Can someone please point me to a how-to on using ssl with ubercart pages ?
Wed, 02/06/2008 - 18:56
Re: Definitive tutorial for using ssl with ubercart
I don't think there's a definitive tutorial yet ... maybe someone could write one up for the docs. Unfortunately there are a lot of ways to obtain / install an SSL, differences between vendors and setup (and amount of access you have to a server).
But assuming you've already "bought and installed" an SSL on your server - hosting solutions like GoDaddy, NetSol, Media Temple etc. all have automated ways to do this) - then here are some good threads to check out:
Secure Pages module: http://drupal.org/project/securepages
http://www.ubercart.org/forum/support/1850/ssl_which_paths_do_you_protect
http://www.ubercart.org/forum/support/2569/secure_pagesssl_cart_contents...
Re: Re: Definitive tutorial for using ssl with ubercart
Yes I have bought & installed ssl before on asp-based carts.
Those postings are a great start - off we go then. Thanks.
Re: Re: Re: Definitive tutorial for using ssl with ubercart
I posted a FAQ on that the other day - let me know if any additions/corrections are needed: http://www.ubercart.org/faq/2941
Re: Re: Re: Re: Definitive tutorial for using ssl with ubercart
Cool, thanks for posting that, TR. I would almost suggest a more thorough answer for the FAQ page. Include the paths that should be set and possibly even some resources to buying Certificates? I know one issue I had way back, with the PayPal path, I only found by searching the forum and digging through threads. Things like that are sometimes easy to overlook. I can always add info to the page if you want.
Re: Re: Re: Re: Re: Definitive tutorial for using ssl with uberc
Yes, it would be nice to add more info! I also like the idea of a FAQ on how to get/install a certificate. It should probably be a separate question/answer.
In the current SSL FAQ I have a link to the thread where you posted the paths you're protecting. That's good info, but as far as I can tell you're the only one who's made a list like that public. If it were in the FAQ I think people might take it and use it without thinking about what should be protected and what shouldn't. For example, you protect the PayPal paths, which is good, but what if they're using a different payment method? I thought it would be better just to point to the discussion so they would have to read and think before doing anything.
It's tough to make a list that will work in all situations. If the User Login block appears on the front page, for instance, it's not good enough to just protect the "/user" path because the login information entered on the front page won't be sent via https unless the front page is also secured! You can end up turning on https for the entire site that way. On my site I get around that problem by making a block that has a link named "login" which takes you to the secured user page, so you never need https if you're anonymous. At some point, the discussion becomes too big for a FAQ and needs to be addressed in maybe a Book page in the UC documentation. I see the FAQs as *short* answers with pointers to further, more in-depth information if required to completely address the issue.
I've started writing up a lot of other FAQs - if you know a question that should be in there drop me a line, or if you want to go ahead and write a question/answer you should be able to do that with "Create Content". I think the FAQs can be a valuable resource once we get more info in there.
Re: Definitive tutorial for using ssl with ubercart