Has anyone managed to have a https server on a different domain to the http..
example
www.mywebsite.com
and www.sharedsslcert.com/mywebsite/
looking at the coding I don't think we can, anyone have any suggestions?
I noticed this aswell.
A company I previously worked for used a sub domain for there SSL. The problem is the cookie the session sets. You need a cookie domain added in the config for both the http and https.
A company I previously worked for used a sub domain for there SSL. The problem is the cookie the session sets. You need a cookie domain added in the config for both the http and https.
OpenCart®
Project Owner & Developer.
This still appears to be an issue using sharedssl in 0.7.9 (and one that is affecting my live store!). I will add it to the to-do list for the next version.
Also, david.gilberts SEO contrib doesn't seem to work when it switches to the shared address
Also, david.gilberts SEO contrib doesn't seem to work when it switches to the shared address
Last edited by Qphoria on Sat Oct 18, 2008 9:34 am, edited 1 time in total.
As a discussion point...
My 2 cents on shared ssl is that is should be consigned to the "waste of time" list along with database prefixes.
Since the goals of using ssl are to
An SSL certificate for your actual url is not so expensive as to make the programming and testing effort to support shared ssl worth it.
What does anyone else think?
My 2 cents on shared ssl is that is should be consigned to the "waste of time" list along with database prefixes.
Since the goals of using ssl are to
- provide a secure channel of communication
- give the customer the confidence to use your site with their money.
An SSL certificate for your actual url is not so expensive as to make the programming and testing effort to support shared ssl worth it.
What does anyone else think?
Last edited by bruce on Sat Oct 18, 2008 9:02 pm, edited 1 time in total.
I, personally, am not too cheap to get a $15 cert from godaddy. But it was more of a test to ensure OpenCart can handle it. SharedSSL might not be great, but it should still be a viable option for those that need to use it. It's still better than nothing.
Even so, if your online business does not have enough potential to make $200/year seem like nothing, what is the point?jty wrote: $5 dedicated IP? I was told something like $10-$15/mth for the IP over here
Which now makes it around $200/yr which is a tiny bit more than 20 bucks
Thanks
You might as well sit in the sun and drink beer instead.
my first business started with a $1.95/mo host & sharedssl.
Then I upgraded to a full SSL for $29.99 and dedicated ip i think was $5/mo. Made about $100 that year :-\
Then that server got really slow so I moved to gazzin.com and paid $6.95 or so for a reseller account
Switched back to sharedssl but then stopped the business and gazzin started getting slow so I left.
Then a year later started a new company on my reseller account with resellerzoom.com for $9.95. Amazingly pulled in about $100k in sales, then the second year I started seeing some server slowness so I upgraded to a $19.95 plan. The second year business went down to about $60k
and now in it's third year I'm about $40k... (but the decline is expected based on the technology now).
Anyway.. I actually ran and still run that business on a sharedssl. I thought about switching to a real SSL but business was booming and I didn't feel the need to change anything.
Now my upgraded resellerzoom account is starting to get slow so I might look for greener pastures. But I'd still like sharedssl for the backup
Then I upgraded to a full SSL for $29.99 and dedicated ip i think was $5/mo. Made about $100 that year :-\
Then that server got really slow so I moved to gazzin.com and paid $6.95 or so for a reseller account
Switched back to sharedssl but then stopped the business and gazzin started getting slow so I left.
Then a year later started a new company on my reseller account with resellerzoom.com for $9.95. Amazingly pulled in about $100k in sales, then the second year I started seeing some server slowness so I upgraded to a $19.95 plan. The second year business went down to about $60k
and now in it's third year I'm about $40k... (but the decline is expected based on the technology now).Anyway.. I actually ran and still run that business on a sharedssl. I thought about switching to a real SSL but business was booming and I didn't feel the need to change anything.
Now my upgraded resellerzoom account is starting to get slow so I might look for greener pastures. But I'd still like sharedssl for the backup
Last edited by Qphoria on Tue Nov 11, 2008 12:46 pm, edited 1 time in total.
Bruce, the point in my situation is that I don't require shared SSL for security reasons. I already pay for an online payment gateway that handles the SSLbruce wrote: Even so, if your online business does not have enough potential to make $200/year seem like nothing, what is the point?
However, when that gateway returns to my site, Firefox gives a warning (attached). Read in the context of where they are in the checkout/payment process, the customers can easily think their credit card details are being sent unsecurely.
This is not the case as the data returned is not cc details but we have to cater for "perceptions" as well as truth.
The good news is that it doesn't happen with IE and IE still rules. I knew there was one good thing about IE
What payment gateway?
What is the return url?
I have done several payment extensions (ANZ eGate, paypal, 2Checkout) that redirect to secure sites and return to non ssl pages and have not experienced the same problem that you do.
This means there should be a solution that does not require you to unnecessarily hook up to any ssl.
What is the return url?
I have done several payment extensions (ANZ eGate, paypal, 2Checkout) that redirect to secure sites and return to non ssl pages and have not experienced the same problem that you do.
This means there should be a solution that does not require you to unnecessarily hook up to any ssl.
Last edited by bruce on Tue Nov 11, 2008 6:30 pm, edited 1 time in total.
I noticed similar problems with the shared SSL while testing the GoogleCheckout module.
I don't really need SSL for my stores, because any criticical credit card details and payments are handled on the Google Checkout pages which uses its own SSL anyway. However, when Google sends back messages, e.g. 'payment processed', etc., to OpenCart's callback function, Google always insists on using SSL, even though the messages it sends don't contain any critical details (no credit details, no passwords ). Still, I had to enable shared SSL on my server just for the callback function so as to be able to receive and process the messages coming from Google.
I don't really need SSL for my stores, because any criticical credit card details and payments are handled on the Google Checkout pages which uses its own SSL anyway. However, when Google sends back messages, e.g. 'payment processed', etc., to OpenCart's callback function, Google always insists on using SSL, even though the messages it sends don't contain any critical details (no credit details, no passwords ). Still, I had to enable shared SSL on my server just for the callback function so as to be able to receive and process the messages coming from Google.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
The return url is checkout_success
I am not able to show you as their demo doesn't go to SSL
I have contacted them about it but their solution is to use words to explain the situation to the buyer. 11px words are not as dramatic as a Firefox Warning pop-up
Whatever data they are sending back is useless to me but I am not able to change their script.
I tried sending the page back to a shared SSL page but then I encounter the problem of the cart never being cleared as the cart is held in a non-SSL session so an SSL return URL does not clear cart.
Do you know any Australian online gateways that do "manual/offline" credit card processing. I'm looking for a PCI complaint way to do Offline Credit Card
I don't want a dodgy offline payment way that keeps me up all night worrying about people hacking into my database
I also do not want a "real-time" payment gateway as the site is low volume.
I am not able to show you as their demo doesn't go to SSL
I have contacted them about it but their solution is to use words to explain the situation to the buyer. 11px words are not as dramatic as a Firefox Warning pop-up
Whatever data they are sending back is useless to me but I am not able to change their script.
I tried sending the page back to a shared SSL page but then I encounter the problem of the cart never being cleared as the cart is held in a non-SSL session so an SSL return URL does not clear cart.
Do you know any Australian online gateways that do "manual/offline" credit card processing. I'm looking for a PCI complaint way to do Offline Credit Card
I don't want a dodgy offline payment way that keeps me up all night worrying about people hacking into my database
I also do not want a "real-time" payment gateway as the site is low volume.
Last edited by jty on Wed Nov 12, 2008 1:15 am, edited 1 time in total.
So much for me being an expert. 
The behaviour you are seeing is an optional setting in both browsers mentioned. Coincidentally, I have it turned off in both. You probably only have it turned off in IE. I would have attached a screen shot that includes both IE and Firefox settings dialogs as I have them but "the upload folder is full" on the forum.
It is really annoying that we "need" ssl even for this situation when we don't need it.
Instructions for how to turn off "security" settings in your "how to shop" pages with screen shots of the dialog and comforting words about it not mattering are a poor second choice.
At the end of all this, I would still buy my own certificate for a more professional outcome, just as I have argued earlier.
There are no other Australian alternatives for your specific requirement that I know of and it would not help anyway.
The behaviour you are seeing is an optional setting in both browsers mentioned. Coincidentally, I have it turned off in both. You probably only have it turned off in IE. I would have attached a screen shot that includes both IE and Firefox settings dialogs as I have them but "the upload folder is full" on the forum.
It is really annoying that we "need" ssl even for this situation when we don't need it.
Instructions for how to turn off "security" settings in your "how to shop" pages with screen shots of the dialog and comforting words about it not mattering are a poor second choice.
At the end of all this, I would still buy my own certificate for a more professional outcome, just as I have argued earlier.
There are no other Australian alternatives for your specific requirement that I know of and it would not help anyway.
You could do something like this in your payment process() function before transfering to the payment ePath payment gateway:Whatever data they are sending back is useless to me but I am not able to change their script.
I tried sending the page back to a shared SSL page but then I encounter the problem of the cart never being cleared as the cart is held in a non-SSL session so an SSL return URL does not clear cart.
Code: Select all
// Have OpenCart process the order and remove its cart from the session.
// OpenCart will store it in the database with e.g. a 'Paid Unconfirmed' order status.
$this->order->process($results['order_status_id']);
$this->cart->clear();
....
// now transfer to the payment gateway
....
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
Per Bruce, it might be my IE browser settingsQphoria wrote: Really IE is better here?! but IE is notorious for the "There are both secure and non-secure items on this page" which scared the hell out of my customers
This didn't work
Conceptually, that is what I want ie write the order first then go off to pay// Have OpenCart process the order and remove its cart from the session.
// OpenCart will store it in the database with e.g. a 'Paid Unconfirmed' order status.
$this->order->process($results['order_status_id']);
$this->cart->clear();
....
// now transfer to the payment gateway
....
But I received an error that results is undefined
So I tried just $this->cart->clear();
That also didn't work as it then sent a zero $ amount, presumably because the cart has been cleared
But the interesting thing is that it sent my other variables being the customer name, phone number, email address.
So all I have to figure out now is how to capture the value in $this->order->get('total') to send without cart->clear clearing it out.
Do we have a payment module that writes the order first so I can try and copy it. I copied the Paypal one which writes the order "after" returning.
Last edited by jty on Wed Nov 12, 2008 1:16 am, edited 1 time in total.
Who is online
Users browsing this forum: No registered users and 3 guests
