Setting Up Power Store With SSL Certificate

I am about to order a SSL certificate for the web site where I have installed Power Store 4.01. The store is installed in a folder on the site (ecommerce) I have opted for the secured/dedicated certificate for the domain.com name and not www. The site is hosted by 1and1.com.

I have talked to their tech service department who tells me that all is required is to order the certificate and enter some specific coding into the .htaccess file in the root directory of the site and that's it! It would secure the entire web site and not just the Power Store as I understand it? Is this correct?

I have read through all of the posts that I can find and see a variety of issues some folks have had in the application of the certificate and some code changes to solve these.

Before doing this, I would like to know if there is a downside in securing the entire site which as it has been explained to me, would secure everything on it? I have asked about potential issues with users accessing the site with different browsers and they tell me none! This seems to be too simple to be true, but perhaps it is?

My original intent was to secure only the ecommerce section of the site, but from what I gather from talking to the tech guy, this is not how it works?

Can you give me some direction on this? Are there any known issues in doing it this way? I will be using the PayPal Standard gateway which is as I understand it, already secured.

Out of all the many web sites that I have developed, this is the first one that has required the certificate, so please bear with me as a "newbie" where this is concerned.

Thanks!

In reality, you do not need an ssl certificate when using PayPal standard.

Most issues with SSL are host specific.

There really aren't any downsides to securing the entire site.


SSL is all server side, so there wont be browser specific issues.

As long as the htaccess rules are properly set up, you should not run into issues.

My client insisted that the site be secured with a certificate, so have done this. I purchased the GeoTrust Premium certificate through 1and1.com, put the required coding into the htaccess file and the site is secured.

I am using PayPal Standard as the gateway. I have found only two entries in the PayPal configuration screens for making this work with the now secured site. I changed the address to:

ipn.php for IPN and ecommerce for return.

Despite this, I am getting the following error message when clicking on the "cancel and return link back to the web site"

_______________________________________________

Bad Request
Your browser sent a request that this server could not understand.

Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Hint: therugrack.com:443/

_________________________________________________

I am currently excanging tech support emails with PayPal.

They have come back to me and confirmed that both of the entries I have made are correct and have asked the following question:

"I show the account currently has the URL ipn.php for IPN and ecommerce for return

However, these values are overridden by transactions containing the NOTIFY_URL and RETURN commands.

Please verify any button or cart settings are not sending conflicting commands."

Are there any settings that must be changed in any of the Power Store PHP files that they are referring to correct this issue?

I have assumed (which is probably not correct) that once the order is submitted to PayPal using the two configurations above, that the issue is with the link back to the secured site as it clearly shows the http address and not the https address? (within the PayPal configuration)

I don't know what to tell them.

Can you give me some input on this, please?

Since making the above post, I have done a Dreamweaver search and replace, find, etc. for the whole site for any codiing in any of the php files that refer to the above which Pay Pal tech service asks for a verification in order to determine the conflict (previous post)

I cannot find anything in the coding for any of the pages that make reference to the above.

I would like to get this resolved today, so the site can be taken live.

If the issue involves a conflict in the Power Store coding somewhere that is causing this, please advise how to correct it.

If not, please advise what I should tell them.

Thanks

In an effort to continue troubleshooting this issue with PayPal Tech Support, I have been referred to this link where all of the available variables are listed.

392

the cancel and return urls are set in the webassist/plugins/shopping_cart/process_transaction.php files.


look for the following lines of code:

<input type="hidden" name="cancel_return" id="cancel_return" value="<?php echo($WAGLOBAL_Root_URL  ."pp_cancel.php"); ?>" />

              <input type="hidden" name="return" id="return" value="<?php echo($WAGLOBAL_Root_URL  ."checkout_success.php"); ?>" />

you can hard code the address here to use:

<input type="hidden" name="cancel_return" id="cancel_return" value="https://therugrack.com/ecommerce /pp_cancel.php"); ?>" />

              <input type="hidden" name="return" id="return" value="https://therugrack.com/ecommerce /checkout_success.php"); ?>" />

Thanks, this did the trick, however, I had to remove the ?> from both entries as it was putting two of these: /> /> before the buttons on the submit page.

<input type="hidden" name="cancel_return" id="cancel_return" value="https://therugrack.com/ecommerce /pp_cancel.php"); ?>" />
<input type="hidden" name="return" id="return" value="https://therugrack.com/ecommerce /checkout_success.php"); ?>" />

This is the code I used after removing them:

<input type="hidden" name="cancel_return" id="cancel_return" value="https://therugrack.com/ecommerce /pp_cancel.php"); />
<input type="hidden" name="return" id="return" value="https://therugrack.com/ecommerce /checkout_success.php"); />

oooops, forgot to remove that code, glad you spotted it.