How SSL should be setup

[Ramesh]

Quite a few people have been asking about setting up SSL with oscommerce. After my own testing with the help of another forum member (not a team member).

I realised some of us are making a mistake with regards to SSL .

 

The WRONG WAY !

We produce a store using osc. www.<yourdomain>.com/catalog

 

We create a folder www.secure.<yourdomain>.com

 

Then we ftp a copy of our catalog to the secure folder.

 

Next we modify configure.php in catalog/includes and catalog/admin/includes to reflect these changes.

 

.....http://www.<yourdomain.com

.....https://www.secure.<yourdomain>.com

 

I'M SURE THIS IS WRONG !

 

Look at the oscdox documents.

 

The lines in the catalog and admin configure.php

both have the same website address (URL).

 

The only difference is that the normal one says http and the code referring

to the secure server says https .

 

I've had a look at quite a few e-commerce sites (including a major online bookstore .....hint) .

 

Browse products.

Select products and add to your shopping cart.

When you go to login or checkout , the url only changes by switching to https: and the padlock appears in your browser.

 

Shared SSL is not a suitable option for a professional e-commerce store.

It will work but everytime you change a catalog

you will have to make changes to the catalog on the secure side as well!

Which defeats the purpose.

 

Look at the text from pair networks:

http://www.pair.com/pair/support/library/e...securecert.html

 

When you get the SSL certificate, you tell them your domain

www.<yourdomain>.com . Only certain pages will use the SSL bit.

(Rather than the whole site running in SSL). The configure.php files tell the server which pages should have a padlock (SSL) .

 

Can anyone comment on what I've just written ?

Am I correct ?

Or which parts are correct

 

Thx.

 

<Keywords for future forum searches.>

 

SSL

admin

secure server

https

setup

configure

configure.php

help