osCommerce & SSL

briggers · 15th May 2008, 05:06 PM

We have a very much modified osC site nearly ready to go live, but the client has been pressured by his bank HSBC to use their CPI payment system rather than Protx (which we have installed for many other sites).

HSBC CPI requires the use of a SSL site (Protx and SecPay do not) even though the card details are handled on the CPI site. I have searched the osC forums and this one to find out which of the osC files need to be copied to a SSL server but cannot find any suggestions.

I understand how to mod the 2 config.php files to specify the location of the SSL domain, by not which files to put there. The site is currently developed and running on an internal server. We would normally just ftp it up to the webserver and copy the mySQL database, making a few changes to the config files on the way. So I don't really want to go through a normal osC installation on the webserver.

Can anyone make a suggestion?

The site will be loaded to a virtual domain: http://www.<client-domain.com>/catalog
and we have a domain with a full cert at: https://www.<our-secure-domain.com> so we would put the files that need to be on the secure server at: https://www.<our-secure-domain.com>/<client-domain> just like we were using a U-H shared secure server.

I thought I'd ask the question here rather than the osC forums because it seems that the replies are more thought through - and the U-H support team are always excellent

Thanks
PS. And if anyone has any tips on installing the osC contrib for HSBC eSecure they would be most welcome.
Thanks again

Vger · 15th May 2008, 05:14 PM

You'll lose the session id if you do it that way. Just use the UH Shared SSL.

With regards to HSBC eSecure installation.
1. Work hard for two weeks
2. Bang head against the wall constantly
3. Throw at least one PC out of the window.
4. Finally, pay someone else to do it.

Protx DO require the use of SSL or else you cannot connect to them - if you use Protx Direct.

If you want an HSBC Secure ePayments API module installed (where customers do not leave your website) then give us a call!

Vger

briggers · 15th May 2008, 05:31 PM

Thanks Vger,

Well, you have answered my subsidiary question really clearly - I was starting to feel like that even before your answer.

But we do use ProtX VSPForm and that does not need SSL and it works very well, we have not had any problems on half-a-dozen sites over the last 4 or 5 years.

I don't quite understand why using the U-H shared SSL server would be any different to using our own. Presumably we would need to put some of the site files there.

... And I have a note that you were involved in the contrib - so it must work!

Vger · 16th May 2008, 12:03 PM

With regard to the problem of using two different servers for ssl and non-ssl I can only speak from experience. The reason I warn people about using Fasthosts for osCommerce is that their shared ssl is always on another, separate, server and the session id from the transaction on the non-ssl server never carries over to the ssl server. If you can lick that problem then fine - otherwise use UH's shared ssl. That way the session id is kept and there's no need to duplicate files.

Yes, I was marginally involved with the HSBC Secure ePayments module for osCommerce, after being one of those who spent two weeks banging my head against a brick wall and almost trashing my PC. I tidied up some of the install instructions, making things a bit clearer - but that's all.

Vger

judder · 17th June 2008, 02:09 PM

Hi

Try using the HSBC XML instead - it works just like the Protx direct and only needs a CURL install with SSL which most ISPs should support.

osCommerce: HSBC XML API

Alex

Vger · 17th June 2008, 02:30 PM

I have to ask this - did you register just to post a link to your own contribution, or are you actually a UH customer?

I've just finished installing an HSBC CPI module and apart from a problem with the Order Number being too long it now works fine.

Vger