HostBizLng

Hello annomander, If your custom pages do not transmit sensitive customer information over the internet, I believe you are good. WHMCS does forces secure (https) connection by default on registration page, shopping cart, and loggin page. The only reason this thread was started is because of mainly loggin fields on other unsecured pages and other forms that might transmit sensitive information on pages other than registration, shopping cart, and client loggin pages. Besides that, in my personal case, as I set my website to force entire website over secure (https) connection, I began to like the idea of showing my customers that my website is secure. As every page of my website is transmitted over secure https connection, my customers are able to see and verify my SSL certificate at any time, while browsing any page of my website. It might not be that important to force entire website over https connection, but I believe that in times when online security is a big concern to online consumers, it is one of the steps that I made, small but none the less reassuring one. Also, besides forcing entire website over https connection, I hosted entire website under subdomain https://secure.mydomain.com,'>https://secure.mydomain.com, so no matter on which page my customers are they always see https://secure... Sincerely, Serg

Hello, This thread sounds way too complicated about such simple thing as sub-domains. I just installed whmcs in specific folder (mydomain.com/whmcs), then created a sub-domain directed to that folder on my server and added that sub-domain to my whmcs license. Could there be any simplest way of doing it? Works perfect for me! Sincerely, Serg

easyhosting, No need to take offense. You read this thread, you communicated your opinion, then received response from us regarding your opinion; consequently, you took steps in further securing your site. Good luck with your business! Sincerely, Serg

tiameg, I am not sure what do you mean by setting up SSL with latest version only? You setting up (install) your SSL on your server, where you host your WHMCS, and it has nothing to do with latest or any version of WHMCS. In general settings of you WHMCS you just set SSL URL where it asks and that's it. If your secure domain (to which SSL had been issued) is the same as your actual site domain, like I have, just put SSL URL in each field: SSL URL and Site URL, as I did. And if you want to force entire WHMCS to be connected through secure connection, then read this thread from the beginning, follow all steps, test it and see if it works for you, if it's not you are welcome to come back to this thread and make a post with an actual details and questions. Sincerely, Serg

Codex, As long as your secure sub-domain is the same you issued you WHMCS license to, then you don't have to do anything to access admin area through your SSL. Sincerely, Serg

SoftDux, black.hat, Why do you want to ask anything from the client? If you want to resell SSL certs, then become an eNom or any specific SSL provider partner, use their informational marketing and website copies material for your website to inform clients about the needed steps. Populate knowledgebase well and your customers would be well informed. 1. Read a lot about SSL certificates! 2. Read VeriSign SSL certificates information! (and info from other SSL providers) 3. Open eNom account (for low start-up rates.) 4. Set up SSL certificate products using enomssl module. 5. Test everything before you lunch your SSL products. 6. Come back to the forum any time w/specific and to the point questions! Good luck! Sincerely, Serg

SoftDux, Considering eNom, yes process is automated. But I don't see any mention of automation process in initial black.hat's question. It looks like black.hat need some education about signup steps, and what to ask from his clients in order to issue VeriSign ssl certificates to them. And as I said, there's no other place to find this info other than on VeriSign website. (rich of information, resources, trainings, guides, whitepapers, etc - you name it) Sincerely, Serg

LaptopFreak, No, I believe it just lets you to login to your HyperSpin account from client/admin areas of WHMCS. Once you loged to HyperSpin you do all the account managing stuff there. But it would be so cool if customers could manage their accounts without leaving client areas though. Sincerely, Serg

BAJI26, Thanks for replying! I kind of spent entire day today going through all template files, trying to figure things out, and finally realized that header.tpl and footer.tpl split the pages in half, just as you pointed out. But, I was very confused at the beginning, as I was looking for side bar menu template and couldn't find it LoL Anyway, it was my first day I got to customization part of my work, and it was exceptionally exciting to see the first steps of my envisioned website come to life. Even though a lot of customization things worked out without any issues, I still got many little things that didn't really work, but I want to read more about 'smarty' as I am new to this template system, and will try to get all my unresolved questions into one thread soon. As of now it's all fun! I am not a web designer 'per se', but it makes me feel so good to be in control, as I can customize WHMCS system the way I want it to look like. Feels great. Sincerely, Serg

Hello, Kind of confused here. Is footer.tpl=side bar template? (V4) Now, </div> <div class="clear"></div> </div> in footer.tpl is the actual 'footer' tags? Sincerely, Serg

black.hat, What are you actually talking about? Do you want to become a VeriSign partner? Are you already a VeriSign partner? If not, then sign up and you'll get an access to their huge reseller training material, guides, marketing resources, etc. It's a silly question to ask. Why not visiting VeriSign website and start reading their information Sincerely, Serg

chickendippers, Ok, still do not see a reason to do so. Why not just inform customer 'well' from the beginning about SSL certificate issuance process and need for re-issuance and re-installation after cert would expire, and use information to promote or push longer certificate length periods. Yes, customers want their SSL certs to continue indefinitely, but that doesn't mean I shouldn't be honest with them. And isn't it better to offer one-time purchase of certs, and offer available lengths of registrations. 1-2years, 1-5 years, and in some cases 1-10 years, this way those customers that want cert for a long time, don't have to reinstall their cert every year, but will have chance to buy cert for longer period of time, and would have to reinstall their cert once in 2, 5, or 10 years - it's much better than just offer annual payments, (when there shouldn't be annual payments,) and because of this annual bases payment option, customer have to go through re-issuance and re-installation process every single year, because they had no other option offered from the beginning of purchase. Sincerely, Serg

Sparky, Gotcha Is it fully customizable? Is there something (concerning look and feel) that is not customizable in 'defspark'? Thank you, Sparky! Serg

Hi Sparky, Do you have V4 (web20cart) screenshots of your modified shopping cart template? I looked at v3 screenshots, but really want to see how it looks in V4, since in web20cart we already have 'Quick Navigation' links floating on the right side, so where is product groups/categories links going to be with you modified cart in V4 web20cart? Sincerely, Serg

Interesting!

Hello, Have someone actually used this private label 'HTB Monitoring' application? It sounds very neat to own and operate such an application, instead of having reseller account with websites like hyperspin for example, where you get reseller prices and add little on top to have some commission from sales. Where with application like HTB Monitoring you set your own prices, create cash inflow, minus cost of operating this application, ... sounds very profitable. But I wish to hear from someone who already using this app, if there's something I should know before purchasing it. Or is there some known issues been already experienced? It would be nice to weigh pros and cons. I wonder if there reviews on the internet. Sincerely, Serg

Hello, It's seems been discussed to some extent, but I still don't understand why some of us configure 'enomssl' products to be billed on recurring bases. What is the reason for that if there's no way for customers to renew their existing certificates? As far as I know, you can purchase new one through eNom, once the old expires, and go through provisioning and installation process once again. Thus, is feasible to treat it as new 'one-time' purchase, since there's no way to renew an existing certificate through eNom? Or there is a way to renew an existing certificate? Just wondering. It just doesn't makes sense to bill customer on recurring bases, when new certificate have to be issued and installed as if it is a new purchase (which it actually is.) I understand that it is possible to reissue and install new cert without letting customer to realize that new purchase had taken place and newly purchased cert had been installed, if customer uses cert on one of my servers. But what if customer purchased cert to use on some other server to which I have no access? So then customer have to be informed that he have to go through issuance and installation again, even though he/she is billed on recurring bases? Just doesn't makes sense. So, what are the reasons to bill customers for SSL certificates on resurring bases? Sincerely, Serg

Example: type your URL with 'http' without typing 'https' or without typing http nor https, just your URL, as all browsers use http request by default, and see if your site forces secure connection. If it's not, go to the first post of this thread. Sincerely, Serg

easyhosting, Yes! Awareness raised and appropriate actions are taken. Your website pages weren't secure at the time I checked it though, but if you don't want to admit it, that's fine. Note: You forced your non WHMCS pages to use secure connection, yet you haven't forced all your WHMCS pages to use secure connection yet, as it is still have non-secure pages with loggin fields. Update: when I enter your address with http, manually, as that's what most internet users do (they don't type https by default) your website loads over non-secure connection, and after that the links I click they are non-secured. You need to go to the first post, and follow all the steps RPS suggested and then when your clients would simply type your URL without actually typing 'https' your website would force secure connection by default. And that's the point of this thread! So, do you still think that it is not important to use all WHMCS system pages over (https) secure connection? Sicnerely, Serg

easyhosting, Haha I just went to your website, and you have client loggin fields on many non-secure pages. So how is it makes your website secure? Update: And Actually, I went back and realized that when I clicked on clients and order links, your system does not forces secure connection by default. How about that? Update: An just a heads up, I counted 11 non-secure pages on your website that would transmit your client's loggin info over non-secure connection!!! Sincerely, Serg

easyhosting, I am using V4, and in V4 portal template there are loggin fields on every single page throughout the system (I mean every single page.) And I love it about V4. And It's not secure to transmit loggin information over non-secure connection. Or is it ? The other thing, internet security becomes a big issue when it comes to conducting business online, and I would love to build my entire online business to be as secure as possible, and use it as part of my company's image. And when it comes to serious clients, it is so easy to loose them if they suspect that it is not secure to conduct business through not-so-secure-website. If you don't care about that it's up to you. I use SSL with my WHMCS and have no problems either but just want to make it more secure. How much of security on the internet do you think is enough? Sincerely, Serg

No problem RPS, Anything I can do to make WHMCS to run smoothly. By "... issue is now resolved" did you mean the issue is might have been resolved in V4? If yes, then I agree with you, I thought about this issue might have been resolved in V4 to begin with. And that would be great if other V4 users would take little time to test their V4 installations just the way we did, to confirm that it actually an improvement in V4. To all WHMCS users: If you conducted suggested by RPS (bellow) test in V4 with IE, please let us know your results in this thread. Thank you! Here's a way to test it... 1) Use the exact example inside the .htaccess of the OP 2) Using IE6 and IE7, go to the downloads page and download a zip file 3) Now edit the .htaccess and remove the line regarding the downloads, the new .htaccess should look like this: RewriteEngine on Options +FollowSymlinks #Rewrite the URL for WHMCS to always use https RewriteCond %{REQUEST_URI} ^/whmcs/ [NC] RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L] Repeat step 2 and report back. Sincerely, Serg

Yes, Just did what you asked me, but did not have any issues with downloads using IE. Maybe after all it's also about the upgrades, patches, and fixes that I been installing a long time ago. You know a lot of people do not bother themselves with upgrading and installing fixes and patches. Anyway, I would leave this for later. But would you mind accessing your site with edited .htaccess (just like in your first post) through IE, go to downloads and click to download file (without actually trying to download it) then click File>Properties and tell me what kind of connection Properties states dl.php is using. I would appreciate it. Because mine according to Properties seems still using secure connection. Sincerely, Serg

RPS, Thank you for clarifying about 'downloads.php' and 'dl.php.' Concerning IE, I took little time to test it, but unfortunately I still don't understand what's the problem with using downloads (dl.php) over secure connection in IE. I tested downloads on IE 6 & 7, both over secure connection and non-secure (with .htaccess and without, although, with .htaccess IE properties information still stated that dl.php was connected through secure connection??? That's would be another concern ) But anyway, I tested to download PDF, ZIP, and Exe files, but did not have any issues either over secure connection nor over non-secure connection. What exactly is the issue with IE, and with which versions exactly? If someone actually experienced problems, please be so kind to reply. Otherwise, what are we talking about here? I knew that "some" people experienced some issues with "downloading in general" while using IE, not just over secure connection, but does it mean that everyone is experiencing these issues? No, because there's always some people who experiences issues where they actually shouldn't experience any, and then they 'blow a whistle' without getting to the bottom of it and finding an actual cause of the problem (I know that from personal experience and self-reflection, I was like that too ). Sincerely, Serg

RPS, I did check, and it works fine. Another thing though, is a bout downloads page. I understand that main concern that brought this fix around is non-secure pages that might transmit sensitive information, but what about downloads page? In V4 portal template there's a login fields on the side of every page including downloads page. Now, I still want to try to test downloads over secure connection on different browsers and see how bad it is. Otherwise, login fields would have to be removed from downloads page. I still don't feel comfortable about leaving downloads page non-secure. Besides, I might be wrong, while customer logged in, even on downloads page in V4 there's that customers personal info being transmitted on the side of the page. It might be removed from dl page too, I guess. And what is the difference between downloads.php and dl.php? I have both in my WHMCS. Which exactly have to be edited in htaccess file? I did downloads.php and it works, but just wondering, since in your initial post you noted about dl.php? Thank you. Sincerely, Serg