[svlug] SSL and credit card processing

Skip Evans skip at bigskypenguin.com
Thu Jul 20 08:50:29 PDT 2006

Previous message: [svlug] SSL and credit card processing
Next message: [svlug] Free SSL certificate?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey all,

After more looking over the config suggestions the 
comodo.net tech support guy gave me, I am now 
thinking my problem is in the ssl.conf file here:

##
## SSL Virtual Host Context
##

<VirtualHost buymytextbooks.venomouspenguin.com>
     DocumentRoot /usr/home/buymytextbooks/public_html
     ServerName buymytextbooks.venomouspenguin.com
     SSLEngine on
     SSLCertificateFile 
/etc/ssl/crt/buymytextbooks_biz.crt
     SSLCertificateKeyFile /etc/ssl/crt/myserver.key
         <Directory 
"/usr/home/buymytextbooks/public_html">
             Options Indexes FollowSymLinks
             DirectoryIndex index.php index.html 
index.html.var
             Order Allow,Deny
             Allow from all
         </Directory>
</VirtualHost>


Doesn't this look like the whole site is behind 
the SSL cert by way of the <Directory> directive? 
Shouldn't this contain just the path to the 
protected scripts?

Skip



Skip Evans wrote:
> Hey all,
> 
> You may remember my saga trying to get an SSL cert 
> going on my Apache2 install for a site that we 
> will be launching soon that needs to process 
> credit card payments through authorize.net. I 
> don't know anything about SSL at this point, but I 
> was told I needed the cert to process CC's.
> 
> (By the way, I have O'Reilly's OpenSSL book on the 
> way and it will be here today, so I hope to 
> rememdy this acute ignorance about SSL I currently 
> suffer from).
> 
> Anyway, I found that mod_ssl was not installed by 
> doing a httpd -l at a list member's request.
> 
> Rick then suggested reinstalling Apache with the 
> proper settings, which I did, and mod_ssl does 
> show up now when I do httpd -l.
> 
> However, with the configuration now in place the 
> guy at comodo.net, where I purchased the cert, 
> walked me through, it seems the only way to access 
> any portion of the site is through https.
> 
> Their tech support told me that is how it works, 
> but that seems bizarre to me. I was under the 
> impression only the CC processing transmissions 
> needed use of the cert.
> 
> If I got to amazon.com and look up a book I'm not 
> behind https.
> 
> Any direction would be most appreciated.

-- 
Skip Evans
Big Sky Penguin, LLC
61 W Broadway
Butte, Montana 59701
406-782-2240

Previous message: [svlug] SSL and credit card processing
Next message: [svlug] Free SSL certificate?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list