StoreFront Ecommerce News for FrontPage & Dreamweaver
Press CTRL+D to Bookmark StoreFrontGoodies.com
Click Here to sign up for our Monthly Newsletter.

| Home | New Forum! | StoreFront 6 | StoreFront 6 Add Ons | Search Engine Optimization | Essential Tools | StoreFront 5 | StoreFront 2000 | SFG Partners | Participate | Suggestion Box | Security |

home > storefront 2000 > storefront 2000 knowledge base

| StoreFront 2000 Knowledge Base |


Using a Shared SSL Location
 

Posted Friday, April 23, 2004

In order to ensure that the information collected from customers during the ordering process is encrypted and secure StoreFront is designed to use Secure Socket Layer technology. All the operations performed by files within the StoreFront ssl folder should be conducted under the secure sockets layer using HTTPS instead of HTTP. Gaining access to SSL usually requires the owner of the site to purchase an SSL certificate. Rather than purchase an SSL certificate from a company such as Thawte or Verisign, many StoreFront users prefer to use a shared SSL location provided by their webhost. Shared SSL may be used in two different ways:

 

  1. The host creates a subweb for the client under the secure domain. After creating the subweb, the host configures the subweb as a virtual map to the ssl folder that resides within the root folder of the merchant's web. In this fashion, the secure subweb is made to contain the same files as the nonsecure SSL, ie, the files contained in http://www.yourSFweb.com/ssl/ , which is the URL to the nonsecure SSL folder, are the same files that are contained in the secure subweb at https://www.yourSharedSSLlocation.com/yoursecuresubweb/.
    To use this sort of shared ssl configuration, take the following steps:

    Connect to your database using the StoreFront Web Manager. Under the General tab, change your Secure Directory Location to point to the process_order.asp file in your secure location Make sure that the prefix used is https rather than http; files accessed under http are not secured. For example:

    https://secure.yourSharedSSLLocation.com/yoursecuresubweb/process_order.asp

    Save the changes to these settings and open your web in FrontPage, Dreamweaver/UltraDev, or an FTP client. Locate the db.conn.open.asp file in the SSL/SFLib folder and open it using Notepad or another text editor. Find the following line:

    DSN_Name = "YOUR DSN HERE"

    Enter your DSN between the quotes in the indicated location. The DSN you enter here should be the System DSN set on the server to point to your web store's database. If your site is using a SQL Server database be sure to associate your SQL Server login information with the DSN as shown in the following example:

    DSN_Name = "DSN=YourDSN;Uid=yourSQLusername;Pwd=yourSQLpassword;"

    Save the changed file back to the web and test by running through an order. This is all that's required to support this form of shared SSL.

  2. In the second form of SSL the host creates a subweb for the client under the secure domain. After creating the subweb, the host does not configure the subweb as a virtual directory mapped back to the existing SSL folder in the merchant’s root web. Instead, the merchant must move all the files from the root web’s ssl folder in the secure location. This is easily done: simply open both the root web and the secure location in separate FTP windows, then copy and paste ALL the files from the unsecure copy of the ssl folder into the secure subweb. When copying the files, be sure to preserve the directory structure. The files from the root of the ssl folder can sit in the root of the secure subweb, but the secure location must contain an SFLib folder, admin folder, etc, all containing the appropriate files.

    Connect to your database using the StoreFront Web Manager once you've moved the files. Under the Application tab change your Secure Directory Location to point to the process_order.asp file in your secure location Make sure that the prefix used is https rather than http; files accessed under http are not secured. For example:

    https://secure.yourSharedSSLLocation.com/yoursecuresubweb/process_order.asp

    Save the settings in the Web Manager and locate the db.conn.open.asp file in the SSL/SFLib folder of your secure location. Open this file using Notepad or another text editor. Find the following line:

    DSN_Name = "YOUR DSN HERE"

    Enter your DSN between the quotes in the indicated location. The DSN you enter here should be the System DSN set on the server to point to your web store's database. If your site is using a SQL Server database be sure to associate your SQL Server login information with the DSN as shown in the following example:

    DSN_Name = "DSN=YourDSN;Uid=yourSQLusername;Pwd=yourSQLpassword;"

    Save the changed file back to the web and test by running through an order. This is all that's required to support this form of shared SSL.

Browse more...
StoreFront 2000 Knowledge Base

e-mail E-mail this page
print Printer-friendly page