shared ssl for SubFolder provided by hostgator

Submitted by Dan C. on Mon, 06/23/2008 - 16:18

Posts: 2
Joined: 06/23/2008

I am trying to set up an ssl using the shared ssl provided by hostgator.
I use drupal 5.6 , ubercart and secure pages module.

The way to use the secure server layer recommended by hostgator is like so:
https://ns123.hostgator.com/~AccountName/SubFolder/
AccountName is the name registered with hostgator and represents the main domain name.
SubFolder is basically a deferent domain name used under the same main account.

With hostgator you can host unlimited domains under one main account.

When I am using the main account https://ns123.hostgator.com/~AccountName/ all the files on the main account and the files within folders of the main account can be accessed using the ssl.
When I am using the SubFolder under the main account https://ns123.hostgator.com/~AccountName/SubFolder/ I can use the ssl - no problem.
Only when I am trying to use files within the SubFolder I’ll get an error page.

This problem occurs only when .htaccess files with RewriteRule is used in the SubFolder.
When the .htaccess file is not in use or more accurately no RewriteRule within the .htaaccess file (using only plain html files) – there is no problem to use the ssl under SubFolders and all files within the SubFolders.

I have tried to add or change RewriteRule, RewriteBase under. Htaccess - no luck.
I have tried to add or change $base_url in the settings.php file - no luck.

I have also tried following the suggestion at: http://drupal.org/node/61099 - no luck.

Any suggestion on the correct setup for .htaccess and settings.php to solve this problem?

permalink #1 Tue, 06/24/2008 - 00:31

fourcws

Posts: 63
Joined: 04/16/2008

HI, First it is concidered bad form to use a shared ssl for a shoping cart. You should have your own ssl certificate which requires a tld and dedicated ip.

As far as the .htaccess rewrite rules. I assume that you are trying to have the url displayed in the address bar differently than what you typed in to access the subfolder. This will always give ssl error. Because it defeats the purpose of ssl for e-commerce sites.

permalink #2 Tue, 06/24/2008 - 09:38

Ryan

Posts: 5269
Joined: 08/07/2007

I'm also concerned that this will cause session problems during checkout, if that's where you're trying to use Secure Pages. It's my understanding that session data is URL specific, so if the domain changes between normal browsing of the site, will the user have the same session data on the HTTPS domain?

permalink #3 Tue, 06/24/2008 - 14:49

Dan C.

Posts: 2
Joined: 06/23/2008

My intention is not do display a deferent URL address then the one provided by the hosting company (hostgator) for ssl pages.
I am just looking for a way to use the shared ssl for a secure data transfer with a third party.
A good example would be sending and receiving data to and from google checkout.

As for the security of a shared ssl compared to private one: to my understanding there is none.
The deference between the two is only the address on the URL which would be presented to the user. (Instead of https://www.mydomain.com/any_file_or_folder something like https://mydomain.SharedSSL.com/any_file_or_folder.
BTW I have noticed that with the new firefox version (3), both flavors of the ssl (shared and private) are presented as secure, only with a deferent color on the left site of the address bar (green vs. blue).

Plus I am assuming that if it’s secure enough for google it would be secure for us drupal / ubercart users:
http://groups.google.com/group/google-checkout-uk/browse_thread/thread/d...

As for the sessions problem mentioned by Ryan. I have not noticed any when using shared ssl like so:
https://ns123.hostgator.com/~AccountName/
Acutely I have tested google checkout with shared ssl pointing to ~AccountName and it is working smilingly with no problem.

I am also supporting a few sites which are pure html with no php, of which I can use the format:
https://ns123.hostgator.com/~AccountName/SubFolder/ with no error messages or 404 pages.

The problem only rises when I am using drupal trying to accesses files under SubFolder with shared ssl.
As we know already with drupal there is no “real” files or pages under drupal – only pages which are “produced” by drupal on the fly depending various factors durpal was set up for, like who is the user, browser type, day or night, English or Spanish ….

I am still under the assumption that some adjustments of the .htaccess and settings.php files will do the trick.
My knowledge of apache manipulation is close to none. Therefore any input in this direction will be appreciated.

permalink #4 Tue, 06/24/2008 - 16:03

steveosupremo

Posts: 5
Joined: 11/24/2007

hey I'm also interested in how to get this to work through the google checkout module. Using the Shared SSL for the callback URL.

I would assume it would be something like
https://secure.[host].com/~[username]/[directory]/google_checkout

but unfortunately there is something going on that doesn't allow the redirect to work.

any ideas?

Steve

permalink #5 Tue, 07/29/2008 - 00:17

jty

Posts: 2
Joined: 07/28/2008

Hello, I'm very new so please excuse me if my question is really dumb
But how did you get shared SSL to work with ubercart in the first place ?
I can't find anywhere to put the path to shared ssl
eg where did you tell ubercart to go to hostgator's shared ssl url instead of https://yourdomain.com ?
Thanks

	Drupalcon DC
	Vote now to learn more about Ubercart in these sessions: Ubercart on Drupal 6 Advanced Ubercart Usage Starting Your Own Ubercart Store

	Ubercart Affiliates
	Find payment and hosting services in our Affiliate Directory that support Ubercart development.

	User login
	Username: * Password: * Create new account Request new password

	Fast Invoicing
	We use and recommend FreshBooks for project time tracking and client invoicing.

Ubercart

shared ssl for SubFolder provided by hostgator

Navigation

Drupalcon DC

Ubercart Affiliates

User login

Fast Invoicing