Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Proper SSL Installation


Guest

Recommended Posts

I'm looking for instructions on how to CORRECTLY setup SSL for the store. I have done it before by just securing the entire catalog folder but would rather not. Specifically, what folder do I need to secure in my cert request (I have to define a secure URL directory)? It has been surprising difficult to find any documentation on this topic. There are a lot of posts on SSL problems so I'm looking to do this properly from the start. Also., if I need to sync another folder with my SSL directory what would that be?

Link to comment
Share on other sites

yes, being a new user I have been looking for the files that need to be edited in order to use SSL certificate. The certificate (in my case) has already been installed now where do you edit the files to tell it to go https??

 

Other than the path there should be no difference if it's a server wide or domain ssl correct?

 

Thank you for your time!

 

Conrad

Thank you for your time!!

 

Conrad

Link to comment
Share on other sites

I'm new so I hope I'm giving bad info :-(

 

I have a test site using ssl and it works...so I just did the "out of the box" install and checked off the ssl enable.

 

Now I was looking around for some informatiom and in the /catalog/includes/configure.php

 

 

This is where the ssl server is declaried...

 

define('HTTPS_SERVER', 'https://xx.xx.xx.xx'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

 

So for the other question, maybe just change the true to false.

 

On my server I have one ssl cert for www.mydomain.com in my http.conf file I list that as my gobal ssl server cert. (because I only have one site on it). Now if I have another site ie www.mydomain2.com I would have to create virtual ssl hosts (kinda like regular virtual hosts excpt they cannot be name based) So the way I understand it (remember I'm new) if I wanted to have 2 ssl sites on one server I would have to have 2 ips 1 for each.

 

One thing to remember is www.mydomain.com and mydomain.com and test.mydomain.com would all require different ssl certs unless you purchase a wild card ssl cert.

 

I have no idea if this helped you or not, just trying to help and give back while I'm learning. So if anyone reads this and I'm not correct on something please let me know. I can take it....lol

 

D.

 

That conatins the ssl information

Link to comment
Share on other sites

You guys are missing the point of my original question a little. Yes Doug, you can SSL the entire site but the question remains, what URL are you using for the SSL certificate request? If you have a server wide (shared) SSL then what domain are you using when you request? YOU HAVE TO PUT A URL PATH INTO THE SSL CERT REQUEST. IF YOU USE THE PATH TO YOUR "CATALOG" DIRECTORY THEN THE ENTIRE SITE WILL BE SECURE. I'M LOOKING FOR A WAY AROUND THAT.

Clear as mud?

Link to comment
Share on other sites

Hi Mark,

 

You can set the following in catalog/includes/configure.php

 

define('HTTP_SERVER', 'https://www.yourdomain.com');

 

Instead of setting to the regular http set it to https.

 

I should tell you that I am presently having a problem with this setting. It appears to cause problems with the Contact Us form and various account pages.

 

Try the setting and let me know if it cause you any problems like those I have decribed.

Regards,

John

 

"There is nothing like a little successful tinkering to bring out the looney mad scientist in all of us. Brohoohoohoooohaahaahaaahahaaaaaaaaaa!"

Link to comment
Share on other sites

The problems I was having and am having appear to be related to the way in which the SSL certificate has been set up for my site. My host service provides for a shared SSL - when I use that no problems. When I use the dedicated one I purchased through them - no luck, it craps out.

 

I would still be interested to hear how the setting works for you and if you are using shared SSL or dedicated.

Regards,

John

 

"There is nothing like a little successful tinkering to bring out the looney mad scientist in all of us. Brohoohoohoooohaahaahaaahahaaaaaaaaaa!"

Link to comment
Share on other sites

  • 1 month later...
The problems I was having and am having appear to be related to the way in which the SSL certificate has been set up for my site. My host service provides for a shared SSL - when I use that no problems. When I use the dedicated one I purchased through them - no luck, it craps out.

 

I would still be interested to hear how the setting works for you and if you are using shared SSL or dedicated.

Please define what results you are getting to make it "crap out."

Link to comment
Share on other sites

I have been trying to do this also, but am running into snags. I am using a shared connection and have enabled the SSL Security on my hosting control panel. A /secure and /secure cgi-bin folder was created on my server after I did it. This is the address of my secure site:

 

https://www.securewebexchange.com/horrormonsters.com

 

I have changed the paths in both the admin and catalog config files to the above address also, but am getting the page not found error.

 

 

What I am wondering is how I can access my catalog and make my entire catalog secure using this setup?

 

and do I have to move all of the oscommerce files into the /secure directory?

 

Cheers,

 

 

 

Mark

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...