Announcement

**pinbrook** · 06-Apr-2005, 05:08 PM

your cert has been issued to ocbsurf.co.uk and not www.ocbsurf.co.uk

you will have to ask whoever issued the cert to change it

**Princess** · 18-Apr-2005, 07:32 PM

If only it was that simple

I have been in touch with geotrust and they wont change it they say i have to put a redirection in (which i don't know how to do.)

I have been in touch with 1and1 as i used there wizard to get the ssl and they say its down to geotrust as a third person is invovled, if any one knows how to do this redirection please help me.

Claire

**Fire5675** · 26-Apr-2005, 09:07 AM

ssl error with 1and1

Hi Claire,
have just had the same problem with 1and1. When you selected the SSL cert from your control panel you must have forgot to tick the "www" box. This means that the SSL cert is showing http://yoursite.co.uk instead of http://www.yoursite.co.uk. To change this go to control panel / Domains / Dedicated SSL certificate / and press change, this will cancel the old one and then select the domain you wish to apply it to and tick the "www" box this time, it will show as http://www.yoursite.co.uk. This worked for us using the professionel package from 1and1.

Chris

**delboy** · 16-May-2005, 08:37 PM

Hi Claire,

Not at all surprised you made that error, you have to be almost psychic with the some of the 1and1 control panel.

Oh yes it's very easy
(but only if you know how). By the way, thanks to Chris, stopped me doing the same thing!

Delboy

**Mark H** · 05-Dec-2005, 10:42 PM

SSL, 1and1 and everything

It really is about time Actinic and 1and1 got their acts together on this one - 1and1's business and professional packages must be amongst the most popular with new (and upgrading) shops, particularly with the dedicated Geotrust certificate. A couple of phone calls to both parties produced a "not sure how to do that" from 1and1, and a "I haven't heard of that before" from Actinic. All I wanted to know was exactly how to set up a SSL subdomain (third level domain) in 1and1 to provide the checkout only SSL option in Actinic. Rocket science? - shouldn't be. Less of the "it's the other party's problem" please.

**Mike Hughes** · 06-Dec-2005, 09:23 AM

Why not do it the simple way using the same domain as your catalog?

As soon as you put your ssl checkout somewhere else I don't see how you're going to be able to access the images which are sitting in your standard acatalog folder and normally picked up securely from there.

Mike

**Mark H** · 06-Dec-2005, 09:47 AM

SSL in 1&1

Mike thanks for your reply - it is entirely possible that I am over-complicating matters - I am not an expert in SSL or sub-domains, I just need to know how to set things up for my shop (like many other users I suspect)! I have so far pinned my hopes on a post from Norman Rouxel which is reproduced in full below, and seems closest so far to answering the question:

And here's a 1&1 Professional site with a sub domain secure.mysite.com pointing at / and set to use the 1&1 SSL.

HTTPPROXYMODE 0
HTTPPROXYADDRESS
HTTPPROXYPORT 80
HTTPPROXYUSER
HTTPPROXYPASSWORD
FTPPROXYMODE 0
FTPPROXYADDRESS
FTPPROXYPORT 21
FTPPROXYUSER
FTPPROXYPASSWORD
SCRIPTID 1
SCRIPTEXT .pl
SMTPHOST auth.smtp.oneandone.co.uk
WEBSITEURL http://www.www.mysite.com/index.html
IGNOREPASSIVEERRORS true
USERELATIVECGIURLS false
PATHTOPERL /usr/bin/perl
SSLCATALOGURL https://sslrelay.com/secure.mysite.com/acatalog/
SSLCGIBINURL https://sslrelay.com/secure.mysite.com/cgi-bin/
SSLPATHFROMCGITOCATALOG ../acatalog/
SSLCODEBASE ./
SSLFTPHOST mysite.com
SSLFTPUSERNAME ********
SSLFTPPASSWORD ********
SSLPATHTOCGIBIN /cgi-bin/
SSLUSEPASSIVEFTP true
CATALOGURL http://www.mysite.com/acatalog/
CGIBINURL http://www.mysite.com/cgi-bin/
PATHFROMCGITOCATALOG ../acatalog/
CODEBASE ./
FTPHOST mysite.com
FTPUSERNAME *********
FTPPASSWORD *********
PATHTOCGIBIN /cgi-bin/
USEPASSIVEFTP true
FTPPATHFROMCGITOCATALOG

Tested OK with Catalog V6.1.2

Now as to how that lot works:-

The sslrelay thing is how 1 & 1 implement SSL. It allows you to access a sub-domain via SSL. You have to go to their control panel and activate both a sub-domain and then SSL on that sub-domain.

In detail, you (and I'm doing this from memory) have to set up a sub-domain first pointing at a directory on your site (in the example above I'm snow-lines.co.uk and I set up sub-domain secure.snow-lines.co.uk and pointed that at the root "/"). Then you activate SSL and tell it that secure.snow-lines.co.uk is your secure sub-domain.

Now in Actinic you set SSL on checkout only and use the settings like I posted above.

Norman refers to a subdomain (or third level domain depending who you talk to): www.secure.snow-lines.co.uk

I have assumed up to now that a subdomain like this has to be involved (and the certificate applied to it alone) so that the whole site isn't SSL and therefore slow.

So far I have set up a subdomain www.secure.my-domain.co.uk and currently it points to the site root, which is the default. Norman's post says that the subdomain should point to a directory on the site - should I create a directory such as www.my-domain.co.uk/secure/ and point the subdomain to that directory, and put the folders mentioned:

SSLCATALOGURL https://sslrelay.com/secure.mysite.com/acatalog/
SSLCGIBINURL https://sslrelay.com/secure.mysite.com/cgi-bin/

into that directory? ie create the following, where the subdomain points to the directory "secure":

www.my-domain.co.uk/secure/acatalog
www.my-domain.co.uk/secure/cgi

Or is there really a much simpler way...........

The real difficulty for me is that 1&1 say that any changes will each take 30 days to take effect (because of the associated Geotrust certificate), so I can't experiment in the usual way - I have to get it right first time!

**Mark H** · 06-Dec-2005, 09:56 AM

Sorry - I referred to the following above:

"Norman refers to a subdomain (or third level domain depending who you talk to): www.secure.snow-lines.co.uk"

This should read:

"Norman refers to a subdomain (or third level domain depending who you talk to): www.secure.mysite.com"

**Mike Hughes** · 06-Dec-2005, 12:02 PM

You don't need to use a separate secure domain. The usual setup to get the checkout on SSL is to tick the boxes for 'ssl' and 'checkout and customer login pages only' under Business settings>payment and security.

An SSL tab will now appear on the network setup and you then just check that the acatalog and cgi-bin references in the SSL tab are as your standard domain but start with https:

Setup your SSL certificate with 1and1 for your standard domain and make sure to tick the box marked 'www' (assuming you use www. on your domain name).

That's it. This is how I've setup my SSL with 1and1 and everything works fine. The catalog and brochure pages are on http: and the checkout pages are on https:

Mike

**Mark H** · 06-Dec-2005, 12:33 PM

Thanks Mike - that sounds very encouraging - just a couple of questions:

1 - What about this ssrelay that Norman and some others seem to think is necessary with 1&1?

2 - If I apply the Geotrust certificate to the whole domain, won't every page have https in front of it (I have included some non-Actinic, non-secure pages on the site)? Sorry if this is a dim question - you can tell that SSL is not one of my core skills....... The last time I spoke to 1&1 they said that if I wanted a website with secure and non-secure pages on it I must create a subdomain for secure pages and apply the certificate to that part only.

Regards, Mark.

**Mike Hughes** · 06-Dec-2005, 12:40 PM

1. SSL relay is only for accessing subdomains. Not needed if you use your primary domain.

2. SSL is only applied when the pages called begin with https: Any pages called via http: will not be secure. Actinic knows to only use https: on the checkout pages and not on the catalog, brochure pages etc so they won't be secure.

Mike

**Mark H** · 06-Dec-2005, 12:52 PM

Thanks Mike - that last bit of simple essential information is the key - no doubt elementary in the SSL web design business but news to me. It rather highlights the oddity of some of the advice being given out by 1&1 and others - even Actinic today told me that I would have to create duplicate acatalog and cgi folders on the same level with "symbolic links" between them with a secure subdomain etc etc. To be fair to them, they were probably working on the basis that I had to create a secure subdomain, whereas it was simply that I had been told on more than one occasion that this was the only way to go, and they didn't contradict this. Thanks again, Mark.

Announcement

SSL Error

SSL Error

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment