[ic] Secure server FAQs [monthly posting]

MITECH Trading interchange-users@lists.akopia.com
Tue Jul 10 08:52:02 2001


I would still like to see some setup and installation instructions for the
separate secure server.
It may be obvious to most members of this list, but I have seen many
requests and no clear answers.
I finally have the program up running after a lot of reading in the doc's
and in the email archives, but with this "last" step I don't find any
documentation anywhere. Please help.

Best regards
Michael Michaelsen
www.mitechtrading.com



----- Original Message -----
From: "Mike Heins" <mheins@redhat.com>
To: <interchange-users@developer.akopia.com>
Sent: Monday, July 09, 2001 9:18 PM
Subject: [ic] Secure server FAQs [monthly posting]


> These are the FAQs:
>
>   Shopping cart is dropped when using SSL.
>
>     This is a thorny question. It has many possible causes, and most often
>     occurs when you try to use a different secure server domain than the
>     regular catalog runs on. (See the next question for more info on
that.)
>
>     If your secure domain is the same as the non-secure domain, it is
>     usually due to the user not having cookies enabled. It can be due to
the
>     HostnameLookups (Stronghold/Apache parameter) not matching for the two
>     servers, secure and non-secure. It can also be caused by the user
having
>     different web proxy addresses for HTTP and HTTPS. If it still does not
>     work, try changing some of the appropriate configuration parameters in
>     interchange.cfg:
>
>        DomainTail   No
>        IpHead       Yes
>
>     If you still are having problems, try this combination in catalog.cfg,
>     the catalog configuration file:
>
>        SessionExpire  10 minutes
>        WideOpen       Yes
>
>     The above setting will typically make Interchange work when it is
>     possible to work. Sometimes when you have multiple Interchange servers
>     sharing the same secure server, you will have problems after accessing
>     the second one. (The first one issues a session ID cookie, and that
>     causes problems).
>
>   I have a different secure server domain. Why does the shopping cart
>   get dropped?
>
>     First of all, it is questionable business practice to not certify your
>     secure server. Besides violating the terms of use of many certificate
>     issuers, customers notice the changed domain and it is proven by user
>     surveys and long experience that you will receive fewer orders as a
>     result. Certs can be obtained for $125 US per year, less than the
>     typical cost of one hour of a top consultant's time. Do your business
>     a favor -- spend the money to get a cert.
>
>     If you insist on doing it anyway, probably driven by the fact that
>     you need a dedicated IP address for a secure server, you can use the
>     solutions in the previous FAQ question and get some relief.
>
>     But by far the best way is to have all orders and shopping cart calls
go
>     only to the secure domain.  Your users may get a different session
when
>     browsing the non-secure catalog pages, but it will matter little.
>
>     To do this on the Foundation demo, place in catalog.cfg:
>
>             AlwaysSecure  order ord/basket ord/checkout
>
>     For all *forms* to be secure, add "process" to that list. (Your search
>     forms will still be non-secure if you use "[process-search]" to
produce
>     the form ACTION.)
>
>     To make individual order links secure, use this instead of "[order]":
>
>             <A HREF="[area
>                         href=order
>                         secure=1
>                         form='mv_order_item=SKU_OF_ITEM'
>     ]">Order it</A>
>
>     To make a form-based order button secure, use "[process secure=1]" as
>     the ACTION.
>
>   My images aren't there on the secure server!!!
>
>     You have a different document root, or the permissions are not such
>     that you can access them. You can set a different base URL for images
>     with:
>
> ImageSecure   https://your.secure.server/somewhere/images
>
>     Don't try to set it to an http:// URL -- images will be broken anyway.
>
>   My secure pages fail when my browser is MSIE.
>
>     MSIE has several SSL bugs, particularly in V5.01.  See the
C<Apache-SSL>
>     or C<mod_ssl> FAQ. You can sometimes fix this with an httpd.conf
change:
>
>        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
>
> --
> Red Hat, Inc., 131 Willow Lane, Floor 2, Oxford, OH  45056
> phone +1.513.523.7621 fax 7501 <mheins@redhat.com>
>
> For a successful technology, reality must take precedence over public
> relations, for Nature cannot be fooled. -- Dick Feynman
>
> _______________________________________________
> Interchange-users mailing list
> Interchange-users@lists.akopia.com
> http://lists.akopia.com/mailman/listinfo/interchange-users
>