By yt2s on
Not sure if this is the right place for this, so please forgive me if not. :)
I don't readily understand how HTTPS affects the Drupal 6 install and am curious if someone can point me in the right direction please. I am going to be using Ubercart and will need a secure store & check out. I notice on the server there is both an httpdocs and an httpsdocs folder.
Does a single Drupal 6 install work accross httpdocs & httpsdocs where the store and check out portions are in the httpsdocs? Or should a seperate Drupal 6 install be installed into each folder with the unsecure site in httpdocs and the store and check out site in httpsdocs?
I hope that question made sense. Trying to wrap my mind around this... :)
Thank you for any direction.
Comments
A single install is fine, but
A single install is fine, but you need to get a secure certificate for this website, which you can purchase from verisign or godaddy for example. In order to define secure pages on your drupal install you can use the secure pages module which lets you select which pages are to be secured by the certificate. I have just finished setting up exactly what you are talking about so if you have any more questions then just ask!
Allan
Hi Allan, Thank you very much
Hi Allan,
Thank you very much for the response! So, on a single install, would that then mean it is just a standard D6 install where everything is installed in the httpdocs folder on the server and nothing in the httpsdocs folder? The secure pages module and the SSL Cert are what provide the security? If that is the case then would I need to just ensure that the server is set to address both SSL & standard pages out of the same folder, in this case httpdocs?
Thats my understanding of
Thats my understanding of it...I've set it up on a dedicated server for the company though so i'm not sure if this would change, i don't think it would though, as you define which nodes are to be secured within Drupal. I don't envisage any need to have what would effectively be 'another' website for your secure areas. What you are saying above is how I would tackle the problem. You can get a free 14 day certificate from verisign once you generate a CSR. This means you don't have to spend any money until you get it working! :D
Just out of interest, what payment gateway are you planning on using?
Hey Allan, That's great news.
Hey Allan,
That's great news. Thank you for the response! I had all kinds of maintenance nightmare scenarios going through my head thinking I needed to do two separate installs, etc. :) I believe PayPal is going to be the method of choice, and I think it would likely be Website Payments Pro.
Again, much sincere thanks for your help Allan!
Not a problem at all, glad I
Not a problem at all, glad I could finally help someone! haha. If you need any more help then don't hesitate to get in touch with me!
Hi Allan, hope to get help on
Hi Allan, hope to get help on setting up the above topic. I have been searching around for proper steps.. I have downloaded the Secure Pages module, and on that page, it said "Make sure that your web server has SSL enabled and you Drupal installation has been configured to support SSL access", I am using Apache/2.2.4 (Linux/SUSE), PHP 5.2.4, and Drupal 6.9, I am hoping to get some simple steps or pointers on where should I start. Which files to set and so on. Any help pls?
Thanks.
Hi swcheah
I can give you a quick breakdown of the steps I took and if you need a bit more detail for any of them then just ask and I'll try and help.
In order to enable SSL on your webserver you need to get a certificate - this can be from VeriSign who offer a free certificate for 14 days I think. Before you can get the certificate you need to generate a CSR (which is basically a request from your server for a certificate) I generated this by using the OpenSSL on a command line (I am using apache on a Windows 2003 Server) but I'm sure if you google it you will be able to find a guide for generating a CSR for your circumstances. After you have generated your CSR and submitted it to who ever is providing your certificate (if it is a test certificate you will need to install this to your web-browser - again there should be online guides to help you do this based on your setup).
Assuming this all goes to plan (and note you may well run into a variety of issues - I certainly did!) you should be more or less ready to define which pages are to be "secured pages" using the Secure Pages module, and you should be ready to go!
Note - I had a lot of difficulty actually generating the CSR in the first place - a number of factors including me not knowing what I was doing to start with probably contributed to this! But the OpenSSL was missing from my XAMPP install - you may need to have a play about with this until you get it working.
Let me know if you need any more help!
Hi Allan, Thank you for your
Hi Allan, Thank you for your breakdown of steps. It is getting clearer for me. I think my os installation came with the openssl, I am going to try getting a test certificate from Verisign. But one question, after getting the test certificate, I need to install it to my web browser or my apache web server?
note: my dev server is not online yet (my IP address is internal only), is it possible to test the SSL?
Thanks a lot.
You need to install your test
You need to install your test cert to your browser, again there should be steps online as to how to achieve this depending on what browser you are using.
I'm not 100% sure about testing the cert offline but I don't see any logical reason why it shouldn't work, best thing to do is give it a bash!