ShopSite Forums

[Swine]

We are on a shared SSL certificate. There is currently an issue making our site unsecure. Verio (our host) has confirmed this on their end, but they have no idea when it will be resolved.

Question is, how do I get my own SSL certificate? And if I do, is there any easy way of integrating it into ShopSite?

[loren_d_c]

If there is an SSL cert being used for a page (and all objects like images, css files, and js files on the page also use a valid SSL URL) and you are still getting SSL security errors/warnings from browsers, then it is possible that the SSL cert was creating using SHA-1 encryption and expires sometime in 2017. SHA-1 is an older encryption no longer considered secure by most current browsers (at least Chrome, Firefox, and Opera, I'm not sure about IE), and any SHA-1 certs that expire too far out in the future are now getting this warning. For more on that see:

https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1

If this is the case, and your host is unable to install a new SHA-2 based shared SSL cert on their hosting server where your site is located, then that probably means that even if you buy your own SHA-2 certificate they probably wouldn't be able to install it on that server either (although you should verify that with them first). In that case, your only solution would be to move to a different server that can support SHA-2 certificates. So you could ask your host if they have newer or different servers that they could move your site and store to that would support the newer SHA-2 certificates, whether it be one of their shared ones or one you purchase.

-Loren

[Swine]

Thanks, Loren. I'm going to check with Verio on this.

[Swine]

So Verio assures me that they are all set to handle (and are already handling) the SHA-2 based SSL certificate. But that their shared certificate expired and when they renewed it, it just didn't work. They don't know why. It continues to be down, as far as I can tell.

After purchasing a private SSL certificate from SSL.com - and going through a maze of misleading and often wrong instructions - I've learned that the service level we are at with Verio means I can't use an intermediate SSL certificate, which is required for some SSLs. Still haven't heard back from Verio on what we need to do to make this work. Bottom line: boo Verio.

[Swine]

Update 2 for anyone interested:

Verio now says that because our service package was part of a shared server, it will never work with a shared SSL certificate again. I'm note sure if they've told all their clients this yet or not. It also, reportedly, will no longer work with a private SSL certificate because they require intermediate certificates.

Our ONLY option was to step up to their Virtual Private Server option.

So we are in the process of switching servers, where our private SSL certificate will work.

So, has anyone had any issues with ShopSite when switching to different servers?

[robm]

Moving a ShopSite store can be a seamless process, but care must be taken with regard to permissions, file paths, symlinks, SSL URL updated in config files and template files, etc...

ShopSite has a general overview at:
http://www.shopsite.com/help/12.1/en-US/install/moving.intro.html

Make sure you fully test things before flipping the switch (you can change your computer's HOSTS file to point your browser at the new site) to make sure the order process and backoffice work as expected.

Good luck!

Rob

[Swine]

Thank you, Rob. I'll need that luck. As most of what you've told me sounds like gibberish.

And thanks for the link. I'll take a good long look at the overview.

Eric

[Swine]

Okay, here we go. Can I get a little help doing this?

Error verifying furfis.auth
This store may not be authorized to run ShopSite software. Please contact the merchant or webmaster.

Solutions:

1) If the file has been modified or corrupted copy the original store.auth file from the install directory to furfis.auth in the store data directory.
2) If solution 1 does not work, contact the vendor that sold you ShopSite software to get a valid auth file.

Details:


Unable to find auth file for furfis.

[ShopSite David]

>> Unable to find auth file for furfis

If the furfis.auth file is in the data dir check the permissions (web server needs to be able to read it.) If permissions are correct check that there are symbolic links to the file in both the sc and ss cgi directories that point to it.

[Swine]

Just to update here for anyone following.

Verio's support through transitioning to their new servers was so horrendous — honestly, downright godawful — that we gave up entirely on Verio.

We switched our hosting business to Lexiconn. They migrated our entire site, including the ShopSite portion of the site, in a few hours. Within 6 hours we were fully operational. And their followup support has been tremendous. Now on Lexiconn's shared SSL certificate with no issues. If you are considering changing hosting companies, I can't recommend Lexiconn highly enough.