SSL Certificate

[ariopp]

Hi,

I'm trying to install an SSL certificate, but my hosting provider would like to know if I need it to be set up for

www.mydomain.com, or

mydomain.com

 

What do I tell him? What will work with prestoshop?

Thanks for the help!

[mimran]

dude

i am just taking a stab in the dark based on observation

normally when you click a secure page it is https://domain.com

(i could be wrong)

secondly would they charge you anything if you tried both ways?

if not then just try which ever works and let the forum know as well.

[hydra]

Hi,

 

You will need to decide for yourself but most people will use www.

If you can make a subdomain for your domain pointing to your public_html folder, you can use something like secure.yourdomain.tld. That way people can notice going from http://www.yourdomain.tld to https://secure.yourdomain.tld

In this case you will need a certificate for secure.yourdomain.tld

 

Please remember that you will need to have a private ip to.

 

Ronald.

 

[ariopp]

Hi,

Firstly, I think the idea to use the word "secure" before the domain name is GREAT. Never thought of that, but it makes a lot of sense.

 

Unfortunately, it is too late to use it, as my web host already went ahead and applied for the certificate and is now waiting for verification.

Anyway, I found out the following extra info:

1) My certificate authority actually supports both the plain domain name and the www.domainname on the same certificate ie- both mydomain.tld and www.mydomain.tld. So after all, it wasn't even such a major issue (I don't think my web host realized this when he asked me).

2) Turns out that presta just uses the domain that the customer goes to. What I mean is eg: if the customer goes to "http://domain.tld", then all SSL will be "httpS://domain.tld". If the customer goes to "http://www.domain.tld", the all SSL will be "httpS://www.domain.tld" etc.

3) I figured out that you can manually tell presta where the SSL site is by editing the "init.php" file, and change the "base_dir_ssl" entry manually to whatever you need.

 

Hope this clears up some questions on SSL. Sure wish I had this info 2 days ago.

Thanks for all the help!

[moonpies]

Thank YOU ariop!  That is all very helpful information.  I really appreciate your sharing it.

[S7 Media Ltd]

Thanks ariopp, that was a huge help!

Just to take ariopp's advice even further. If, like me, your store domain is www.domain.tld, but you've created your dedicated SSL certificate and pointed it to domain.tld (without the www), you'll notice that your web browser will inform you that the website is trying to go to https://www.domain.tld, but the SSL is registered to https://domain.tld. If you go to init.php, and find the following line :

'base_dir_ssl' => (Configuration::get('PS_SSL_ENABLED') ? 'https://' : 'http://').htmlspecialchars($_SERVER['HTTP_HOST'], ENT_COMPAT, 'UTF-8').__PS_BASE_URI__,

and replace it with

'base_dir_ssl' => (Configuration::get('PS_SSL_ENABLED') ? 'https://domain.tld' : 'http://www.domain.tld'),

(obviously replacing domain.tld with your actual domain) then it should work. Well it works for me anyway!

[jhnstcks]

I just used a 301 redirect to change the url from www.mydomain.com to mydomain.com, basically this means anyone who types out the url using www. automatically get redirected to the secure site, without www.

[S7 Media Ltd]

I just used a 301 redirect to change the url from www.mydomain.com to mydomain.com, basically this means anyone who types out the url using www. automatically get redirected to the secure site, without www.

Yeah actually this is the next thing I'm going to try, the thing I posted about changing the init file works mostly but doesn't seem to with the VSP Direct module... not sure why...

[splecter_w8]

Hi, I have this exact problem and I would like to ask jhnstcks to provide more information about 301 redirect.
I am using prestashop 1.3.6 and init file looks a whole lot different - can't use previous instructions from S7 Media Ltd

Problem:
SSL is for 'http://mydomain.com' and when someone accesses the site from 'www.mydomain.com' he then later gets redirected to 'https://www.mydomain.com/order...' and the warnings pop up.

Thank You in advance