First things first: osCommerce will not work when using a shared SSL certificate on Fasthosts (and probably other hosts that use shared SSL, too). I had searched everywhere for a solution but nobody seems to be able to get it to work. I came close, but the closer I came the more problems occurred.
Let me go into detail… I’ll first explain what Shared SSL is: This is an SSL certificate that you share with someone else. It means that the host will usually have the certificate signed for a generic domain such as secure-server.co.uk or secure15.fasthosts.net. When you use shared SSL, your secure website is located at: https://secure-server.co.uk/your-domain-name.co.uk/ rather than https://your-domain-name.co.uk/ – The browser will issue security warnings when trying to access https://your-domain-name.co.uk/ because the shared SSL certificate isn’t signed to your domain. A dedicated SSL certificate would be specifically signed to your domain.
So let me explain the issue with trying to secure your osCommerce installation with SSL when using a shared certificate… When the user logs in, the session cookie is saved to your domain name. This cookie can only be read by osCommerce while on your domain, right? It’s for security, PHP can’t go around reading other domain’s cookies. So once the user reaches the checkout process and osCommerce wants to redirect to the secure URL, rather than redirecting to https://your-domain/ it will redirect to the shared SSL domain at https://your-host.com/your-domain.com/ – This will cause major problems for osCommerce as it will no longer be able to read the cookies. Technically you could run your whole shop from the shared SSL domain, but in my opinion this would look unprofessional.
The second problem is that when you get a shared SSL certificate, usually you are given a completely separate directory for your SSL site to be uploaded into, so you would have to upload a separate installation of osCommerce into the SSL folder and reconfigure the paths etc. Many problems occur when trying to do this. My advice is to buy a dedicated SSL certificate if you wish to secure your osCommerce shop. If anyone HAS managed to get this working, please leave a comment as I would be surprised because it would require a fair amount of code changes for osCommerce.