hi there. hope someone can help. i installed oscommerce on a redhat server. i have enabled ssl on oscommerce, but when i try to load a https:// page, the server cannot find the page. not sure what the path to https:// pages is. hope that makes sense.

joe

there is no special path to ssl encrypted web pages.

what's probably happening is that you don't have ssl running like openssl or don't have the support for ssl compiled in apache. you need to make sure that you have SSL enabled on your server and that you have a valid certificate for it (certificates can be self generated).

Wait a sec, you don't have to purchase security certificates?

hi, i have ssl enabled and have a trail certificate. u can see secure page here https://zeus.longhom.com. there is the standard setup page. but where is that page exactly? so i can change it. i dont know where the path to ssl pages is.

many thanks

i'm not sure if you're confused or if i'm confused... hehe. let's try to figure this out.

i still don't understand what you mean by ssl pages. if you go to WHM and click on List SSL Hosts under SSL/TSL and your host is listed there, then SSL should be setup for that domain, if not you need to install an SSL cert for it. so, if you go to... http://zeus.longhom.com and if you go to https://zeus.longhom.com. you should see the same page because they ARE the same page, which means they are located in the same place.

now if you meant your default html documents, you can find out where they are configured to by checking your httpd.conf file in /etc/httpd/conf and look for the string ServerRoot. by default, i believe it's at /usr/local/apache/htdocs

if you created an account in WHM and you're looking for that default, it's probably under /home/thatusername/www

ok, so that's where i'm coming from. where are you coming from?

charlie
=T

hi charlie... thanks for your time... but i am still confused... example if i do http://www.longhom.com i get page ok, now if i do https://www.longhom.com i get a different page. what i am trying to do is, on occommerce, is load the accounts page, under https protocol. but than the server will reply, page cannot be found, it finds it ok, if it just under http protocol. hmmm, a bit difficult to explain, as english is not my language..

jc

ok. maybe i'm talking out of my ass here, but if i'm not mistaken, the problem is that you need to have a dedicated ip for each cert. in this case you got a cert for zeus.longhom.com. if you wanted to ssl www.longhom.com, you should've got a cert for www.longhom.com or got a wildcard ssl cert. also, i would double check your httpd.conf file and check the <ifdefine ssl> tags and see if something's been added there.

i would have to research this more, but i'm fairly sure this is the problem. i would think that even if you created a new domain and ssl'ed it like... https://www.newsiteIregistered.com that it would just give you the pages in zeus.longhom.com.

hi charlie, at the bottom of the conf, i found these lines>>

</IfDefine>

<VirtualHost *>
DocumentRoot /var/www/html/longhom.com
ServerName www.longhom.com
SSLEngine on
</VirtualHost>

<VirtualHost *>
DocumentRoot "/var/www/html/longhom.com"
ServerName 66.139.77.44
</VirtualHost>

<VirtualHost *>
DocumentRoot "/public_html"
ServerName longhom
</VirtualHost>


not sure where they came from, as in mid conf file, i already have these lines, with different paths

Originally posted by OOagent137
Wait a sec, you don't have to purchase security certificates? Nope, you don't need to purchase them. You can generate your own SSL certificates.

http://slacksite.com/apache/certificate.html has an example.

Be aware that such an untrusted certificate may be rejected by some paranoid browsers, and that IE users will have to click OK to it (no trusted root CA). But, it will work just as well for encryption and the likes...

I am trying to get rid of that "OK" screen. So IE balks about it when I create my own? Is this only for users who have the highest level of security, or for everyone?

those are virtual host lines automatically generated by cpanel for you. SSL specific instructions should be under like a <IfDefine SSL> tag. If you didn't modify it, it's probably empty.

Originally posted by joedoe
hi charlie, at the bottom of the conf, i found these lines>>

</IfDefine>

<VirtualHost *>
DocumentRoot /var/www/html/longhom.com
ServerName www.longhom.com
SSLEngine on
</VirtualHost>

<VirtualHost *>
DocumentRoot "/var/www/html/longhom.com"
ServerName 66.139.77.44
</VirtualHost>

<VirtualHost *>
DocumentRoot "/public_html"
ServerName longhom
</VirtualHost>


not sure where they came from, as in mid conf file, i already have these lines, with different paths

That depends on where you get the yellow caution symbols. There's 3 areas IE gives you a message about...

-certificate issuer
-expiration date
-server name

so it depends on which one it has the problem with. if you generate your own cert, you WILL get a warning on the certificate issuer since no one on the internet trusts you to be a certifcate authoriy. if you do it right, expiration date and server name should be in the clear for you.

in joe's case... he'll get another warning on server name because he generated the certifcate for zeus.longhom.com and he's trying to go to https://www.longhom.com. those names don't match so you'll get a warning.

Originally posted by OOagent137
I am trying to get rid of that "OK" screen. So IE balks about it when I create my own? Is this only for users who have the highest level of security, or for everyone?

Well, this is the error I get:

The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority.

Basically, it also says the date is valid and the certificate has a valid name matching the name of the page you are trying to view.

I get this when trying to log into Plesk.

1) Is IE just whining because nobody trusts me as a certificate authority?

2) Hhow will purchasing a certificate from another company get rid of that warning? Does IE automatically trust certain companies?

3) Also, about how much would a certificate cost?

Thanks for all the help.

1) Yes. You are not a validated registered certificate authority.

2) Yes. IE automatically trusts certain companies, so as long as you get a cert from one that it trusts, no one will get that box. If you click on Tools / Internet Options / Content / Certificates, you can look at the intermediary and root trusted certificate authorities IE comes with.

3) Costs range from $49 to $349 per year. Try sites like http://www.whichssl.com to get a comparison and a better knowledge of how the whole SSL thing works. That should help you understand why this is cheaper than that.

charlie
=T

Originally posted by OOagent137
1) Is IE just whining because nobody trusts me as a certificate authority?

2) Hhow will purchasing a certificate from another company get rid of that warning? Does IE automatically trust certain companies?

3) Also, about how much would a certificate cost?

Thanks for all the help.