osCommerce SSL setup begins with a valid commercial SSL certificate. The SSL technology enables the web server you’re hosted upon and your device web browser to talk to each other over an encrypted conversation that prevents hackers and criminals from obtaining information that they should not see.

SSL Background

(pronounced as separate letters) Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:

SSL Consumer Trust

This is even more prevalent in consumer awareness. Almost all of know more about the browser padlock. Even if you do not use payment modules from third-party sources such as PayPal™, your potential customer must enter sensitive information about themselves in your osCommerce shopping cart and are very concerned this information may be leaked.

How Do I Get Started in cPanel™?cPanel TLS/SSL Manager

Our knowledgebase has an  ever evolving list of helping items creating SSL in cpanel

The menu items from here are very much self-help.

Where can I purchase an SSL Certificate for osCommerce SSL Setup?

I’ll be adding many detailed pages on SSL Certificate features in the coming days… In the SSL commercial market are many varying types of certificates to select. Many come with high value warranties of assurance. Others will validate your organization or business and provide varying levels of site seals for your website.

Quick Validation Certificates

Certificates of these types generally rely upon your domain name contact information. If you don’t know what it is, consult the company you purchased the domain from and get that information updated! Make sure the email address and phone numbers are accurate and active. Provisioning time usually takes less than ten minutes. The seals are basic and generally only display the SSL validated information.

Full Validation Certificates

These types require you to submit documentation about your company and your identity. Most often used are the business registration from a government entity, articles of incorporation, DUNS, government issued identification, utility bill for the company address and others. Be prepared and get those scanned to PDF format.

A vetting officer will contact you via email or phone to begin the process of validation. It is quite normal for the representative to come from the company that actually provisions the certificate from companies like Comodo, GlobalSign, Geotrust, Thawte and others.

Making SSL Work With The Catalog and Admin

In order to make SSL work with osCommerce you need to set the correct configuration paths in catalog/includes/configure.php

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.yourdomain.com'); // should not be empty
 define('HTTPS_SERVER', 'https://www.yourdomain.com'); // should not be empty
 define('ENABLE_SSL', true); // secure webserver
 define('HTTP_COOKIE_DOMAIN', 'www.yourdomain.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.yourdomain.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');

b ) admin/includes/configure.php

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.yourdomain.com'); // should not be empty
 define('HTTP_CATALOG_SERVER', 'http://www.yourdomain.com');
 define('HTTPS_CATALOG_SERVER', 'https://www.yourdomain.com');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

These changes above will result in a small padlock being shown in the bottom right of your browser status bar or in the upper left of the web address bar when you navigate to a secure page AND your address line will show the https:// URL instead of http:// Your osCommerce SSL setup should now be complete!