[Frozen Tundra]

Thanks to all of the previous posts on suggesting ways to install the CS-Cart on various web hosts. After a couple of days I finally found a path to successfully install the application without any permission errors.

I am confused about the installation of the cart on my private SSL web site. The config.php setup is listed below and appears to be correctly setup by the installation script.

// Host and directory where cs-cart is installed on usual server
$cscart_http_host = 'www.mywebsite.com';
$cscart_http_dir = '/store';

// Host and directory where cs-cart is installed on secure server
$cscart_https_host = 'secure.mywebsite.com';
$cscart_https_dir = '/';

I also enabled the SSL in the Admin Setup section. Enable secure connection in checkout (SSL certificate is required to be installed on your server)

But there was no code installed on the SSL secure.mywebsite.com. Do I have to install CS-Cart again on the secured web site? Which CS-Cart files goes there? What am I missing here?

[Frozen Tundra]

I wanted to let everyone know the outcome of this problem and more importantly to provide a forum search result. My support started my support today and responded with:

Thank you for contacting us.

Please let me explain.
It does not copy CS-Cart files to secure server during installation. If secure files are required to be located under another directory, you should copy them there manually. Now there are no CS-Cart files on your secure server that is why it does not redirect to HTTPS.

BUT: if your server is Unix-base, you do not need to copy all CS-Cart files to secure server. If possible it needs to just create a symbolic link to the web root directory on the secure server. This will allow to have one CS-Cart installation on your server. If you want to know how to create a symbolic link, please contact your hosting administrator and ask him to help. We can help you as well if you provide us with SSH (shell
access) to your server.

If there is ability to create a symbolic link that points to the web root directory, you will need to copy all existing CS-Cart files (that are located in "store" directory on your server now - you need to copy this installed copy, not files from the distributive package). We recommend to create "store" directory on the secure server and copy CS-Cart to exactly this directory.

After that you will need to alter "config.php" file (on both copies) in the following way:

// Host and directory where cs-cart is installed on usual server
$cscart_http_host = 'www.mywebsite.com';
$cscart_http_dir = '/store';
// Host and directory where cs-cart is installed on secure server
$cscart_https_host = 'secure.mywebsite.com';
$cscart_https_dir = '/store';

What other code configuration is needed?

You will probably need to set 777 permissions for the "var" directory and all its subdirectories of the second copy after the copying is complete.

Please let us know the result.

Thank you.

---
Sincerely yours,
Alex Vinokurov
http://www.cs-cart.com

Alex's answer makes sense to me. So I will ask my web host to create the symbolic link to my secure.mywebsite.com. I will let you know the outcome.

Frozen Tundra

[glyndon]

I would be interested in finding out what this symbolic link is and how they do it?

Thank you for posting the support outcome on this forum.

[SWS]

A lot of servers have a setting to "use same directory for ssl content"

Which basically means, the files reside in the same place, depending on your host / setup you would need to check this in cPanel or Plesk etc...

This is the better way to run it in my opionion as you do not have duplicate files or any hassle if you need to modify a file.

[glyndon]

I see,

I have a similar dilemma.

On our server you can't use the same domain for your non-ssl and ssl because the ssl site will use a different IP address.

So I can't have http://www.mydomain.com & https://www.mydomain.com and I can't even have https://www.mydomain.com/secure/

Looks like I might have to buy a new domain something like www.secure-mydomain.com and look at CS-Cart guide to installing the cart (or part of it) on the new ssl domain.

Fun and games.

[Frozen Tundra]

My web host also did not allow to use the same domain name for unsecure and secured. That is why I made the secure.mywebsite.com subdomain to host the SSL certificate. I purchased the SSL last year for an oscommerce cart, but ended up dumping that cart system. CS-Cart appears to be a much better cart system for a retail store.

I am going down the path to setup my own SSL cart just to try it out; however, I do not think it is needed if I go with PayPal Standard, 2Checkout or Authorize.net. The money transaction is all new to me...try it out and learn...hopefully not the hard way.

I put in a ticket with my webhost provider to create the symbolic symbol. I will let you know if this works.

[glyndon]

Quote:

I do not think it is needed if I go with PayPal Standard, 2Checkout or Authorize.net

I had that setup with our previous store but I think customers will expect any pages that contain their personal details (order history etc) to be secure.

We had a really hard job convincing customers that it was safe to shop because just our payment page was secure. We took telephone orders as a result and it ended up quite a big percentage of our takings. Just a bit of advice.

Even if we still go for the 2Checkout type payment page, I want to try and set up the ssl. If I can get it to work I am also going to try and integrate the payment page into our store so the customer is not redirected to another url.

[SWS]

One thing I would add to the above then...

If you do decide to install 2 CS-Carts, which is possible as long as they share the same dbase connection, it may be advisable to let CS know they are on different domains for your licence agreement !

[Frozen Tundra]

My CS-Cart is now working on my own SSL subdomain. I had to change the $cscart_https_dir variable from = '/'; to $cscart_https_dir = '';. The slash caused the graphics not to load while on the secured subdomain.

Quote:

// Host and directory where cs-cart is installed on usual server
$cscart_http_host = 'www.mywebsite.com';
$cscart_http_dir = '/store';

// Host and directory where cs-cart is installed on secure server
$cscart_https_host = 'secure.mywebsite.com';
$cscart_https_dir = '';

So far I am really impressed with the CS-Cart system. I just wanted to see how the CS-Cart checkout on my own SSL operated. Next I will check out the available merchant accounts features.

Thanks for your inputs!

[Frozen Tundra]

Quote:

Originally Posted by glyndon

I had that setup with our previous store but I think customers will expect any pages that contain their personal details (order history etc) to be secure.

We had a really hard job convincing customers that it was safe to shop because just our payment page was secure. We took telephone orders as a result and it ended up quite a big percentage of our takings. Just a bit of advice.

Even if we still go for the 2Checkout type payment page, I want to try and set up the ssl. If I can get it to work I am also going to try and integrate the payment page into our store so the customer is not redirected to another url.

I never order anything online if the personal details page is not secured, but I never call in the order. It is easier to find another secured website selling the same product.

FYI: The CS-Cart personal customer information page does appear on the secured webpage. Purchasing a SSL is pretty cheap protection. I think I paid $179 for two years through Authorize.net which uses COMODO services. The setup was very confusing. I guess COMODO uses a modified certificate system from the rest of the secured certificate providers. I had to call my web hosting support to have them talk me through the my control panel's SSL setup. Other services talk in the apple terminology and COMODO uses the banna terminology....frustrating but worth it at the end! Just make sure that you document your setup just incase you need to do it again.

[Komplex]

Just a point here... (as I had to work the same thing out in my fuzzy brain)

SWS, I don't think he's installing as per the instructions from CS-Cart Support in post #2

I believe they are suggesting that he makes a copy of the cart as it's installed, therefore, technically it's not an install... it's already owned software that resides in a different place..

I'm going thru this structure thing as well and i'm getting to the point of discouragement in trying to sort this out, hence I questioned the same thing...

Komplex

[MikeK]

I don't understand what the problem would be for installing the store or anything else in a particular directory, secured or otherwise. It just doesn't make sense. The only thing I can think of is that you are using a shared SSL provided by your web host. That would require a specific address, but it would look something like this: https://secure.ISPNAME.com. I could be wrong though. We don't offer a shared ssl with our hosting plans because the ssl certs aren't expensive, and when they're registered to the domain he store is on, it appears much safer. You can tie the ssl cert to anywhere on your domain that you want.

I always recommend that you install the SSL cert to your root directory. We offer a cert that can be installed on the root that will let you encrypt any page anywhere on your site. Go to my site at https://www.NVone.com and follow any link. Visit my store at https://www.NVone.com/Store and you will see that the page automatically converts to http:// because of the settings in CS-C. However, click the Account link at the top and you will see that that CS-C automatically switches to https://, and the page is secure.

[Komplex]

I went to your secure address in your post and got this:

There is a problem with this website's security certificate.


The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.


IE7....

*Edit*

Sorry I went to the https://www.NVone.com/Store one

my bad

[MikeK]

Yeah, that error pops up when you enter https://nvone.com instead of https://www.nvone.com.

I saw a post here the other day that has a fix for that problem. It has something to do with the .htaccess file. I really need to add that to the file.

[bholland]

It has to do with forcing redirection to www (or alternatively forcing no-www if that is what your security cert has)