Kryptronic Software Support Forum

You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.

#1 05-04-2010 10:27:33

timgreycart
Member
Registered: 12-07-2009
Posts: 13

Best way to go about adding SSL support w/o breaking existing site?

How do I make my online store secure? I think I need to re-install the shopping cart software, but I’m worried that will reset the store and cause me to lose all the products and other

I have successfully installed and launched the online store, but without making it secure. I do have a secure (SSL) folder on my website, which I’ve used for secure forms. But the online store isn’t secure. I need to know the best way to go about adding SSL support without breaking the existing store.

Thank you

Offline

 

#2 05-04-2010 11:33:54

dh783
Member
From: Avondale, Arizona
Registered: 04-06-2005
Posts: 6233
Website

Re: Best way to go about adding SSL support w/o breaking existing site?

If you have a valid security certificate in place on the server you only need to run the installer up to and submit the new https: url, that's all, you don't need to continue with the rest of the installer.

John

Offline

 

#3 05-24-2010 14:07:17

timgreycart
Member
Registered: 12-07-2009
Posts: 13

Re: Best way to go about adding SSL support w/o breaking existing site?

I tried re-installing the online store software based on your info. It didn’t work, and in fact it completely broke the online store, with messages indicating the page could not be found.

The way my website hosting is configured, there is a secure and a non-secure folder. Any secure content I post has to be in the secure folder, and general content can be in the non-secure folder. As a result, or perhaps for other reasons, I can have general content at wwwtimgrey.com/whateveraddressiwant, but for secure content I can’t use my domain name, but rather have to use quartz.he.net/~timgrey/whateveriwant.

I think it wasn’t working with the online store because it only supports using the same URL basis for both secure and non-secure addresses. Perhaps a solution might be to put absolutely everything into the secure directory, so anyone who visits my online store would always be looking at a secure page, even if it isn’t necessary that it is secure?

Perhaps you could even charge us to get more directly involved so we can once and for all have a secure online store?

Thank you, John

Offline

 

#4 05-24-2010 14:33:00

dh783
Member
From: Avondale, Arizona
Registered: 04-06-2005
Posts: 6233
Website

Re: Best way to go about adding SSL support w/o breaking existing site?

What's the url the security certificate was created for?

Your secure directory needs to have a symbolic/alias link to the non-secure directory.

John

Offline

 

#5 05-24-2010 14:40:22

timgreycart
Member
Registered: 12-07-2009
Posts: 13

Re: Best way to go about adding SSL support w/o breaking existing site?

The secure directory would be accessed like this:
https://quartz.he.net/~timgrey/

I could use http://quartz.he.net/~timgrey/ for the non-secure portion of the store, I suppose. But I'm not sure if that would work. Should that provide a solution?

Offline

 

#6 05-24-2010 15:02:10

susan2go
Member
Registered: 04-19-2010
Posts: 81

Re: Best way to go about adding SSL support w/o breaking existing site?

Why don't you buy your own security certificate for $20?  Then you could use https://www.yourdomain.com.

Offline

 

#7 05-24-2010 15:03:37

timgreycart
Member
Registered: 12-07-2009
Posts: 13

Re: Best way to go about adding SSL support w/o breaking existing site?

I actually tried that, but somehow it didn't work. But I'll give it another go.

Offline

 

#8 05-24-2010 15:52:11

susan2go
Member
Registered: 04-19-2010
Posts: 81

Re: Best way to go about adding SSL support w/o breaking existing site?

You have to have your own security certificate in place.  If you can't use your own domain name for secure, then you probably are using your web host's certificate.  Some hosting companies offer certificates as an add-on, but they are sold all over the place now at a fairly cheap price. Your server administrator would more than likely have to install it for you.

As John said, you don't have to worry about the non-secure and secure content because there is a symbolic link.  People don't trust sites which do not have their own SSL certificates.

Offline

 

#9 05-24-2010 16:43:45

dh783
Member
From: Avondale, Arizona
Registered: 04-06-2005
Posts: 6233
Website

Re: Best way to go about adding SSL support w/o breaking existing site?

Your on a shared server, using a shared ssl, if you want your own ssl (for your url) your package may not allow it. You will have to talk to your service provider about your account, usually they want more $$ for accounts with there own ssl.

Offline

 

#10 05-25-2010 10:02:35

susan2go
Member
Registered: 04-19-2010
Posts: 81

Re: Best way to go about adding SSL support w/o breaking existing site?

On my host, it is $20 more a month  and that's chump-change.  Perception is everything in online selling.  If I came across a site that didn't have a security certificate, I would shop somewhere else.  I would wonder about the finances of a company that couldn't afford a security certificate.

Offline

 

#11 05-26-2010 02:37:36

NicheDev
Member
Registered: 02-04-2009
Posts: 152

Re: Best way to go about adding SSL support w/o breaking existing site?

GeoTrust (part of Verisign) charge me $119 a year for each of my sites. That's pretty good value at $9.91/mth, and other providers are priced similarly.  Prices have dropped a lot in recent years, presumably due to intense competition.

Paul

Offline

 

#12 05-26-2010 12:55:53

susan2go
Member
Registered: 04-19-2010
Posts: 81

Re: Best way to go about adding SSL support w/o breaking existing site?

NicheDev wrote:

GeoTrust (part of Verisign) charge me $119 a year for each of my sites. That's pretty good value at $9.91/mth, and other providers are priced similarly.  Prices have dropped a lot in recent years, presumably due to intense competition.

That is so true!  I bought my first SSL certificate in 2001 from Verisign for almost $500 per year plus I had to fax them my business license and copy of my ID!  Now, I can renew my (Comodo) SSL through my hosting company for about $45 per year (3 year term), plus $25 for the "seal."  You can't have too many seals; seriously, customers put a lot of stock in seals!

I've seen SSL certificates as low as $12.95 a year on GoDaddy.  InstantSSL has a free "trial" certificate with a free seal. On shared servers, the plans which allow a private SSL certificate run about $40 per month or less.

Offline

 

Board footer