Hey,
I am a bit confused here. I would appriciate if anybody could clear this out for me.
My host has Shared SSL. It says to place secure files in SSL folder , the rest in WWW. I placed whole squirrelcart in WWW. It workes just fine. I use Authorize.Net payment gateway.
Is this a problem? Is Credit card info goes through internet in unsecure way? I read a bit on Authorize.net. They require SSL connection. And since everything is working, I assume I connect to Authorize.net using SSL without placing any files in SSL folder.
Thank you in advance,
Vytas

Anybody, please?

I also need a clear answer to this question.

My host, activeserverhosting.com, includes a Shared SSL folder above the web root and I need to know how, if its possible, to set up Squirrel Cart so that it will use the SSL directory but without have duplicate copies of all the files in the SSL directory.

What other hosting options do I have if this setup won't allow for a seamless secure setup? :confused:

Hi,

This information should be useful for both of you, but I will quote Vytas here and reply below:
It says to place secure files in SSL folder , the rest in WWW. I placed whole squirrelcart in WWW. It workes just fine. I use Authorize.Net payment gateway.
Is this a problem? Is Credit card info goes through internet in unsecure way?
If you have the connection method for Authorize.net in Squirrelcart set to "Server to Server" OR "Client side secure form post", Squirrelcart will gather credit card information on your website. If this is the case, you need to have SSL. If you see "https://" in the URL when you are entering the credit card information, then it is secure. If you do not, then you need to change the $site_secure_root variable in your config.php file to reflect the secure shared SSL URL.

I would suggest that you do not put any files in the secure folder that the host mentioned until you try the cart with all the files in the regular folder, and with a valid secure URL specified for $site_secure_root.

If after you try this, you still have a problem, make a test file and place it in the secure folder. Then try to access the file using the secure URL and make sure you can open it. That will help you verify that you are using the correct URL. Then, try to open the same file (without moving it) using the regular http:// URL. If the file does not open, then you need to make a decision. These are the options you could go with:

1. Run the cart using the secure URL at all times.

This can be done by placing all the files in the secure folder, and setting $site_www_root to match $site_secure_root in your config.php file. We support this type of setup, and it works fine. This is the easiest solution (although maybe not the best one)


2. Create a Unix/Linux alias

We don't support this, but we have had others report that it has worked for them. I don't have the exact syntax for creating an alias handy, but if you Google for it, I'm sure you can find it. This is a bit advanced, and requires shell access. If you are not comfortable with this, you shouldn't attempt it.
The general idea behind this is as follows:
- create the alias INSIDE the secure folder, and have it point to the regular www folder
- include that alias name (as a subdirectory) in the URL

For example, say the secure URL to your secure folder is:
https://www.example.com/~myacct

You would create an alias named "store" inside the secure folder, and have it be an alias to the actual regular www folder. You would then set your $site_secure_root variable to something like this:
https://www.example.com/~myacct/store


3. Ask your host if the SSL folder setup is going to be the same if you have
your own SSL certificate. In some cases, it may not be. If they tell you that the problem will not occur with your own cert, than I'd recommend getting one. You can get one at digicert starting at $99 USD: http://www.digicert.com


4. Switch hosts to a host that does not have a separate folder for SSL.

We have encountered a handful of hosts that have been setup with a separate SSL folder, but they are definitely in the minority.

Switching hosts seems to be the solution. I now realize that this host is making things more difficult with the separate Shared SSL folder.

I now need to consider options with the security warning that I now get... There seem to be many post concerning this - I'll read on.

Thanks for the excellent and fast response Jamie! :cool:

Glad to help! Good luck in your search. We have some good hosts on our resources page:
http://www.squirrelcart.com/resources.php