OSCOMMERCE SUPPORT CALL 702-453-3332

This is as simple as it gets -- how to install SSL, which is a mandate on every e-commerce site, easily and effectively on OSC:

(1) Inform your host. Tell your host you're going to install SSL through another company. They shouldn't charge you, but they might ... 10 bucks or whatever. They'll e-mail you a CSR (certificate signing request), which is really just a big clump of mumble-jumbled coding.

(2) Find an SSL Company. A popular one seems to be the RapidSSL by Geotrust, 'cause it's cheap, but there are plenty. Many people use Geotrust, Verisign, Networksolutions, GoDaddy, and others. A Simple Google Search can give you plenty of other options. Make sure it has at least 128-bit data encryption, and is compatible with all browsers. Make sure it has a trusted root. Make sure it puts a padlock in your browser. These are all questions you'll ask the SSL company.

(3) Purchase the SSL. E-mail the SSL company your CSR that your host gave to you. Be sure that both your host and the SSL company are on the same page -- assign your SSL to either http://www.yoursite.com, or http://yoursite.com -- but make sure the host and the SSL company are on the same page, and both do the same thing.

(4) Go back to your host. You'll receive an SSL Certificate Key from the SSL company once purchased. This will be more mumble-jumbled coding in your e-mail. E-mail the SSL Certificate Key back to your host. They'll install it for you.

(5) Alter your config files. All you need to do now is to alter your configure.php files. They're located in (path to catalog)/includes/configure.php, and (path to catalog)/admin/includes/configure.php. OSC is designed to protect the pages that require data encryption, and altering your config files will do this for you. These pages include login, create_account, checkout, etc,. and any other pages that require data-input by the end-user.

(6) In includes/configure.php, set the SSL to "true"; it should look something like this near the top, if you assigned the SSL to www.yoursite.com:
define('HTTP_SERVER', 'http://www.yoursite.com');
define('HTTPS_SERVER', 'https://www.yoursite.com');
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', '.yoursite.com');
define('HTTPS_COOKIE_DOMAIN', '.yoursite.com');

(7) In admin/includes/configure.php, set the SSL to "true" and add an "s" after all the http's. So it'll look something like this, if assigned to www.yoursite.com:
define('HTTP_SERVER', 'https://www.yoursite.com/');
define('HTTP_CATALOG_SERVER', 'https://www.yoursite.com/');
define('HTTPS_CATALOG_SERVER', 'https://www.yoursite.com/');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

(8) Save and upload your configure.php files to their appropriate directories, perhaps using your FTP tool, or other upload tool of choice, and your SSL should be running smoothly and efficiently.

Good article J. I'd also add that most hosting companies will also purchase and install the SSL for you for just a few bucks more if you don't want the hassle of doing this all yourself (I paid $50 for MediaTemple to purchase and install mine for example).

Once it's done all you do is alter your config files and you're away.

+1 vote for sticky

Thanks. Ev1 SErvers even sells a Rapid SSL for $15, and I think that does the job 'cause it's Geotrust. The link is here: http://www.ev1servers.net/Dedicated/SSL/RapidSSL.aspx

Thanks for the guide. I followed all directions and have a few questions.

My Oscommerce admin panel still says "You are not protected by a secure SSL connection". But the cert is installed.... and I can go to https defined urls in shopping cart. I do get the "some items aren't..." thing but I have a module with links back to my non-cart site I could remove.

Oddly, the "cart contents" wants to send one to an http, whereas the other links defined by oscommerce want to go to an https. Why is that?

Finally, I may have a compliation insofar as I have "Powered by ECJoomCommerce V1.1.53" in order to make this stuff work in Joomla..............but, of course, any comments welcome.

One other thing, I don't know if it matters, I have an index.html file as an underconstruction page......and inorder to actually get to the "real" homepage, one has to type the /index.php. Could this screw stuff in that the directions way above stipulate entering "www.yoursite.com" without the /index.php part?

Hi. First, could you provide your web address so we could look? Secondly, there are only a few pages that require protecting in SSL. The only pages that require SSL protection are login, create_account, my_account, checkout, etc., etc., ..... basically, pages that require data input on the end-user's behalf. SSL encrypts this data, so that when it passes through other servers, it's unreadable. This is good for a lot of privacy issues, and espcially when you're dealing with credit card numbers!

Why would you have both an index.html, and an index.php? Get rid of one of them so customers can just type in www.gotowebsite.com! Make it as simple on the customer as possible! Besides, I don't understand the point in having two pages. The directions that were stated, however, were completely related to your catalog/includes/configure.php and catalog/adming/includes/configure.php files. Regardless, NO, it will not screw up your configures just because you have two separate index files. Your configs will still be www.yoursite.com, and https://www.yoursite.com ...

Special note to shared SSL users, in particular bluehost users. Now I don't really recommend Shared SSL, although it's worked for many. I'd prefer the real thing. Anyway, with bluehost, your config files would look like this (note: "username" refers to the username given to you by Bluehost):

Includes/Configure.php:
define('HTTP_SERVER', 'http://www.yoursite.com');
define('HTTPS_SERVER', 'https://secure.bluehost.com/~username');
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', '.yoursite.com');
define('HTTPS_COOKIE_DOMAIN', 'secure.bluehost.com/~username');

Admin/Includes/Configure.php:
define('HTTP_SERVER', 'https://www.yoursite.com');
define('HTTP_CATALOG_SERVER', 'https://www.yoursite.com');
define('HTTPS_CATALOG_SERVER', 'https://secure.bluehost.com/~username');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

As is any case with Shared SSL, you'll have to contact your host for the proper configure files, but a simple google search will help, seeing as that many users using the same Shared SSL have already installed OSC beforehand, and have posted about it. So search the web, or call your host -- but if you're going through Bluehost, you already know now. Good luck!

i vote for your.HEHEHEHEHEHE!
Wish you all have a nice weeekend!
Rgds,
Algogo.com

Please can you help?
I have a dedicated SSL certificate and it's working fine on my pages, except that in admin I get this message:
***You are protected by a unknown secure SSL connection.***

How can I fix it?

My Webpage

Anna, yes, you have Geotrust, so make sure that in your catalog/admin/includes/configure.php file, everything is set to https://, like I have in the directions.

define('HTTP_SERVER', 'https://www.arlisa-bijoux.com');
define('HTTP_CATALOG_SERVER', 'https://www.arlisa-bijoux.com');
define('HTTPS_CATALOG_SERVER', 'https://www.arlisa-bijoux.com');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module


Furthermore, let's take a look at your catalog/admin/index.php. You will have coding in there that looks like this:
if (getenv('HTTPS') == 'on') {
$size = ((getenv('SSL_CIPHER_ALGKEYSIZE')) ? getenv('SSL_CIPHER_ALGKEYSIZE') . '-bit' : '<i>' . BOX_CONNECTION_UNKNOWN . '</i>');
$contents[] = array('params' => 'class="infoBox"',
'text' => tep_image(DIR_WS_ICONS . 'locked.gif', ICON_LOCKED, '', '', 'align="right"') . sprintf(BOX_CONNECTION_PROTECTED, $size));
} else {
$contents[] = array('params' => 'class="infoBox"',
'text' => tep_image(DIR_WS_ICONS . 'unlocked.gif', ICON_UNLOCKED, '', '', 'align="right"') . BOX_CONNECTION_UNPROTECTED);
}

You may need to change the (getenv('HTTPS') == 'on') part if you've changed it before to get ssl working. As to the wording of the message, I've yet to use a server which actually returns anything for (getenv('SSL_CIPHER_ALGKEYSIZE') so the message will be the one that BOX_CONNECTION_UNKNOWN points to in your language file.

By playing with those lines and your language file you can get any result you wish.

If the problem still persists, e-mail/message me ... Yahoo Messenger name is on there. Good luck.

Oops ... left incomplete instructions. For instance, try:

(getenv('HTTPS') == '1')

and change the definition of BOX_CONNECTION_UNKNOWN in admin/incldues/languages/index.php

http://forums.oscommerce.com/index.php?sho...mp;#entry744686

Thanks for your reply Jason.
The only way I could change that was by editing the definition of BOX_CONNECTION_UNKNOWN in admin/incldues/languages/index.php
So basically whether admin states you have an unknown or known ssl connection doesn't make any difference to how the actual certificate works?
I'm slightly confused.

Yes. The key is that you have a padlock in your browser and an httpS:// in your address bar within your browser.

Thanks. I've been worrying about that for nothing then.

Anything different about how this works with Open SSL on my own server?
I'm using Paypal's Website Payment Pro setup for the credit cards, and there's no lock showing up in my browser, although the payment module works (I was thinking it wouldn't if Paypal didn't detect SSL)...
I show OPEN SSL support enabled in OSC info.

www.smartgirlteesinc.com/storefront

Thanks.
Neil

Additionally, I had to alter the following two lines in order to work on the admin side of my cart:

define('HTTP_SERVER', 'https://www.yoursite.com/');
define('HTTP_CATALOG_SERVER', 'https://www.yoursite.com/');

If you use an httpS:// for http:// pages, it won't load.
-N

Jason, I have a question

After trying to install my SSL seal I realised my site was coming up as unknown at Geotrust. I phoned them and they said my cert was issued at www.arlisa-bijoux.com and that I had configured the files without the www. Furthermore, I was told a pop up was alerting visitors about unsecure items.
So that's how I changed my files, can you check if it's correct please?

catalog/includes/config.php



catalog/admin/includes/config.php

Your SSL seems to be functioning perfectly, Anna. Config files are fine. For future reference, if you do get a popup box in IE that says "this page contains both secure and nonsecure items. Do you wish to view the nonsecure items?", then this is your problem:

You have *something* in your code that has an http:// link in it. This might be a reference to an image, such as http://www.arlisa-bijoux.com/shop/images/image1.jpg, or it could be a link, such as <a href="http://www.yahoo.com">Visit Yahoo Personals Today!</a>. Or it could be an embedded flash file.

The solution:
If you cannot rid the http:// and do something like ../images/image1.jpg, then find the page you have the http:// link on, and add an 's' to it. So it'll look like this: <a href="https://www.yahoo.com">Visit Yahoo Personals Today!"</a>. Just add the 's' to it, and you won't get that error.

Furthermore, there are some things regarding your site that I'd really like to talk to you about, Anna. It's a very nice website, nice color scheme. You have PWA in there, good. You have changed the default look of OSC, good. Have your own buttons, good. But there are some serious things that I'd like to talk to you about, Anna, because this is too nice of a site to let go to waste.

Et moi, je parle un peu de francais, aussi! Send me an e-mail, or find me on messenger (all of that's in my profile), and we'll go from there.

Jason, thank you for your help. I appreciate it.

I pm'd you. (your e-mail's private)

Jason,
Thanks for making this simple. I'm currently looking into installing SSL on my site and this has helped a lot. In the process of researching this I found your post and a few others. On one of the posts the person said we should change the /configure/php to:

a) catalog/includes/configure.php

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://www.yourdomain.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://yourdomain.com'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.yourdomain.com');
define('HTTPS_COOKIE_DOMAIN', 'yourdomain.com');
define('HTTP_COOKIE_PATH', '/catalog/');
define('HTTPS_COOKIE_PATH', '/catalog/');
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');

b ) admin/includes/configure.php

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://www.yourdomain.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTP_CATALOG_SERVER', 'http://www.yourdomain.com');
define('HTTPS_CATALOG_SERVER', 'https://yourdomain.com');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

The difference appears to be in the additional "s" in the http. Your solution calls for the extra "s." Why is that?

Harry:

In your catalog/includes/configure.php, your cookie domains should have 2 periods in 'em -- start with a period, and then the .com (or .net, or whatever).

So in this case:
define('HTTP_COOKIE_DOMAIN', '.yourdomain.com');
define('HTTPS_COOKIE_DOMAIN', '.yourdomain.com');

Regarding putting the extra "s" in after http:// in catalog/admin/includes/configure.php, so it's https:// in each one, that just comes from experience dealing with OSC. I can't give you a technical reason one way or the other. I'm not sure if it's a bug, or what, but it didn't work in mine until I added the extra 's', and the same is true for just about anyone and everyone I've ever talked to.

The "s" is for "secure". http:// addresses are not secure.
https:// addresses are secure.
-Neil

Hi Jason,
First off, thanks for the great tutorial! I found it extremely helpful and I have it bookmarked for future use.

I have a quick question for you or any other knowledgeable vet OS Commerce people.

I just installed an SSL certificate on my client's server.

This is what I put on the catalog/includes file
define('HTTP_SERVER', 'http://lymphedivas.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://lymphedivas.com/catalog/'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', '.lymphedivas.com');
define('HTTPS_COOKIE_DOMAIN', '.lymphedivas.com');

I realized that the bolded part was necessary after it repeatedly would look for pages like www.lymphedivas.comlogin.php (note lack of slash or catalog/, should read lymphedivas.com/catalog/login.php). I had to add the "/catalog/" for it to find any pages in that folder.

The cart works well on every page and checkout until I go to login, then if you go to login here:
https://lymphedivas.com/catalog/login.php

it will then spit out
https://lymphedivas.com/catalog//catalog/index.php?osCsid=d369e343c6f131a2da71291af49f56df

Notice the bolded area. In this one instance it adds the "/catalog/"

Any idea of how to tame that? I need it to go to https://lymphedivas.com/catalog/index.php?osCsid=d369e343c6f131a2da71291af49f56df

Thanks in advance!

Please let me know if I need to add more info.

Fixed. Had the wrong extension in the separate config file.

Once again. Thanks a million for the help!

I have a dedicated SSL cert. My hosting company creates 2 directories for me, public_html and public_ssl. HTTP requests are directed to public_html directory and HTTPS requests are directed public_ssl directory. Do I need to install osc in both directories in order for it to switch back and forth?

Thanks in advance.

Kevin: it appears that your certificate is issued for www .... so you might want to put your site's configure/includes files all in www.lymphedivas.com, not http://lymphedivas.com. You could run into some issues with some browsers.

Secondly, on your index page -- I'm not sure if it's catalog/index.php, or catalog/includes/languages/english/index.php ... anyway, somewhere, somehow, you have an http:// link there. Add an "s" after the http:// ... so it looks like https:// ..... do this for every http:// link, or else you'll get the ol' Bill Gates "do you wish to display nonsecure items?" box every time.

Just add that 's' in your index.php file, wherever the http:// links is.

Good luck.

Jan ....

You should use your public_html directory.

Thanks for the reply.

That's what I did. But when I go to the checkout page, or any page that requires security, the 'https://www.mydomain.com/pagename.php' URL is fetched, and I get a 'not found' error, 'cause pagename.php is not found under public_ssl directory. Do I need to move all the secure pages to public_ssl?

Thank you Jason for the great tutorial on SSL.

But I must ask you, I am using Bluehost for my server. Do I "have" to use a Shared SSL or can I get the real thing?

I would like to follow your instructions and be as secure as possible.

TIA,

Jean -- your secure pages (checkout, login, create account, etc.) should remain where they are.

Tia, you can use the bluehost shared SSL -- but you don't have to, no. But the bluehost shared SSL should be secure. If you want your URL's to be like .... https://www.yourdomain.com instead of https://secure.bluehost.com/~username/, etc., when a customer goes to a secured page like login, create account, or checkout, then yes, go with some type of RapidSSL or QuickSSL or something like that. I'm not supposed to recommend particular brands openly in these forums, 'cause that's considered "soliciting" or whatever. Regardless, shared with Bluehost will still be secure, and if it's cheap (or costs nothing), and you're on a budget, there's nothing wrong with it.

I think I have it now Jason, I should have mentioned I am a newbie at all this.
So when a customer goes to my site - http://handeshobbies.com/catalog/ and they head to a page that needs to be secure, instead of the URL address bar showing - https://secure.bluehost.com/~username/ it will stay as http://handeshobbies.com/catalog/whateverpage if I use a NON-Shared SSL. Did I follow along correctly?

I appreciate the help,
Jim

Yes ... with shared ssl, when a customer goes to login, it will look like https://secure.bluehost.com/~handeshobbies/catalog/login.php ...

With an independently-boughten SSL, like RapidSSL or QuickSSL (among others), when a customer goes to login, it will look like https://handeshobbies.com/catalog/login.php, or https://www.handeshobbies.com/catalog/login.php ...

Thank you very much for helping me out Jason.

I truely appreciate it!



Jim

I have finally conquered this little beast; well at last as far as any Linux boxes running Apache & PHP 4.4.4

Apache environment not making the ModSSL environment variables available to virtual accounts, probably to cut down on the overhead. The solution is to add the following line to the catalog/admin/.htaccess file:

SSLOptions +CompatEnvVars

This now opens all of these variables to use

SSL_KEYSIZE <--this is the one we need!
HTTPS_SECRETKEYSIZE
SSL_EXPORT
SSL_PROTOCOL_VERSION
SSL_SECRETKEYSIZE
SSL_SERVER_C
SSL_SERVER_CERT_START
SSL_SERVER_CERT_END
SSL_SERVER_CERT_SERIAL
SSL_SERVER_CERTIFICATE
SSL_SERVER_CN
SSL_SERVER_DN
SSL_SERVER_IC
SSL_SERVER_ICN
SSL_SERVER_IDN
SSL_SERVER_IO
SSL_SERVER_IOU
SSL_SERVER_ISP
SSL_SERVER_L
SSL_SERVER_O
SSL_SERVER_OU
SSL_SERVER_SIGNATURE_ALGORITHM
SSL_SERVER_SP
SSL_SSLEAY_VERSION

Now open your catalog/admin/index.php and...


Now, when you view the index page in your admin section it will read:
You are protected by a 128-bit secure SSL connection. or whatever your SSL strength is.

Hi there

I now have an SSL certificate however reading these instructions I fear I may have some bits missing from my config file. Can someone take a look?

define('HTTP_SERVER', 'http://www.jbosolutions.co.uk'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', false); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.jbosolutions.co.uk');
define('HTTPS_COOKIE_DOMAIN', '');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '');

Is this correct? and if so should I just fill in my site address where it is not present?

Thanks a lot

define('HTTP_SERVER', 'http://www.jbosolutions.co.uk'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://www.jbosolutions.co.uk'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', '.jbosolutions.co.uk');
define('HTTPS_COOKIE_DOMAIN', '/');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '/');

Thanks very much for getting back so quickly.

I will begin to implement the changes

Ok

I have carried out the changes in the first configure.php

define('HTTPS_SERVER', 'https://www.jbosolutions.co.uk'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', '.jbosolutions.co.uk');
define('HTTPS_COOKIE_DOMAIN', '/');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '');

should I have anything in the https_cookie_path?

now I come to admin and I find this:

define('HTTP_SERVER', 'http://www.jbosolutions.co.uk'); // eg, http://localhost - should not be empty for productive servers
define('HTTP_CATALOG_SERVER', 'http://www.jbosolutions.co.uk');
define('HTTPS_CATALOG_SERVER', '');
define('ENABLE_SSL_CATALOG', 'false'); // secure webserver for catalog module

is the SSL I need to set to true the catalog one or am i missing something?

Thanks for your help

If in fact you have purchased SSL, and your host installed it, then yes, set it to 'true' and define the servers and paths as mentioned i my post above.

Yes my host did install it, as long asI am not missing anything I will just add in the paths. It was the https_cookie path but i will leave that as it is.

Thanks for your help.

I seem to be running into difficulty installing my ssl.

When I follow what is listed and click on 'my'account' on my main page it goes to

https://www.jbosolutions.co.ukaccount.php/?...c94764f43f3d072

even if I add the / in the place it should be it goes to page cannot be displayed.


Where have I gone wrong?

thanks

I would really have to take a harder look at your includes/configure.php file. Something isn't right in there. You can go ahead and e-mail me if you'd like.

i try and edit my configure.php files and it says i do not have permission to do so - how can i change it so i can?

There's more than 1 answer to this, but here's one way.

1) Go and download an FTP too, such as WS FTP LE - http://www.inno-tech.com/support/ftp_program.html

2) Save it to your desktop, and unzip it, and set it up.

3) Profile Name: Anything you wanna call your website
Host Name/Addy: domain.com (no www)
Host Type: Automatic Detect
User ID: The user ID your host gave you
Password: The password your host gave you
* Leave anonymous unchecked, and check off save password
* leave account and comment blank

4) Start WS FTP. The left side is your hard drive, the right side is your server. Focus on the right side. Find public_html, or httpdocs, or wherever your files are kept. Click it. Find your (catalog)/includes/configure.php file.

5) Right-click it, and select CHMOD (Unix)

6) Change permissions to 644, where only the owner can read/write, and everyone else can only read -- not write and execute. Do this by unchecking the boxes "write" and "execute" for 'group' and 'other' and you should be all set.

Good luck.

Oops ... Set it to 777 temporarily -- read/write/execute for all, so you can edit it. When you're done, be sure to switch your configure.php files back to 644, so nobody else has permissions to read/write/execute your config files.

Hello Jason and G'Day from Australia, , I was wondering if you could advise me on an SSL matter,.....PLEASE. Cannot display the page error for all 'secure' pages.
I have had a few different tries at securing my osCommerce install but I seem to be missing something, brain cells I suspect . My site is installed as/in a sub-domain(/shopping). Certificates are in place for both Domain(www.mysite.com) and Sub-Domain(www.mysite.com/shopping) This is 'bound' as a sub-domain, not just a folder.

admin/includes.configure has been modified as below

define('HTTP_SERVER', 'https://mysite.com/shopping'); // eg, http://localhost - should not be empty for productive servers
define('HTTP_CATALOG_SERVER', 'https://mysite.com/shopping');
define('HTTPS_CATALOG_SERVER', 'https://mysite.com/shopping');
define('ENABLE_SSL_CATALOG', 'true');

includes/configure also modified

define('HTTP_SERVER', 'https://mysite.com/shopping'); // eg, http://localhost - should not be empty for productive servers
define('HTTP_CATALOG_SERVER', 'https://mysite.com/shopping');
define('HTTPS_CATALOG_SERVER', 'https://mysite.com/shopping');
define('ENABLE_SSL_CATALOG', 'true')

I have some suspicions as to where I have got it wrong (other than the brain cell thing ) but I just can't seem to get it right.
Do you think you could straighten me out on this? I have looked all over the place for a solution but havent found anything that quite fits the bill in terms of subdomain install. Really hope you can help, Cheers and all the best. Rob
Merry Christmas to you and yours and all of that

Hmmm!?
Now I feel really dumb, because it is a sub-domain it can be accessed by either, www.shopping.mysite.com , or , www.mysite.com/shopping ,
Should my defines be for the first syntax or the second? uummm

Well, for starters, you say the cert was issued to www.yourdomain.com, but your config files are without any www ... they're just set to http://domain.com. Of course, this will cause problems. But other than that, I'd really have to get into your site to figure it out, because your situation sounds too confusing, with different subdomains, various SSL's, etc., etc., ... But you never even gave me your URL. Anyway, use the e-mail link (not the message one) in my profile if you'd like.

Oh, and I've since been able to get a webpage by going to
http://www.smartgirlteesinc.com:443/storefront/login.php

Made me think apache wasn't listening right, and therefore getting the last error.
Haven't been able to turn this around though. Any help would be OH SO APPRECIATED...
Thanks,
Neil

Neil, I can't get any URL to work. The log you posted says a lot, but doesn't say much. E-mail me (hit my profile, do not message) for help if you would like .....