Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Missing documentation - SSL certificates


tobybailey

Recommended Posts

I have just spent several days working on a potential osCommerce realisation. One thing that is missing from the documentation is some sort of account of what is needed to use SSL in a shared hosting environment.

 

I would be grateful if somebody on the design team (or anybody else sufficiently expert) could answer the following.

 

a) Using a shared SSL certificate: is this possible in general, and is it possible in one of these set-ups where the hosting provider insists that secure documents are in a special folder?

 

b) Buying ones own certificate (or allowing ones hosting provider to buy one for you): Is it necessary for it to be for www.myshop.com - most providers seem to offer secure.myshop.com as the default? Is it OK to have the latter and map the secure address to the same web space as the unsecure?

 

c) I have osCommerce running happily on an ad-hoc server installed on my own PC (not connected to the real world). The default set-up seems to allow secure connection to any page in the system (if you type https://localhost/catalog into the location bar). Is this meant to be possible? It seems odd and I suspect if people do it then it will get the system in a muddle at some point.

 

I do think some documentation on this would be helpful.

Link to comment
Share on other sites

a) Yes, it is possible. In your configure.php file, define HTTPS_SERVER to be the "base URL" of your SSL URL as defined by your host. The format varies. Just be sure to leave off any trailing slash. If your host requires secure documents to be in a special folder (ugh!), you'll need to make a copy of your store files in that folder.

 

b) It is standard practice for an SSL certificate to have the same domain name as the regular store. Try out amazon.com, for instance.

 

c) I'd guess that for your local PC, it uses some default certificate for "localhost" connections. This would not be an issue in practice, as your store customers aren't going to use "localhist". Try it with your PC's IP address and see what happens.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...