Something has caused my original method of storing CC numbers in the admin to stop working. I know it’s not the most secure method, but I still have a manual input terminal for processing CC numbers…
During my original install of CS-Cart 2.0.9 (live site, have current license), I typed in my domain name as xyz.com for the install database config steps. Did the same URL for the secure entry. This is where I thought my original cert was for…forgot to check, silly me.
Turns out that my cert is for WWW.xyz.com
So, I modified the config.local.php file to match my SSL certificate of www.xyz.com for both locations. Everything appeared to be working normal SSL wise now (no more popups about it being www.xyz.com masquerading as xyz.com), but the CC numbers from orders started coming in as xxxx xxxx xxxx 1234 and all the other CC information being xx’d out also.
I searched here on the forums a bit for a solution, and found a post that it’s not as simple as what I thought for editing the config.local.php file for this problem.
So, I then reverted to the original config.local.php file (that I had backed up). But, I’m still getting the same problem in the admin. All CC info is xx’d out save for the last 4 digits.
Is there a way to fix this? I could purchase a cert for xyz.com and remove the www.xyz.com cert, but wondering if there is a easier/less expensive 
way.
Thanks in advance!
Regarding the “WWW” question …
Just need to update your DNS zone most likely …
The default on both Cpanel and Plesk systems is to use a CNAME on the WWW address but you could change that to an “A” record and setup a direct named alias in httpd.conf and then your site will really be “www.domain.com”.
You can supplement this with a mod_rewrite so any requests without “www” also be redirected to the “www” address.
untick remove credit-card data from the order status lists under orders → order statuses