Jump to content

Archived

This topic is now archived and is closed to further replies.

germ

SSL Implementation Help

Recommended Posts

/admin/includes/configure.php

 

define('HTTP_SERVER', 'https://www.kopela.co.uk');

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

ye that did the trick.... why is that? that is ment to be the http tho... :/ hmm

THANKS!!!

If you want the admin to be SSL all the time, that's just one way to do it.

:)


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

You can't load scripts or images from HTTP sources on HTTPS pages.

 

One way to keep them off secure pages goes like this:

 

<?php
 if ( $request_type != 'SSL' ) {
?>

******** DELETE THIS LINE AND PUT THE NONSECURE CODE HERE ********

<?php
 }
?>

 

Sorry to jump in here..

I'm using the above code and everything seems to be great for ff and gchrome but IE shows the eyeball with a slash through it instead of the lock icon. Again, only IE causes the problem. Any suggestions?

Thanks a lot for any help.


That "Can" you're about to open... has worms!

Don't say I didn't worn ya.

n. pl. cans of worms Informal - A source of unforeseen and troublesome complexity.

Share this post


Link to post
Share on other sites

You must have something else "unsecure".

 

If I had your URL (by post or PM) I could look things over for you.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

thanks... sending now


That "Can" you're about to open... has worms!

Don't say I didn't worn ya.

n. pl. cans of worms Informal - A source of unforeseen and troublesome complexity.

Share this post


Link to post
Share on other sites

Hi

I cannot get the SSL on my site configured properly. I read in this thread I should not have to move the files if the configuration files are set up properly (post #106). But I also read elsewhere in the forums that they should be moved to the secure folder. Without the files (checkout, login, create account etc) and the catalog/includes folder under the httpsdocs folder I receive a 404 error when attempting to access a secure page, and with them in the https folder it takes a VERY long time to load. I have changed the config files hundreds of times. All of my changes result in failed image loading, or certificate errors, or the mixed content popup warning (secure and unsecure). I currently can access a secure page after a long wait AND have the red exclamation over the lock in firefox 3.6.3, it is the images but I dont understand how to un-http them. IE7 returns a proxy error. I have wiped the site and did a fresh reinstall 3 times. I have been over and over the threads but after more than 60 hrs of working at it I have to ask for help. I know I have missed something simple but dont know what.

 

 

 

My site is http://www.angelwoodforge.com

force cookie use is false

my site is in the root

 

contributions added

IP Trap

Security Pro

Simple Mulitiple image addon (does not work yet)

 

I have tried the following changes in includes/application_top.php

 

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

$request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL';

$request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';to either 1 or $_SERVER

$request_type = ($_SERVER['HTTP_HOST'] == 'https://controlpanel.domain.com/ssl/15//www.d1105727.domain.com/ ') ? 'SSL' : 'NONSSL'; (a variant of post #139 also tried without the https://)

currently application_top.php had been returned to the default

$request_type = (getenv('HTTPS') == 'true') ? 'SSL' : 'NONSSL';

 

includes/configure.php

<?php

define('HTTP_SERVER', 'http://angelwoodforge.com');

define('HTTPS_SERVER', 'https://controlpanel.domain.com/ssl/15//www.angelwoodforge.com');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', '.angelwoodforge.com');

define('HTTPS_COOKIE_DOMAIN', '.angelwoodforge.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/usr/local/pem/vhosts/212260/webspace/httpdocs/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

define('DB_SERVER', '172.20.18.102');

define('DB_SERVER_USERNAME', '********');

define('DB_SERVER_PASSWORD', '*******');

define('DB_DATABASE', '********');

define('USE_PCONNECT', 'false');

define('STORE_SESSIONS', 'mysql');

?>

 

NOTE: I had removed the / at the end of define('HTTP_SERVER') because of double slashes showing in the address path ie

https://controlpanel.domain.com/ssl/15//www.angelwoodforge.com//login.php

no difference with or without end slash

 

 

admin/includes/configure.php

 

<?php

define('HTTP_SERVER', 'https://angelwoodforge.com');

define('HTTP_CATALOG_SERVER', 'https://angelwoodforge.com');

define('HTTPS_CATALOG_SERVER', 'https://controlpanel.domain.com/ssl/15//www.angelwoodforge.com/');

define('ENABLE_SSL_CATALOG', 'true');

define('DIR_FS_DOCUMENT_ROOT', '/usr/local/pem/vhosts/212260/webspace/httpdocs/');

define('DIR_WS_ADMIN', '/hjd6t54j/');

define('DIR_FS_ADMIN', '/usr/local/pem/vhosts/212260/webspace/httpsdocs/hjd6t54j/');

define('DIR_WS_CATALOG', '/');

define('DIR_FS_CATALOG', '/usr/local/pem/vhosts/212260/webspace/httpdocs/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

define('DB_SERVER', '172.20.18.102');

define('DB_SERVER_USERNAME', '*******');

define('DB_SERVER_PASSWORD', '******');

define('DB_DATABASE', '*******');

define('USE_PCONNECT', 'false');

define('STORE_SESSIONS', 'mysql');

?>

 

 

The information from cfgchk.php

 

cfgchk.php Version 1.2

 

File Permissions: 0644

 

Found HTTPS_SERVER:

 

define('HTTPS_SERVER', 'https://controlpanel.domain.com/ssl/15//www.angelwoodforge.com');

 

HTTPS URL passed check!

 

Found ENABLE_SSL.

 

define('ENABLE_SSL', true);

 

SSL enable passed check!

 

Found HTTPS_COOKIE_DOMAIN:

 

define('HTTPS_COOKIE_DOMAIN', '.angelwoodforge.com');

 

HTTPS_COOKIE_DOMAIN line parsed!

 

 

 

Parsing application_top.php for SSL detection key...

 

Found SSL detection key:

 

$request_type = (getenv('HTTPS') == 'true') ? 'SSL' : 'NONSSL';

 

 

 

Done!

 

 

The information from myenv.php

 

myenv.php Version 1.2

 

NONSSL Variables

 

HTTP HOST: [angelwoodforge.com]

 

Server Port: [80]

 

SSL Status: [undefined!]

 

Fowarded Server: [undefined!]

 

Fowarded Host: [undefined!]

 

Fowarded By: [undefined!]

 

$_SERVER['HTTPS']: [undefined!]

 

Load: 1

 

 

The myenv.php popup window information

 

myenv.php Version 1.2

 

SSL Variables

 

HTTP HOST: [www.angelwoodforge.com]

 

Server Port: [443]

 

SSL Status: [on]

 

Fowarded Server: [controlpanel.domain.com, ssl.pem.dotster.com]

 

Fowarded Host: [controlpanel.domain.com, ssl.pem.dotster.com]

 

Fowarded By: [undefined!]

 

$_SERVER['HTTPS']: [on]

 

Load: 2

 

 

The mybigenv.php information

 

mybigenv.php Version 1.2

 

NONSSL Variables

Load: 1

Environment

Variable Value

SELINUX_INIT YES

CONSOLE /dev/null

TERM linux

INIT_VERSION sysvinit-2.85

PATH /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin

RUNLEVEL 3

runlevel 3

PWD /

LANG en_US.UTF-8

PREVLEVEL N

previous N

HOME /

SHLVL 2

_ /sbin/initlog

 

PHP Variables

Variable Value

PHP_SELF /mybigenv.php

_COOKIE["osCsid"] db5b51b49f81ff902d9eeca400f7b81e

_SERVER["UNIQUE_ID"] iZAkk0IL6gUAADeZlMgAAAAc

_SERVER["HTTP_HOST"] angelwoodforge.com

_SERVER["HTTP_USER_AGENT"] Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3

_SERVER["HTTP_ACCEPT"] text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

_SERVER["HTTP_ACCEPT_LANGUAGE"] en-us

_SERVER["HTTP_ACCEPT_ENCODING"] gzip,deflate

_SERVER["HTTP_ACCEPT_CHARSET"] ISO-8859-1,utf-8;q=0.7,*;q=0.7

_SERVER["HTTP_KEEP_ALIVE"] 115

_SERVER["HTTP_CONNECTION"] keep-alive

_SERVER["HTTP_COOKIE"] osCsid=db5b51b49f81ff902d9eeca400f7b81e

_SERVER["PATH"] /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin

_SERVER["SERVER_SIGNATURE"] <address>Apache Server at www.angelwoodforge.com Port 80</address>

_SERVER["SERVER_SOFTWARE"] Apache

_SERVER["SERVER_NAME"] www.angelwoodforge.com

_SERVER["SERVER_ADDR"] 66.11.234.5

_SERVER["SERVER_PORT"] 80

_SERVER["REMOTE_ADDR"] 71.226.142.149

_SERVER["DOCUMENT_ROOT"] /usr/local/pem/vhosts/212260/webspace/httpdocs

_SERVER["SERVER_ADMIN"] [no address given]

_SERVER["SCRIPT_FILENAME"] /usr/local/pem/vhosts/212260/webspace/httpdocs/mybigenv.php

_SERVER["REMOTE_PORT"] 1198

_SERVER["GATEWAY_INTERFACE"] CGI/1.1

_SERVER["SERVER_PROTOCOL"] HTTP/1.1

_SERVER["REQUEST_METHOD"] GET

_SERVER["QUERY_STRING"] no value

_SERVER["REQUEST_URI"] /mybigenv.php

_SERVER["SCRIPT_NAME"] /mybigenv.php

_SERVER["PHP_SELF"] /mybigenv.php

_SERVER["PATH_TRANSLATED"] /usr/local/pem/vhosts/212260/webspace/httpdocs/mybigenv.php

_SERVER["argv"]

 

Array

(

)

 

_SERVER["argc"] 0

_ENV["SELINUX_INIT"] YES

_ENV["CONSOLE"] /dev/null

_ENV["TERM"] linux

_ENV["INIT_VERSION"] sysvinit-2.85

_ENV["PATH"] /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin

_ENV["RUNLEVEL"] 3

_ENV["runlevel"] 3

_ENV["PWD"] /

_ENV["LANG"] en_US.UTF-8

_ENV["PREVLEVEL"] N

_ENV["previous"] N

_ENV["HOME"] /

_ENV["SHLVL"] 2

_ENV["_"] /sbin/initlog

 

Sorry for the long post, but I wanted to supply the information so that it would not have to be asked for. Thanks in advance to anyone that can help.

John

Share this post


Link to post
Share on other sites

$request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

Make that change again.

 

Leave it that way and post again.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hi

I cant believe how fast the reply was, thank you. I made the change and it goes through on IE7 and firefox without the errors, just takes a very long time to load.

Share this post


Link to post
Share on other sites

Yeah, I noticed the load time isn't best measured in micro-seconds...

:blush:

 

Maybe you can take that up with your host.

 

But it works!

:)


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Thanking you for your help isnt accurate, its more like thank you so much for fixing it for me. I was thinking the files being in the https folder may be causing it to load slowly so I downloaded the folder and deleted it from the site. I received the 404 error again. So I re-uploaded the folder and now I have broken images on the secure pages, except for the "continue" button image and the "sign in" button image. I also noticed that sometimes it will load the pages at normal speed (fast), mostly it wont (the difference occured while removing the three little stock images that are hanging off in space at the right top of the page, when I put them back the page load sped up then slowed to a crawl again but still faster than before). I used the file compare in notepad++ to check configure and application_top, they are they same. The pages load without errors other than the broken links. I also have a certificate error when logging into my admin. I'm not sure that matters, as I'm the only one that will see it (I hope). I do have it password protected via CPanel. So thanks again, I'm gonna try and figure out what I broke and probably ask for more help in a week or so.

Share this post


Link to post
Share on other sites

If I try to access some of the broken images on the SSL side directly with my browser I get "page not found" errors.

 

Not sure what's going on there...

 

A couple of suggested changes to the config file.

 

On the catalog side:

 

define('HTTPS_COOKIE_DOMAIN', '.angelwoodforge.com');

Probably needs to be:

 

define('HTTPS_COOKIE_DOMAIN', '.controlpanel.domain.com');

 

And

define('HTTPS_SERVER', 'https://controlpanel.domain.com/ssl/15//www.angelwoodforge.com');

Needs to be:

 

define('HTTPS_SERVER', 'https://controlpanel.domain.com/ssl/15/www.angelwoodforge.com');

(no double slash )

 

Then on the admin side these:

 

define('HTTP_SERVER', 'https://angelwoodforge.com');
define('HTTP_CATALOG_SERVER', 'https://angelwoodforge.com');
define('HTTPS_CATALOG_SERVER', 'https://controlpanel.domain.com/ssl/15//www.angelwoodforge.com/');

Probably need to be:

 

define('HTTP_SERVER', 'http://angelwoodforge.com');
define('HTTP_CATALOG_SERVER', 'http://angelwoodforge.com');
define('HTTPS_CATALOG_SERVER', 'https://controlpanel.domain.com/ssl/15/www.angelwoodforge.com');


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

WOOOOOOO HOOOOOOO! I got pictures and corners and stuff! (w00t) That is too awesum. Thank YOU! :thumbsup: I had to move the images folder into the https after picking up on what you said about not being able to access them directly. I have renamed and replaced the admin in the http folder which has eliminated the certificate error. But I am unable to access the catalog from the admin to load products. It goes to a blank page with no error. I'm going to look at it tommorow, I read somewhere on here not to edit code when suffering from sleep deprivation (especially if I dont know what I'm doing). YOU ROCK!

Thank you so much

Share this post


Link to post
Share on other sites

My SSL certificate is for www.MYDOMAIN.com and I get an error warning about mismatched certificates when osCommerce creates links to https://MYDOMAIN.com.'>https://MYDOMAIN.com. I have changed around the includes/configure.php to be:

 

define('HTTP_SERVER', 'http://www.MYDOMAIN.com');

define('HTTPS_SERVER', 'https://www.MYDOMAIN.com');

 

However, even in the store/index.php right in the first paragraph of the tep_customer_greeting() function call it references https://MYDOMAIN.com and I just can't find where this is to be changed.

 

I have looked in includes/local and there is only a read me file, nothing else. I have searched the entire directory and combed through all the include/ and include/languages/english files for the last two hours and can't find any other references. Where is ocC picking this up?

 

Many thanks.

 

kt

Share this post


Link to post
Share on other sites

Check the files on the server as described in the first post in the thread.,

 

Your HTTPS_SERVER needs the "www." in it, but it currently doesn't have it (regardless of what you may think).


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Help

 

I have activated SSL and all pages work except checkout_confirmation.php on this page I get a mixed content message the site is bodylily.com/osc.

 

I can not find any unsecure http links on the page.

 

I tried the unsecuer.php program but it said it could not open the page.

 

Any assistance is appreciated.

Share this post


Link to post
Share on other sites

Help

 

I have activated SSL and all pages work except checkout_confirmation.php on this page I get a mixed content message the site is bodylily.com/osc.

 

I can not find any unsecure http links on the page.

 

I tried the unsecuer.php program but it said it could not open the page.

 

Any assistance is appreciated.

The mixed content message is not caused by links.

 

It's caused by loading images or scripts from HTTP sources on HTTPS pages.

 

Without your URL that's all I can say.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

OK.

 

I see the URL now.

 

Stupid should hurt....

:blush:

 

From the source of that page:

 

<link rel="stylesheet" type="text/css" href="file:///C|/Documents%20and%20Settings/Administrator/My%20Documents/Body%20Lily%20MX/osc/stylesheet.css">

That's not helping.


Added in edit.

 

The same code is in the logoff page, too.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

I have a couple of stores that I want to set up.

 

Do you need a seperate SSL cert for each website?

 

The reason I ask is I want to be able to use one site, with a cert for all the stores. All of my websites are under the same domain as sub domains. One of the domains is a website that I have is just for my secure cert. My host said that the shared ssl that they have will not work with php files only cgi files.

 

Here is what I am thinking and want to know if this can be done in the individual config files. http://www.store1.com/catalog has it pointing to https://www.secure.com/store1. http://www.store2.com/catalog has it pointing to https://www.secure.com/store2 and so on.

 

I am wondering if the files needed on the secure directories will work with the store directories. Will I need to set up the whole store in 2 places so the files or sessions will work together so the secure store will be able to access the database correctly or is there a file that can be just in the secure store to be able to collect the credit card info and go out to the credit card proccessor and then be able to come back to the store without lossing anything.

 

Has this ever been done beore?

 

 

Thanks for any info and advise

Share this post


Link to post
Share on other sites

That fixed it thank you!!

 

 

 

OK.

 

I see the URL now.

 

Stupid should hurt....

:blush:

 

From the source of that page:

 

<link rel="stylesheet" type="text/css" href="file:///C|/Documents%20and%20Settings/Administrator/My%20Documents/Body%20Lily%20MX/osc/stylesheet.css">

That's not helping.


Added in edit.

 

The same code is in the logoff page, too.

Share this post


Link to post
Share on other sites

If your site processes or stores CC info you'd better be PCI Compliant ( <= it's a link, click it to read more).

 

If you violate the PCI mandates and are caught fines can run in the hundreds of thousands of dollars and you can be banned from getting a merchant account for life...

 

And PCI compliance isn't cheap or easy from what I've read here on the forum.

 

If the hosts shared SSL won't work (their reasoning sound stupid fishy to me) I don't see how just one SSL cert could work for you??!!??

 

But I'm not "up to snuff" in that field of expertise...

:blush:


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Now I can't access admin any thoughts on that issue Here is my admin/configure.php code:

 

define('HTTP_SERVER', 'https://www.bodylily.com');

define('HTTP_CATALOG_SERVER', 'https://www.bodylily.com');

define('HTTPS_CATALOG_SERVER', 'https://www.bodylily.com');

define('ENABLE_SSL_CATALOG', 'true'); //secure.hostmonster.com/~shutter1/bodylily

 

 

 

That fixed it thank you!!

Share this post


Link to post
Share on other sites

If your site processes or stores CC info you'd better be PCI Compliant ( <= it's a link, click it to read more).

 

If you violate the PCI mandates and are caught fines can run in the hundreds of thousands of dollars and you can be banned from getting a merchant account for life...

 

And PCI compliance isn't cheap or easy from what I've read here on the forum.

 

If the hosts shared SSL won't work (their reasoning sound stupid fishy to me) I don't see how just one SSL cert could work for you??!!??

 

But I'm not "up to snuff" in that field of expertise...

:blush:

 

 

I am using a certificate from Godaddy on one of my domains. The OS shopping cart is using an addon called ECHO or electronics clearing house for my payment gateway. So that should be all PCI Compliant.

 

I just finished setting up another copy of the OS shoping cart where the secure certificate is at. Again I am on a server where I have a main domain and several sub-domains. So path wise and database wise I can conncet to the same database from my main store and from the website that has the cert. I have everything working from the site with the cert except 1 thing right now. I can give you URL via another way and you can see what I have. Not sure if creating a new customer is working correctly becasue I am just loggin in to the same account to test.

 

Here is what I have so far. You put an item in the cart, in the store, and click on cart contents and then on checkout you go to the secure site with the cert. You login and then get the delivery information and click on what you want to use and then click on continue. This is where it hangs up. It is looking for checkout_shipping.php file which it just used but can't find or the connection to the database from the website with the cert is not allowing the session id to work because it really is from another website and the original website did the creation is all I can think of that is stopping this to work.

 

You said above that it was fishy that my ISP will not allow php files to work with a shared cert any reasons why they might do that? Security concerns?

 

You also said that you would need seperate certs for each store you build. Is that only becasue the sharred certs will not work ands I need to have one then for each store?

Share this post


Link to post
Share on other sites

×