[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 296
  • Last Modified:

Set up an SSL Cert

I am using ecommercetemplates (www.ecommercetemplates.com) to create a website. I have been using it for a couple of years with no problems. The issue I am having is that I just switched hosting companies and had to re-install the site and all files. I also had to have the SSL re-issued and re-attached. The hosting company re-attached it. They have it set up now so that the whole site is "https" that is not what I wanted. It should turn to "https" when you get to the "cart" page. This is how it was at the old hosting company. How do I set the path to have the SSL only for that section of the site? I have submitted a question to ecommercetemplates.com but they are VERY slow at answering questions and my client is SCREAMING! Please help ASAP. Thanks.
0
JustDuckyDesigns
Asked:
JustDuckyDesigns
1 Solution
 
dineeshCommented:
Hi,

Normally, the http & https are stored in 2 different folders.

I think your current hosting has put it all under one for the whole domain.

regards
Dinesh
0
 
Dave HoweCommented:
Personally, I wouldn't advise doing so.

One factor that has become evident in recent years is that having a largely "insecure" site with a separate "secure" area to protect transactions is vulnerable to a number of attacks - most recently/famously sslstrip, which redirects calls from insecure to secure to go insecurely via the proxy (so performing a MitM attack, but one the browser doesn't object to because the target is in fact a valid one.)

at the moment, demand for ssl accelerators is at an all time low - I am expecting that to change as virtualization really starts to kick in, but for now, the cpu load of ssl for all pages is easily absorbed, and the security benefits of an all-ssl site high. Why is your client so opposed to a "secure" site?
0
 
Jason C. LevineNo oneCommented:
You should be able to connect to the main site with plain old http and just use full URL https links as needed.  This is a "standard" setup for most sites.

So client connects to http://domain.com and surfs around.  When ready to shop, all links to "Add to Cart" would be:

<a href="https://domain.com/cart/add.php">Add to Cart</> and that begins the secure session.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now