperate. I'd be willing to discuss a consulting fee with someone at this point. Seriously. I've had it. I just want to get some sleep. So if you can help, great, if you want money to help, fine. Email me at [email protected] with your phone number and what coast you live on, when's a good time to call, etc.

 

The site in question is www.cherrydesigns.com

 

(defeated, I think...)

[thiswaynow]

Hi,

 

Yes, you need to give your hosting company a swift kick. I can't understand why they haven't pointed you in the direction of how to upload to your secure folder.

 

I can't help too much with this aspect, except to say that it seems that you have either made some progress, seeing as https://www.cherrydesigns.com/ is showing the padlock ok, or your hosts have applied the SSL certificate to your existing hosted space. In this case, create a /secure/ folder yourself within your public area, and update your /includes/onfigurtation.php folder to point at this directory (with a https at the start) for https.

 

You don't want to run the entire cart in SSL mode; it slows everything down horribly, since every page request has to be encrypted and unencrypted. This can make your site very frustrating to use with a dial-up connection.

 

Only the checkout_*.php pages need to be in the secure area, along with a duplicate of the /includes and /images folders (you actually won't need all of these images and sub-folders, but you can always weed out what you dont want later if you want to. For example, you are unlikely to need the product images in the secure folder.)

 

I hope that is of some assistance..

[chfields]

I went to your site and it goes to secure when its supposed too...I don't see any problem. You should not have to transfer files anywhere, all you need to do is define the secure path in the config files, which it looks like you did. I have been using Ipowerweb for about a year w/no problems, albiet no seperate SSL but always got quick response from e-mail

[delpiero]

Thank you, ThisWayNow, I'm going to try your suggestions here shortly, with making a /secure/ folder and sticking the things that go in there now.

 

The padlock DOES show up, but not consistently, and once a user attempts to click on the "checkout" button, the system simply hangs. I thought perhaps my modifications removed a script from the checkout buttons, so I replaced the page with clean one from an unmodified version of OSCommerce. As in, I unzipped the file & uploaded a replacement page. That didn't help. So I'm assuming the button is trying to access a page that's in the wrong place? I don't know...

 

As for iPowerWeb, well.

 

I saw that people were having various difficulties using a shared SSL, so I figured it was worth it to just purchase one. I called on a Friday afternoon and was told the SSL guy wouldn't be in until Monday. I called first thing Monday morning and they said he wouldn't be in until 2:30. I finally got ahold of him, gave him the credit card number and he said I'd be getting an email from the third party within the next 48 hours. 48 hours passed, no email. I contacted him again, and the next day I finally got the email. I responded as requested, and was told that the SSL would be installed within 12 to 24 hours. FOUR DAYS-PLUS later, I'm finally contacted to say that it's installed.

 

Note that the site was working FINE before the SSL was installed, and also note that the third party says that if you're using a shared server (like iPowerWeb), that the hosting service needs to install the SSL. Fine, I figure.

 

Not so much. The checkout button simply wasn't working. I fiddled with it for about 12 hours, trying just about every mathematical configuration possible in the configure.php files.

 

Finally, I write in to their help files. It takes about four hours for them to get back to me, and the guy says, "I checked, I can reach the pages just fine, it's on your end", and gave me a link.

 

The link was in no way related to the site I was working on. Note also that I had provided very specific directions, the two configure.php files, and the site address in reference. It was obvious that the technician didn't even read half of my email.

 

I wrote back, stated that it was obvious that they didn't bother to read the email, and reiterated the entire process: go to this page, log in using the my account button, use this username and that password, and then put something in the shopping cart. Now, check out. See? Problem. I explained that I had purchased the SSL from them and that they had installed it and could they take a look at the Config files and the SSL install and just make sure everything is where it's supposed to be.

 

Again they responded, again with something completely and utterly unrelated to MY site. They sent me to a completely different directory, and further, I don't have ACCESS to the directory they sent me to. Further, OSCommerce was installed in the initial directory they provided me. Which led me to believe that they installed the SSL in the wrong directory.

 

Thoroughly frustrated by now, I sent a third email. I spelled everything out like I was dictating the directions for building a nuclear reactor. I left no detail unspoken and repeated things several times, in different ways, trying to get my point across.

 

They responded by telling me that the entire site needed to be secure (which the above gentleman says simply isn't true), they didn't tell me WHERE the SSL was installed, so even if I WANTED to, there would be no way to know HOW to install the entire cart into the "secure" folder, and then, with the ultimate insult to injury, they said they were a hosting facility and I'd have to hire a programmer.

 

I'm still pretty sure that there's a folder somewhere that I don't have access to that is called "secure", and in it are default, unaltered OSCommerce pages, and THAT is why when I push the "checkout" button, I get nothing. Does this make sense? Is mylogic flawed?

 

Anyway. I would not recommend iPowerWeb to anyone that was not experienced and wanted to do more than just the very rudimentary install of OSCommerce. Although they OFFER OSCommerce, they obviously don't support it, the promise of a response in 24 hours is an empty one, and anything outside of their automated "help" system is pretty much over their heads. I have not recieved a SINGLE useful answer from their tech support and have either had to battle it out myself or beg assistance on these forums...If someone here opened up their own hosting system and offered the same services at TWO or even THREE times the price of iPowerWeb's, I'd sign up with them in a heartbeat.