• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 310
  • Last Modified:

Set up an SSL Cert

I am using ecommercetemplates (www.ecommercetemplates.com) to create a website. I have been using it for a couple of years with no problems. The issue I am having is that I just switched hosting companies and had to re-install the site and all files. I also had to have the SSL re-issued and re-attached. The hosting company re-attached it. They have it set up now so that the whole site is "https" that is not what I wanted. It should turn to "https" when you get to the "cart" page. This is how it was at the old hosting company. How do I set the path to have the SSL only for that section of the site? I have submitted a question to ecommercetemplates.com but they are VERY slow at answering questions and my client is SCREAMING! Please help ASAP. Thanks.
1 Solution

Normally, the http & https are stored in 2 different folders.

I think your current hosting has put it all under one for the whole domain.

Dave HoweSoftware and Hardware EngineerCommented:
Personally, I wouldn't advise doing so.

One factor that has become evident in recent years is that having a largely "insecure" site with a separate "secure" area to protect transactions is vulnerable to a number of attacks - most recently/famously sslstrip, which redirects calls from insecure to secure to go insecurely via the proxy (so performing a MitM attack, but one the browser doesn't object to because the target is in fact a valid one.)

at the moment, demand for ssl accelerators is at an all time low - I am expecting that to change as virtualization really starts to kick in, but for now, the cpu load of ssl for all pages is easily absorbed, and the security benefits of an all-ssl site high. Why is your client so opposed to a "secure" site?
Jason C. LevineNo oneCommented:
You should be able to connect to the main site with plain old http and just use full URL https links as needed.  This is a "standard" setup for most sites.

So client connects to http://domain.com and surfs around.  When ready to shop, all links to "Add to Cart" would be:

<a href="https://domain.com/cart/add.php">Add to Cart</> and that begins the secure session.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now