Pages: [1] 
|
 |
|
 Author
|
Topic: Re: SSL Certificates (Read 3980 times)
|
|
jariggs
|
We're on the same page... I ordered an SSL cert, and am a little confused how to install...
I get these in a "Generating a CSR" window...which one do I select?
Apache + MODSSL
Apache + Raven
Apache +SSLeay
Apache 2
C2Net Stronghold
Cobalt RaQ3/RaQ4/XTR
Ensim
IBM HTTP
IBM Domino Go 4.6.2.6+
iPlanet Enterprise Server 4.1
Jakart-Tomcat
Lotus Domino 4.6
Lotus Domino 5.0.x
Microsoft Internet Information Server 4.0
Microsoft Internet Information Server 5.0
Netscape Enterprise 3.51
O'Reilly WebSite Professional 2.x
Plesk
Weblogic 5
WebSTAR 4
Zeus Web Server v3
Thanks for the help and direction...
JAR
|
|
|
|
|
Logged
|
|
|
|
|
Brad
|
Before you can get a SSL, you need to have us generate a request and key for you. You need to contact sales@alphaone-tech.com and tell them you need a request and key. You also need to purchase a unique IP address in order to use your SSL. Also, tell them who you purchased the SSL from and they can tell you what it will cost to have it installed. This is not something you can do, only SysAdmins have that capability. Hopefully you didn't purchase a GoDaddy SSL. We have had major problems with them and have had to charge double to install them. Every one they send is wrong initially. Also sends the wrong intermediary cert. We wanted to establish a relationship with them using their SSLs and if they were purchased directly through us, installation would be free. Instead we went with Comodo SSLs. Purchased through us, we will install those for free. I am not sure of pricing details since that section of the site hasn't been put online yet, but sales will know. |
|
|
|
|
Logged
|
|
|
|
|
AlphaWolf
|
Just for your info, templatemonster.com has started selling OSC templates.
peace
Wolf
|
|
|
|
|
Logged
|
|
|
|
|
jariggs
|
The only drawback of this host so far appears to be the lack of information on such subjects as the SSL Cert. If we didn't have you on the forum, we'd be in serious trouble. I looked at Alpha first to see if I could get the SSL here, but saw nothing to indicate I could or how to go about acquiring and installing an SSL certificate. Otherwise I would have purchased through Alphaone. I would think some of these things would be frequent issues, but apparently not. Hopefully, others are learning from my wandering...
If I'm just not looking in the right places. let me know.
In the meantime, I'll contact sales to figure out what to do now.
Thanks,
JAR
|
|
|
|
|
Logged
|
|
|
|
|
AlphaWolf
|
Yeah, sorry about that.
Up until 6 weeks ago we didn't sell SSLs, and for the past 6 weeks we have been slowly integrating a new ordering system - where you will be able to order SSLs. But quite honestly, we purposely have NOT advertised the fact that we sell them because its just one more process we would have to iron out.
We have so many new things going on here that it is honestly hard to keep up with putting links to them online. Our new order center, (and possibly a new user control panel in the next month), will help some of that.
Was sales able to get you the info you needed? Normally I am one of the folks who keeps tabs on sales as well, but I have been knee-deep in preventing referrer spam and DDOS.
peace
Wolf
|
|
|
|
|
Logged
|
|
|
|
|
jariggs
|
As a follow up for anyone working through the SSL isntallation process... Once I contacted Alphaone-tech sale... they worked with me to get SSL certificate, I had used RegisterFly since I did not know SSL certs were available through Alphaone. Nevertheless, we are almost there with Alphaone Sales' help. The process has several steps and is tedious, but I think I should have SSL within a few days... I'll give an update when I do... Remember... Fortune favors the well-prepared...  Jeff R |
|
|
|
|
Logged
|
|
|
|
|
Brad
|
I understand the SSL was installed yesterday and access should have been immediate. SSLs require a lot of information for security reasons. With some you have to send in your incorporation papers or license in order to get the SSL. We will put SSLs on the CPanel Webmaster Store when we have a chance to design the ordering back end for it. Wolf wants to get it done by next week but it will depend on how many more kiddie hack attacks we have to deal with this week. |
|
|
|
|
Logged
|
|
|
|
|
jariggs
|
I checked and I am able to pull up https://www.odysseyshop.netIs there some place you can point me to see what I now need to do. Or what I need to avoid? - I get a SSL warning that someone may be trying to intercept when I don't use the www prefix. Does this mean I need to go through my website and change all http links to https? Do I only need to do so in the osc section? Also, I've seen several posts re security issues that refer to things like protecting index directories -- is there some place I can go that generally covers security concerns and do's and don'ts. I'm ready to take this baby real time, but want to make sure customers are not leaving their info out there for the picking... Thanks all, Jeff R |
|
|
|
|
Logged
|
|
|
|
|
Brad
|
I checked and I am able to pull up https://www.odysseyshop.netIs there some place you can point me to see what I now need to do. Or what I need to avoid? - I get a SSL warning that someone may be trying to intercept when I don't use the www prefix. Does this mean I need to go through my website and change all http links to https? Do I only need to do so in the osc section? Also, I've seen several posts re security issues that refer to things like protecting index directories -- is there some place I can go that generally covers security concerns and do's and don'ts. I'm ready to take this baby real time, but want to make sure customers are not leaving their info out there for the picking... Thanks all, Jeff R You definitely need the www unless you have two SSLs - one for domainname and one for www.domainname. SSL senses a breach in security if it isnt called by the browser in the exact way it is registered. Its stupid, but that is how it works. Check your cpanel for not allowing indexing on specific directories. Also make sure however you store credit cards online it does NOT store the 3-4 digit security number or the actual credit card number unless it uses LEK encryption. There are some heavy new regs on storage of card information. Brad |
|
|
|
|
Logged
|
|
|
|
|
Anne
|
I didn't know that. My church just had a SSL installed and keeps getting error messages. I think that may be why. Thank you Brad
Anne
|
|
|
|
|
Logged
|
|
|
|
|
jariggs
|
Thanks for comments. I'm still confused. I figured out how to point the links to a secure catalog index page. However, once I'm in the catalog, any movemnent within the catalog throws me back unsecured. I'm using OSC, and I made the few changes shown in the following: ************************************** SSL with osCommerce How Does SSL Work With OsCommerce? The workings of SSL with osCommerce are quite straightforward. Once your SSL is installed, you set the configuration path for https:// in catalog/includes/configure.php to enable SSL and the code takes care of the rest. // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', ' http://www.yourdomain.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https:// yourdomain.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', ' www.yourdomain.com'); define('HTTPS_COOKIE_DOMAIN', ' yourdomain.com'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); ************************************************* Since I registered www.odysseyshop.net for the SSL, I changed the above areas to www.odysseyshop.net. However, I don't see any effect from those changes... Help and suggestions appreciated... Jeff R |
|
|
|
|
Logged
|
|
|
|
|
jariggs
|
Followup to previous post... OK, I said I'm new at this...after messing around for over an hour trying to get my links to go to a secure Catalog page and seeing that none of the other Catalog pages were secure, I tried a test order. Thus, I discovered that the shopping cart does go secure when I add an item to the cart and "pay" for it. I presume this is as it is supposed to be. So, for those of you who may later follow my escapades...check the cart after you make the OSC entries referred to above...that's where the apparent changes are... So, I moved my links back to the unsecured form, and now ony the shopping cart comes up "secure". On to the next issue...When I go to the OSC admin panel and pull up the "order", it comes up in an unsecured window...Is it supposed to be this way, or do I need to set yet something else... Seems to me the very page that actually displays the credit card numbers should be secure...am I missing something... Jeff R  |
|
|
|
|
Logged
|
|
|
|
|
AlphaWolf
|
Yes you are definitely missing something. Everything in OSC should be able to be run under https Take a look at https://www.securityresourcesinc.com/ - just ignore the colors ok...chuckle... Its a site we have done some major customization on for a customer and we host. Everything in his configuration points to https://www. Make sure you have the www in the define https server - that alone might be the issue. If that is not it, without spending some time delving in to it, I have no clue what might not be configured correctly. peace Wolf |
|
|
|
|
Logged
|
|
|
|
|
Pages: [1] 
|
|
|
 |
AlphaOne Technology Support Forums
