Hi All,

6 1/2 hours and I still cannot get my SSL settings set on the network configuration.
The following is the procedure that I follow.

Launch Developer
View|Business Settings|Payment and Security
SSL: Tick (on)
SSL: Select Checkout Pages and Customer Login Only
SSL: Click "Configure SSL Settings..." Button
At Advanced Network Setup Dialog
Click Wizard
Tick Configure New Settings
Tick Confirm Each Setting
Click Next
At SSL Security Dialog
Select SSL and HTTP on the Same Server
Tick Different CGI Bin Directories
Tick Different FTP Settings
Tick Yes I wish to use SSL in this manner
Click Next
At Proxy/Firewall Configuration dialog
Select None (HTTP Proxy)
Select None (FTP Proxy)
Click Next
At FTP Account
Enter Hostname/Address (morethanagift.com)
Enter Username: morethanagift@arassoc.com
Enter Password: xxxxxxxx
Tick Use Passive FTP Transfer
Click Next
Secure Server FTP Account
Enter Hostname/Address (secure.arassoc.com)
Enter Username: secure@arassoc.com
Enter Password: xxxxxxxx
Tick Use Passive FTP Transfer
Click Next
At Web Site Address Dialog
Web Site Address: http://morethanagift.com/ (Prefilled)
Click Next
Analyzing Web Site dialog working
Next dialog to appear is Directories...
CGI Bin Directory Prefilled correctly for Catalog Site ( /cgi-bin/ )
Web Root Directory Prefilled correctly for Catalog Site ( / )
Click Next

Catalog Terminates as it is checking for the cgi-bin directory

I have no clue why it keeps terminating. It just blows up with no errors, nothing, exits to windows. I have tried rebooting, rebooting clean, compacting the databases, I am at my wits end and about ready to trash Actinic. If someone could please help me with this I would appreciate it.

One time and one time only the following steps occured


Launch Developer
View|Business Settings|Payment and Security
SSL: Tick (on)
SSL: Select Checkout Pages and Customer Login Only
SSL: Click "Configure SSL Settings..." Button
At Advanced Network Setup Dialog
Click Wizard
Tick Configure New Settings
Tick Confirm Each Setting
Click Next
At SSL Security Dialog
Select SSL and HTTP on the Same Server
Tick Different CGI Bin Directories
Tick Different FTP Settings
Tick Yes I wish to use SSL in this manner
Click Next
At Proxy/Firewall Configuration dialog
Select None (HTTP Proxy)
Select None (FTP Proxy)
Click Next
At FTP Account
Enter Hostname/Address (morethanagift.com)
Enter Username: morethanagift@arassoc.com
Enter Password: 16275528
Tick Use Passive FTP Transfer
Click Next
At Web Site Address Dialog
Web Site Address: http://morethanagift.com/ (Prefilled)
Click Next
Analyzing Web Site dialog working
Next dialog to appear is Directories...
CGI Bin Directory Prefilled correctly for Catalog Site ( /cgi-bin/ )
Web Root Directory Prefilled correctly for Catalog Site ( / )
Click Next
CGI-BIN URL dialog comes up prefilled correctly for Catalog Site
( http://morethanagift.com/cgi-bin/ )
Click Next

Analyzing Web Site Dialog come up Checking Address
Error Dialog - There is a problem with the SSL certificate:
The host name in the certificate is invalid or does not match"
Click OK

Secure Server CGI-BIN URL comes up prefilled with CGI-BIN Address
( https://morethanagift.com/cgi-bin/ ) which is incorrect.
Enter correct information ( https://secure.arassoc.com/cgi-bin/ )
Click Next

ConnectionWizard Information Diaglog comes up
The specified CGI-BIN URL or possibly the path to the CGI-BIN
is not correct. Check the CGI-BIN URL and try again.
If the CGI-BIN is correct, return to the first page of the
wizard and turn on the button to confirm each setting.
Then progress through the dialogs once again and verify
that the path to the cgi-bin is also correct. The web server
returned (404) Not Found.

My web server is http://morethanagift.com
My cgi-bin is located at http://morethanagift.com/cgi-bin

My secure server is https://secure.arassoc.com
CGI-BIN for the secure server https://secure.arassoc.com/cgi-bin


Eagle

In general terms if your ssl certificate is set up properly on the server, Actinic will recognize the certificate and once you have changed the settings in business setting payments security, you would be all set to go. That been said it appears that Actinic is not cooperating with you at the memont. However given the information you provide I believe your looking at a symptom, not the problem. So dont shoot the messenger here (actinic) you need to look more closely to remedy the issue on the server. I would run through some of the testing proceedures on your ssl certificate. I know that it does indeed validate however post a page up to test its ability to work through a secure page in apache. From a quick look I think you may have a problem on the sever configuration side which is causing the problem in Actinic.

We sell install and support both Geotrust and Godaddy ssl certificates that run in similar apache / redhat enviroment. configuration for an SSL should not take more then one hour. As we have almost 100 of these things installed using Actinic 5, 6 & 7 I am pretty confident Actinic software does not have issues with their side of the ssl technology. I can also tell you the first time we installed an ssl certificate on an apache server it took some configuration changes and a few hours to sort it all out.

[glanced at information you provided again] - Could be an issue that your "secure cgi-bin is running here:CGI-BIN for the secure server https://secure.arassoc.com/cgi-bin and I am pretty certain that Actinic want you to run the cgi-bin securely under the domain i.e. https://morethanagift.com/cgi-bin

This would lead me to beleive your trying to use a server certificate rather then a domain certificate which will not work. You need to get a certificate under the domain name: http://morethanagift.com and install it in the domain under apache and this will resolve your issue.

Brian

You need to get a certificate under the domain name: http://morethanagift.com and install it in the domain under apache and this will resolve your issue.

This would surely fix it the issue, but we'd still like to use "secure.arassoc.com" as our certificate holder.

The program just "dies", abruptly, without any errors.
So we have no way of troubleshooting this issue.

In addition, why would I want to secure the domain morethanagift.com, this would then run the entire store under the SSL. I don't want that and actinic allows me to run 2 completely different servers for SSL and HTTP so that I can put the login and checkout pages under SSL and still have the catalog under the non-secure. Running the entire store under SSL would really slow down the loading of pages to the customer as the each page would have to be downloaded each time a customer browsed to it.


From the Help File:
Actinic allows you to use a mixture of normal (http) URLs and SSL (https) URLs for viewing your online store. The http protocol is simple and easy to use, but it doesn't secure a connection, which makes it unsafe for entering sensitive information such as credit cards. The https protocol does provide security, but it is slower than http. So the ideal site configuration is https on pages with sensitive information (customer login and checkout process) and http on the rest of the pages (product pages, cart and search). Actinic allows you to set up your store in this way.

The feature is activated in 'View | Business Settings | Payment and Security'. See Securing Your Online Store.

This feature is designed to utilise two different servers . The customer login and checkout pages are served from the SSL server (using https) while the rest of the pages are served from the HTTP server. These servers may run on the same computer or on two different computers.

When Actinic is configured to use SSL only for customer login and checkout pages (see Securing Your Online Store) then most of the network settings are specified separately for the HTTP and SSL servers. When the site is uploaded, the whole site is uploaded to the HTTP server (just as in case of standard configuration) then a set of script files is uploaded to the SSL server's CGI directory.

This is a cPanel server running phpsuexec on CentOS 3.3.

Seems like what "you want to do" and "how the technology actually works" is on a diverging coarse. You need to set up the ssl under the proper domain. this will fix the problem. There is no reason to push a checkout to an alternate domain on the server and infact it seems that it works against the verification properties of an ssl certificate. The whole idea behind ssl is not the fact that it provides encryption of the session between the desktop browser session and the server. SSL is ment to provide a verfication of the domain and its owner as a trusted source to do business with as a consumer. If you bounce the browser session out to a third party domain for processing then your actually confusing the consumer.

If you want to do third party shared ssl services off your server you will need to purchase a shared ssl kit from Actinic to be a shared ssl provider. (not recomeded)

Brian

Brian,
Why does the Application offer this option though?

I understand where you are going with the security issues as to relaying form data accross servers is not recommended.

But the application offers this option, does it not?
Sorry, I am slightly confused.

Why say this if you don't mean it?
SECURITY AND PAYMENT Developer Business Catalog OrderManager
Limit certain payment methods to specific locations in order to cut down fraud
Process credit card transactions online with a selection of payment service providers
Taken credit card numbers securely online via a shared SSL server
Run the entire store, or just essential pages, on your own secure server

The answer is no it does not. Your taking this information out of context. The software allows you to use ssl on all pages (all pages in your website) or just in the checkout pages.

"On your own server" meaning put a ssl certificate for your domain on your own server and the ssl works great.

Seems to me your splitting hairs.

Brian

Brian,
Sorry. I was under the impression that I could use the SSL certificate installed on my other domain to handle this domains "secured area"..

no worries,
just checked your site and you only have paypal enabled. Fyi you really dont need an ssl certificate if your only using paypal in checkout as Paypal provides its own security. Also just a use ability note. Your add to cart button is so faint that I had to mouse over and highlight the code just to locate it on a page. Very had to see and thats not good for people who want to buy.

best of luck
Brian

Nowadays when you can buy an SSL cert for less than $50 it makes sense to me to have one for each domain. Then configure Actinic to secure the checkout pages only.

no worries,
just checked your site and you only have paypal enabled. Fyi you really dont need an ssl certificate if your only using paypal in checkout as Paypal provides its own security. Understood, however the pages that the customer enters his name and address are not protected in that scenario hence the reason for wanting SSL on the "checkout" pages.

Also just a use ability note. Your add to cart button is so faint that I had to mouse over and highlight the code just to locate it on a page. Very had to see and thats not good for people who want to buy.

best of luck
Brian Now who is splitting hairs. Might want to check your firewall, popup blocker, ad blocker or some other software that may be inhibiting animated gif's. The gif for the add-to-cart button is animated and goes from bright to light to give the effect that it is "blinking" although I agree that I might want to change that as I do not really like it either, so thank you for the comment.

Eagle

The answer is no it does not. Your taking this information out of context. The software allows you to use ssl on all pages (all pages in your website) or just in the checkout pages.

"On your own server" meaning put a ssl certificate for your domain on your own server and the ssl works great.

Seems to me your splitting hairs.

BrianBrian,
Help me understand the meaning of this article then? http://knowledge.actinic.com/users/kadmin/acatalog/SSL_Server_Setup.html#aKB352

or this one http://knowledge.actinic.com/users/kadmin/acatalog/SSL_Server_Setup.html#aKB431

or this one http://knowledge.actinic.com/users/kadmin/acatalog/SSL_Server_Setup.html#aKB430

In addition, please check the following links:

http://www.dnsstuff.com/tools/lookup.ch?name=morethanagift.com&type=A
http://www.dnsstuff.com/tools/lookup.ch?name=arassoc.com&type=A

According to those articles the SSL cgi-bin and the non-secure cgi-bin must reside on the same physical server! They do, so where is the problem?

Tell me, how can you have two domains with the same IP if they are not on the same "physical server" ? IP's are bound to MAC addresses are they not? How could you have the same MAC address in two different servers?

You know in all this hoop-la it still has not been explained why Actinic just DUMPS out of memory with no errors. That was the original question anyway and it seems as though somewhere you have lost sight of that question.

None of these back and forth comments have even touched on that subject.

Eagle

Hi there

For Actinic to work in SSL, you have to set up a symbolic link between the secure /acatalog/ folder to the insecure /acatalog/ folder. What this means is that if there is anything placed within the insecure /acatalog/ folder, you should see it in the secure /acatalog/ folder.

For more information on the SSL setup, please check out the following guide (http://www.actinic.co.uk/hosting/docs/Correct_SSL_Setup_For_Actinic.pdf)

Kind Regards

Hi there

For Actinic to work in SSL, you have to set up a symbolic link between the secure /acatalog/ folder to the insecure /acatalog/ folder. What this means is that if there is anything placed within the insecure /acatalog/ folder, you should see it in the secure /acatalog/ folder.

For more information on the SSL setup, please check out the following guide (http://www.actinic.co.uk/hosting/docs/Correct_SSL_Setup_For_Actinic.pdf)

Kind Regards

Hi Nadeem,

Thank you for that, I really appreciate the help. That is exactly how I thought Actinic should work and it is exactly how I have things set up on the server side.

However, when I use the wizard to populate the network settings Actinic crashes when it starts looking for the secure/cgi-bin directory. It terminates with no error or anything, just dumps itself out of memory. I thought at first that it might be something that was off kilter with my pc so I asked my hosting company to download a copy of the trial version of actinic.

Whenever he tried to run the wizard with the same criteria that I did the same thing happened to him, actinic just dumps out of memory with no warning and no error. The dialog box is the "Analyzing Web Site" dialog and while it is looking for the secure-cgi-bin, it just crashes. What could be causing that to happen?

I would be perfectly willing to send you the credentials for the secure vs non-secure directorys, login information, etc. if you would want to try it yourself. I would really appreciate it if you could do that for me.

Also, if by chance you do get it to work with your installation, would you be willing to export the network settings and send them to me so that I could import them and then test to see if things work as they should?


Thanks
Eagle

Hi there

I would recommend you registering an Email support ticket on http://www.actinic.co.uk/support/register.htm. They can take a look into the server and provide you with network settings. If they cannot configure it for you, then they can explain at what point is the problem coming from.

Kind Regards