I must install a SSL certificate for my Magento store and I have a question:
Is it better to install the SSL certificate in a subdirectory or in the main domain? (Ex: store.domain.com or domain.com)
My doubt is whether installing on the primary domain (domain.com) could harm the SEO ranking in Google, since the site will now respond with https?
Or does Magento handle this and loads the https pages only when necessary, like in the cart pages?
Magento can use https only for certain pages (they're checkout, customer account and admin panel), but it depends on configuration. Please, see the Web→Secure→Base URL config option. You're probably want to set base URL as http://www.foo.com/ and base secure URL as https://www.foo.com/
Related
I have purchased a domain name through google domains (e.g. example.com). Separately I have created a website at a third party (wix). I am now trying to connect my domain name to the wix hosted site.
Setting up regular http was trivial: I copied the 2 custom name servers from wix to the DNS name server entries in google domains and then example.com immediately began routing to the wix site.
What are the next steps to setup https so that my domain securely routes to wix?
The help page for google domains states that I can go to Certificate Authority to obtain an SSL certificate, but then where does the certificate information go? In google domains or in wix? If the cert info goes in wix, do I have to change any settings on the google domains side?
Note: I am tyring to avoid doing redirect because I want the website url to always show "example.com", I don't want the address changed by redirect to "example.wix.com" while the user is browsing.
Thank you in advance for your consideration and response.
Eventually https began to redirect properly to wix as well. I was not able to discover the root cause, perhaps it was just a timing issue with DNS.
I sat up facebook connect extension on my magento store, which allows customer to login to the store with their facebook account. After filling api key, api secret in magento and config site url in facebook apps, the extension worked perfectly. However, if I switch to another store (with another domain), it won't work anymore. Is there a way to have magento connect to facebook without matching site url?
Here is the extension I got from: http://inchoo.net/ecommerce/magento/facebook-connect-magento-extension/
I'm not fully aware of how that Magento app works internally, however what I would say is that Facebook strictly speaking, does not allow apps to work across multiple different URLs. You can add multiple subdomains, however.
There is also some unsupported functionality allowing you to run apps across different domains details in this question, though it's worth remembering, this is unsupported.
The Facebook docs have some more info on "App Domains", and how they should be configured.
I sat up facebook connect extension on my magento store. After filling api key, api secret in magento and config site url in facebook apps, the extension worked perfectly. However, if I switch to another store (with another domain), it won't work anymore. Is there a way to have magento connect to facebook without matching site url?
Here is the extension I got from: http://inchoo.net/ecommerce/magento/facebook-connect-magento-extension/
Please follow this, and use extension it provided. http://inchoo.net/ecommerce/magento/facebook-connect-magento-extension/
It worked for my multistore.
I have a new client whose website is having all kinds of problems (I'm just coming into the situation now). It's a Joomla site with a VirtueMart shopping cart, but when I'm using the shopping cart, it doesn't appear to be using https. I'm a novice when it comes to shopping carts, but I would think this is a critical issue. Isn't this really, really bad?!? Or is it a feature of Joomla and VirtueMart?
When dealing with payments online, it's always best to use HTTPS as I assume you know it's more secure. There could be a few reason why it hasn't been used on your clients' site, such as: Good SSL certificates are quite expensive (especially if you're on a budget), it decreases site performance, the person who developed it might not have any idea about SSL Certificates. Either way, I would recommend you get your client to purchase a SSL Certificate
I have a site built in mvc3 using normal FormsAuthentication for login. This site should now be SSL-enabled, and I've also been asked to add the option to login using e-Identification/Smart card (my customers emploees all have specific eIdentification cards called SITHS).
So I have a certificate from VeriSign for the SSL (installed).
I have a Root "CA" certficiate for the server-client verification (added to trusted root).
I have a test card with an e-identification certificate corresponding to the above root cert.
I have the code ready for the membershipProvider to parse and check the client certificate against my user database, but I'm very unsure about the server- and certificate bits. Also the old functionality of normal FormsAuthentication should be retained.
My idea is to enable SSL on the entire site using the VeriSign cert. Then, somehow, add a requirement for example "LogOnSmartCard.cshtml" to use the "CA" cert. So when a user is directed to this page the smart card application will kick in and an authentication will be made. Then I can create the normal login ticket and redirect the user to the main page.
If this seems like a decent idea - any ideas on how I should go about configuring this in IIS (v7) and/or web.config? Can I require a specific cert for a specific page?
I'll add how I solved it since there was no other input:
In IIS I bound the (SSL) VeriSign cert to the entire site
I imported the CA certificate(s) for (smart card) authentication to the certificate store
I added the IIS option "Require SSL" to a specific view for smart card login
By just doing these steps I have an SSL-encrypted site (https) and a view that requires, in my case, smart card login.
In the code I added a ActionFilter (IAuthorizationFilter) that interprets the certificate and checks for validity (etc.) and then tries to perform a login against users mapped in the database (to the certificate serialnumber)
Registered the ActionFilter in global.asax (Application_Start)
This solution, together with the normal FormsAuthentication, now works perfectly hand-in-hand.