SSL Settings

[Guest nthrusse]

What do the SSL settings in the admin pages of ver 3 really do?

If I do this, is this bad?

I was having ssl issues (shared certificate) so I bought a dedicated certificate and my ISP told me to redirect http://www.mydomain.com to https://www. mydomain.com using a .htaccess file on my site.

thanxs

[Guest foursky]

I would like some info on SSL also. I have a paid SSL cert, and am having great difficulty getting it working. Is there any Doco on the SSL feature?

I first had my site as Http://www.mysite.com and the secure site as https://secure.mysite.com and had issues with the shopping cart not carrying over from non-secure to secure.

Then I think that I will make the enture from the secure subdomain and make the site https://secure.mysite.com. If I keep the site http://secure.mysite.com and https for the secure option, I can access the site, but when I add something to the contents of the shopping cart, it is lost again when I view my cart.

Then just for snits and tiggles, I make the site and secure settings https, and the site goes into an infinate redirect loop.

I dont mean to threadjack, but I have seen a couple unanswered SSL threads without answers and didnt want to start another one.

I am ready to buy the product if I can ensure that it works like I need it to...

Thanks,

Robert :w00t:

[Guest foursky]

OK, I restored from a backups before enabling SSL, and it looks like a problem with the cart functionality. will start searches on that before starting a new thread about it. oops.

[roban]

My experience with SSL is this. I bought a certificate and my ISP installed it. My store runs on a dedicated IP within my ISP. I did not activate SSL and I do not have an https extension.

[Guest foursky]

I think I figured it out. The entire site will have to run as secure.mysite.com. I could also have my SSL cert reissued for www.mysite.com also. It looks like for the cookies to make the shopping cart to work, the subdomain needs to be the same (ie. http://secure.mysite.com AND https://secure.mysite.com respectively). You cant have a mismatched subdomain, such as http://www.mysite.com and https://secure.mysite.com. I wish I knew this before I bought my SSL cert (I can get it reissued, but it is a pain). I am a self admitted cubecart n00b, and I post this for people following my footsteps.

Also, for my windows 2003 box running apache, I had to set the path as "D://www//mydir//cubecart" in the SSL config for it to function properly.

Oh, and also, from the other thread, deleting cookies after making a change also helps.

nthrusse: The SSL settings will encrypt all customer data (name, address, credit card info, etc) during the checkout process. Your ISP told you wrong. You do not need a redirect, Cubecart will do it for you when it is time.

roban: I would not trust credit card info over a internet connection without SSL. This is not an option for me.

[Guest jeromas]

FYI, any superglobal variables in PHP, ie $_POST, $_GET, $_COOKIE, $_SESSION, etc are not carried over from the http: protocol to the https: protocol, which to me seems like a gaping hole in that area of PHP, but then again I really don't understand what the mechanics or difficulty of treading that path would be.

Running your entire site via https:/SSL is REALLY going to slow down your site to your visitors, and possibly lose you some sales, the reason being because everything has to be encrypted/decrypted before it can displayed.

Since I use a third party processor for payments right now, I don't view the need for SSL as a really big deal just yet (though I'm going to use PayPal Web Pro when it's ready!), since the only thing a potential hacker would see is contact information. If I did find my customers were worried about contact information being exposed over an unencrypted connection, then I'd worry about it, but then again if you've ever sent an email with your name/address, etc., that's probably worse...

[Guest washi01uk]

I am also having trouble but I have a shared SSL and it uses the same folder for SSL as soon as i enable SSL and goto the cart it gets stuck in a loop

any thoughts

[Guest foursky]

washi01uk:

Your site should be set for http://whatever.com and your ssl setting should be https://whatever.com

[Guest rukiman]

Has anyone got cube cart 3.0.2 with SSL running? Can they post the link to their site so I can see the difference it makes.

I want to know if

1) The whole site will be running with https://

OR

2) Only the check out will be secure

OR

3) If both the customer login/details AND check out will be secure.

Cheers.

[Guest mslsystems]

I have just got v3.0.02 working

I have had lots of problems getting this to work but below is how I resolved it.

All my previous attempts were originally installing from fantastico (v3.0.0) and then trying to upgrade - this failed at the final hurdle and SSL never worked even with the correct settings in place.

I have seen a few post that suggested a clean install of v3.0.02 rather than upgrading, I followed the instructions and those on the cubecart knowledebase.

This worked for me:

My secure certificate was installed on https://aaaa.bbbbbbbbb.co.uk this has to be the same as the url for your shop

Create a new database

1) goto your web host control panel and create a new msql database. For example (aaaa) the database will then call itself (yourwebhostusername_aaaa)

2) create a new user with a password (yourwebhostusername_yourname)

3) remember to then add the new user to the database and give them all privileges

download the v3.0.02 zip file then unzip the files and upload all the files in the upload folder to your shop directory.

For example I created a subdomain called aaaa on my domain called bbbbbbbbbb.co.uk this then creates a directory aaaa within my public_html directory.

So I uploaded all the files to this directory /home/mywebhostusername/public_html/aaaa

once the files have been uploaded and the mysql database has been created you are ready to log into your url

log in to the install screen and then follow the instructions. It will ask you to accept the terms and conditions.

You may get errors saying that the permissions are net set correctly on some of the files (images and thumbnails). To rectify these you need to go into your webhost control panel and goto file manager and select thise directories and change their permissions. (speak to your webhost provider if you are not sure) Once this is done you can the go back to your shop install screen and click try again.

You will then get to a screen where you need to setup your shop correctly or it will not work these are the setting I used based on my server:

localhost

mywebhostusername_aaaa (the database created)

mywebhostusername_myname (the new database user)

Password (database password set for new user)

create a username and password of your choice for access to the admin page (not your webhost username and password)

Select your skin

At the bottom you will see the location of where you shop is:

store url = http://aaaa.bbbbbbbb.co.uk

server root dir = /home/mywebhostusername/public_html/aaaa

Site root = /

Make a note of these - these will help when you then turn on SSL.

Click next and you will have successfully installed your store. You may be asked to change the permissions of your global file back before you get final confirmation.

You can then go to your url and your shop front should be working. you can then add /admin to your url and get to your admin page and log in with the username and password you set up previously.

setting up SSL

You need to make sure that your certificate is installed and that it is working. Checked with your webhost provided to confirm that it is working correctly. I had a problem with mine which did not help when setting up my shop.

Goto your admin page and go to settings then to the SSL section

This is how I set mine up:

Root SECURE Public HTML Folder to store: (Include Trailing Slash)

Absolute SECURE URL to store:

= /

Secure domain

e.g. https://secure.domain.com

= https://aaaa.bbbbbbbb.co.uk

Server SECURE Root Directory:

e.g. /path/to/your/secure/webstore

= /home/mywebhostusername/public_html/aaaa

these were obtained from your install screen at stage 3

Turn on SSL

and save your setings

You will then find that you can go to your url (http://aaaa.bbbbbbbb.co.uk) and you will see your shopfront, you will be able to goto your basket or register screen and get the secure padlock

To access your admin screen you will need to goto https and not http otherwise you will get an error message.

If your cert is working and you followed the install instructions on screen like I did you will get a successful installation.

Hope this helps.

If you need anymore info then PM me

Regards

Martyn

[Guest rukiman]

Thanks for the info! Now all I need is my own private SSL certificate. I'm glad to see that the customers details, checkout AND admin is all on secure server.

[Guest]

I've install the cubecart in the main directory or they called it root directory.

Bought a rapidssl and was wondering if this would be the right settings.

Root SECURE Public HTML Folder to store: /

Absolute SECURE URL to store: https://secure.mydomain.com

Server SECURE Root Directory: /home/myusername/public_html/

Is this the right procedure.

If so how does it work. Do i need to redirect anything at all or is it automatic when a person access the site, example;

http://www.yourdomain.com - they will be directed to - https://www.yourdomain.com

If so. How can I maintain normal http browsing until customers checkout and then only get to the secure site, example

normal browsing

http://www.yourdomain.com

http://www.yourdomain.com/index.php?act=viewProd&productId=1

and so on, and only when customers checkout they get to

https://secure.yourdomain.com/cart.php?act=cart

Sorry for my ignorance in ssl, but I hardly play with it.

help appreciated. thanks. I think we should also start a thread that shows all and only successful settings of ssl.

[Guest mslsystems]

Your settings should be something like this: (You should not have to redirect anything this is all done by cubecart if you have set it up correct).

Root SECURE Public HTML Folder to store: (Include Trailing Slash)

Absolute SECURE URL to store:

= /

Secure domain

e.g. https://www.domain.com

= https://www.bbbbbbbb.co.uk

Server SECURE Root Directory:

e.g. /path/to/your/secure/webstore

= /home/mywebhostusername/public_html

Your secure domain name must be the same as your normal url for it to work

[Guest jfha73]

Hi,

I configured the following way and I get an infinite loop.

Root SECURE Public HTML Folder to store: /store/

Absolute SECURE URL to store: https://www.mydomain.com/store

Server SECURE Root Directory: /home/myusername/public_html/store

What am I doing wrong?

Thanks.

[Guest]

I am having the same infinite loop issue, and I even tried this test:

https://www.cubecart.com/site/helpdesk/inde...;kbarticleid=30

Here is the file on the server:

http://www.engravedlasermemories.com/shop/sslcheck.php

https://www.engravedlasermemories.com/shop/sslcheck.php

Both HTTPS and SERVER_PORT are listed under the second link, so I'm not sure why I'm still getting an infinite loop.

I am using a shared SSL at the moment, and my webhost said that CGI scripts are not permitted to use shared SSL for security reasons. So if I go ahead and purchase the private SSL, do you think that would solve the infinite loop problem?

Please help This is the last piece of the puzzle before it's all working!