By "tempory," do you mean a self-signing cert that was generated in your control panel? If so, those are not meant to be used for a live site.
Jack
Latest News: (loading..)
0
398 replies to this topic
#321
Posted 17 July 2007, 12:14
Recommended SEO Addons:
Most Important: Header Tags SEO - Ultimate SEO V 2.2d
All SEO Addons: Recommended SEO Addons
Support Links:
Finding relevant link exchanges - Headers Already Sent - What does it cost? -What's my version? - How to change titles? - Preventing HotLinking
Most Important: Header Tags SEO - Ultimate SEO V 2.2d
All SEO Addons: Recommended SEO Addons
Support Links:
Finding relevant link exchanges - Headers Already Sent - What does it cost? -What's my version? - How to change titles? - Preventing HotLinking
#322
Posted 17 July 2007, 12:27
Jack_mcs, on Jul 17 2007, 08:14 AM, said:
By "tempory," do you mean a self-signing cert that was generated in your control panel? If so, those are not meant to be used for a live site.
Jack
Jack
Thanks Jack,
Is that the reason why the small lock does not show up on https pages? Is digicert a good company to purchase certs?
#323
Posted 17 July 2007, 23:22
librarc, on Jul 17 2007, 08:06 PM, said:
Hi there, I installed a temporary certificate on my site, which works fine, however, even though the https page comes up, i do not get the tiny 'lock' icon at the bottom of the browser which shows that a site is secure : https://lizmannette.com/store/catalog/login.php
Can anyone please advise?
Can anyone please advise?
What you need to look out for is the way in which the server responds to the test for SSL or NONSSL connections.
In catalog/includes/application_top.php around line 41 look for the test and adjust to suit
This was original and did not work for me...
as it required the server to respond to the getenv() function with a meaningful answer.
// set the type of request (secure or not) 2 methods that did not work for my server setup....
// $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
// $request_type = (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) == 'on')) ? 'SSL' : 'NONSSL';
As you can see the $request_type variable needs to be set to SSL or NONSSL based on the getenv() function
For my server I needed to set it to the secure server name.
$request_type =($_SERVER['HTTP_HOST'] =='secure.rpc.com.au') ? 'SSL':'NONSSL';
There are hints most probably in this forum explaining a few tests you can do to see how your server responds.
Best of luck!!!
#324
Posted 18 July 2007, 03:26
librarc, on Jul 17 2007, 08:27 AM, said:
Thanks Jack,
Is that the reason why the small lock does not show up on https pages? Is digicert a good company to purchase certs?
Is that the reason why the small lock does not show up on https pages? Is digicert a good company to purchase certs?
Jack
Recommended SEO Addons:
Most Important: Header Tags SEO - Ultimate SEO V 2.2d
All SEO Addons: Recommended SEO Addons
Support Links:
Finding relevant link exchanges - Headers Already Sent - What does it cost? -What's my version? - How to change titles? - Preventing HotLinking
Most Important: Header Tags SEO - Ultimate SEO V 2.2d
All SEO Addons: Recommended SEO Addons
Support Links:
Finding relevant link exchanges - Headers Already Sent - What does it cost? -What's my version? - How to change titles? - Preventing HotLinking
#326
Posted 20 July 2007, 08:58
I'm about to post something for those having problems with error messages or images not showing when you're website is accessing secure areas:
1) I took AlanR's advice to create a small file called myenv.php. I ran the file to see how my server responded. I then posted the proper code given by AlanR in line 41 of /includes/application_top.php
2) I was still having problems with images not showing in secure areas. So, I called my host and the tech told me to add the address of the secure server to the list of 'HotLink Protection' area in the Control panel. (i.e. https://secure.server.com)
Now I have no problems with nonsecure items and all images show in secure areas.
I hope this helps someone.
Have a nice day
1) I took AlanR's advice to create a small file called myenv.php. I ran the file to see how my server responded. I then posted the proper code given by AlanR in line 41 of /includes/application_top.php
2) I was still having problems with images not showing in secure areas. So, I called my host and the tech told me to add the address of the secure server to the list of 'HotLink Protection' area in the Control panel. (i.e. https://secure.server.com)
Now I have no problems with nonsecure items and all images show in secure areas.
I hope this helps someone.
Have a nice day
#327
Posted 02 August 2007, 12:48
SSL - A question or two ...
Scenario
Dedicated Windows Server 2003 (pro package with 1and1)
iis v6 (configured to use .php files with php5isapi.dll)
dedicated ssl cert from thawte
osCommerce Online Merchant v2.2 RC1
PHP Version 5.2.3 (php5isapi.dll)
Configuring the config parameters as per the docs ...
define('HTTP_SERVER', 'http://www.allweathercovers.co.uk'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://www.allweathercovers.co.uk'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.allweathercovers.co.uk');
define('HTTPS_COOKIE_DOMAIN', 'allweathercovers.co.uk');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '/');
define('DIR_WS_HTTP_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');
Other bits defined as usual ...
Browsing to https://www.allweathercovers.co.uk returns a blank page no matter what I change. Can Oscommerce use https with php isapi on iis or is it not possible?
In addition I have tried various fixes found through the forum but without success including changing all instances of 'getenv' to 'tep_getenv' and using the compatability function in compatability.php
function tep_getenv($index) {
if (isset($_SERVER[$index])) return $_SERVER[$index];
elseif (isset($_ENV[$index])) return $_ENV[$index];
else return false;
}
Any ideas ???
James
Scenario
Dedicated Windows Server 2003 (pro package with 1and1)
iis v6 (configured to use .php files with php5isapi.dll)
dedicated ssl cert from thawte
osCommerce Online Merchant v2.2 RC1
PHP Version 5.2.3 (php5isapi.dll)
Configuring the config parameters as per the docs ...
define('HTTP_SERVER', 'http://www.allweathercovers.co.uk'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://www.allweathercovers.co.uk'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.allweathercovers.co.uk');
define('HTTPS_COOKIE_DOMAIN', 'allweathercovers.co.uk');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '/');
define('DIR_WS_HTTP_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');
Other bits defined as usual ...
Browsing to https://www.allweathercovers.co.uk returns a blank page no matter what I change. Can Oscommerce use https with php isapi on iis or is it not possible?
In addition I have tried various fixes found through the forum but without success including changing all instances of 'getenv' to 'tep_getenv' and using the compatability function in compatability.php
function tep_getenv($index) {
if (isset($_SERVER[$index])) return $_SERVER[$index];
elseif (isset($_ENV[$index])) return $_ENV[$index];
else return false;
}
Any ideas ???
James
#328
-
- Community Member
- 37 posts
- Real Name:Itai Etzman
- Gender:Male
- Location:Johannesburg, South Africa
Posted 06 August 2007, 22:59
Hi.
I have a heavily modified osCommerce installation.
I have just obtained FreeSSL to test the SSL capabilities
of osCommerce and am just waiting for my hosting
company to install it.
When it is installed, what will be the next step. I know
how to configure the configure.php files, but on my
server I have two folders ... Public_Html and
Public_SSL. Currently all my folders are in
public_html, but if I go to the https:// version
of my site, it opens up the test index.html file
currently in Public_ssl.
Will I have to copy all or some of my files to the
public_ssl directory, or is there an easier way of
going about this.
Also, I only want the osCommerce installation to
connect to the secure server when a customer
is either creating an account, logged in or going
through the checkout procedure ... I don't want
SSL when just anyone is browsing the site, as
I have counters and stuff for statistics that will be
disabled when SSL activates.
How would I go about this.
Regards
Itai Etzman.
P.s. You can see my site at www.digitaladdiction.co.za
and type https:// to see the test file however, you will
get a security warning because the certificate isn't
installed yet.
I have a heavily modified osCommerce installation.
I have just obtained FreeSSL to test the SSL capabilities
of osCommerce and am just waiting for my hosting
company to install it.
When it is installed, what will be the next step. I know
how to configure the configure.php files, but on my
server I have two folders ... Public_Html and
Public_SSL. Currently all my folders are in
public_html, but if I go to the https:// version
of my site, it opens up the test index.html file
currently in Public_ssl.
Will I have to copy all or some of my files to the
public_ssl directory, or is there an easier way of
going about this.
Also, I only want the osCommerce installation to
connect to the secure server when a customer
is either creating an account, logged in or going
through the checkout procedure ... I don't want
SSL when just anyone is browsing the site, as
I have counters and stuff for statistics that will be
disabled when SSL activates.
How would I go about this.
Regards
Itai Etzman.
P.s. You can see my site at www.digitaladdiction.co.za
and type https:// to see the test file however, you will
get a security warning because the certificate isn't
installed yet.
#330
-
- Community Member
- 37 posts
- Real Name:Itai Etzman
- Gender:Male
- Location:Johannesburg, South Africa
Posted 09 August 2007, 22:11
Azim, on Aug 8 2007, 04:08 AM, said:
How do i install a verisign ssl cert in osc.
You must get your host to give you the CSR with the 100% correct domain name ... if you want to use the www ... then tell them.
Then you must go to the verisign website and submit all the correct information along with the CSR they give you (its a bunch of jumbled letters). Then they will verify that its you. Once thats done, they will send you the certificate ... more jumbled info ... which you give back to your host to install.
Your host will then either secure the current "Public_HTML" or "httpdocs" or whatever they use in your ftp server ... then just follow the steps in this form to adjust the configure.php. If your host creates a second folder i.e. "Public_SSL" or "httpsdocs" or whatever they call it ... tell them you want to use only 1 folder and that they must make the folder with your current oscommerce data the secured folder ... oscommerce does the rest.
On a side note ... I have secured www.digitaladdiction.co.za ... please can anyone go through it and if you get any security warnings or problems ... please e-mail me on webmaster@digitaladdiction.co.za ... if you want to create an account ... please e-mail me with the name used and I can delete it afterwords.
Regards
Itai Etzman
#331
Posted 02 September 2007, 23:40
eitai2001, on Aug 6 2007, 10:59 PM, said:
Hi.
I have a heavily modified osCommerce installation.
I have just obtained FreeSSL to test the SSL capabilities
of osCommerce and am just waiting for my hosting
company to install it.
When it is installed, what will be the next step. I know
how to configure the configure.php files, but on my
server I have two folders ... Public_Html and
Public_SSL. Currently all my folders are in
public_html, but if I go to the https:// version
of my site, it opens up the test index.html file
currently in Public_ssl.
Will I have to copy all or some of my files to the
public_ssl directory, or is there an easier way of
going about this.
Also, I only want the osCommerce installation to
connect to the secure server when a customer
is either creating an account, logged in or going
through the checkout procedure ... I don't want
SSL when just anyone is browsing the site, as
I have counters and stuff for statistics that will be
disabled when SSL activates.
How would I go about this.
Regards
Itai Etzman.
P.s. You can see my site at www.digitaladdiction.co.za
and type https:// to see the test file however, you will
get a security warning because the certificate isn't
installed yet.
I have a heavily modified osCommerce installation.
I have just obtained FreeSSL to test the SSL capabilities
of osCommerce and am just waiting for my hosting
company to install it.
When it is installed, what will be the next step. I know
how to configure the configure.php files, but on my
server I have two folders ... Public_Html and
Public_SSL. Currently all my folders are in
public_html, but if I go to the https:// version
of my site, it opens up the test index.html file
currently in Public_ssl.
Will I have to copy all or some of my files to the
public_ssl directory, or is there an easier way of
going about this.
Also, I only want the osCommerce installation to
connect to the secure server when a customer
is either creating an account, logged in or going
through the checkout procedure ... I don't want
SSL when just anyone is browsing the site, as
I have counters and stuff for statistics that will be
disabled when SSL activates.
How would I go about this.
Regards
Itai Etzman.
P.s. You can see my site at www.digitaladdiction.co.za
and type https:// to see the test file however, you will
get a security warning because the certificate isn't
installed yet.
#333
Posted 24 September 2007, 09:20
I am hosted at bluehost and they give a share SSL is this alright ? or do i have to buy extra thing ?
Here is what they say about the path can you tell me what exactly i have to put in my Oscommernce config please ?
If my transaction pass through paypal I still need to SLL my site ?
Thanks for your help
Here is what they say about the path can you tell me what exactly i have to put in my Oscommernce config please ?
Quote
What is the Path to my shared SSL certificate?
Solution
To use your SSL certificate you would point your hyperlinks that you want to be secure to https://secure.bluehost.com/~yourunixusername
Or you can purchase a dedicated ip address from us, for 30.00 per year and install your own SSL certificate that you have purchased.
Solution
To use your SSL certificate you would point your hyperlinks that you want to be secure to https://secure.bluehost.com/~yourunixusername
Or you can purchase a dedicated ip address from us, for 30.00 per year and install your own SSL certificate that you have purchased.
If my transaction pass through paypal I still need to SLL my site ?
Thanks for your help
#334
Posted 25 September 2007, 03:31
pardesi, on Sep 24 2007, 05:20 AM, said:
I am hosted at bluehost and they give a share SSL is this alright ? or do i have to buy extra thing ?
Here is what they say about the path can you tell me what exactly i have to put in my Oscommernce config please ?
If my transaction pass through paypal I still need to SLL my site ?
Thanks for your help
Here is what they say about the path can you tell me what exactly i have to put in my Oscommernce config please ?
If my transaction pass through paypal I still need to SLL my site ?
Thanks for your help
Jack
Recommended SEO Addons:
Most Important: Header Tags SEO - Ultimate SEO V 2.2d
All SEO Addons: Recommended SEO Addons
Support Links:
Finding relevant link exchanges - Headers Already Sent - What does it cost? -What's my version? - How to change titles? - Preventing HotLinking
Most Important: Header Tags SEO - Ultimate SEO V 2.2d
All SEO Addons: Recommended SEO Addons
Support Links:
Finding relevant link exchanges - Headers Already Sent - What does it cost? -What's my version? - How to change titles? - Preventing HotLinking
#335
Posted 09 October 2007, 03:47
Hi I've been reading threads on ssl in trying to resolve my issues. made modifications listed but still don't know why my flash header or backround images aren't showing when ssl pages are viewed in Explorer.
I've changed all the http links to https in header file and tryed all the methods detailed.
My site is www.weaponsdrop.com/catalog
catalog/includes configure.php:
define('HTTP_SERVER', 'http://www.weaponsdrop.com'); // eg, http://localhost - ...
define('HTTPS_SERVER', 'https://www.weaponsdrop.com'); // eg, https://localhost ....
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.weaponsdrop.com');
define('HTTPS_COOKIE_DOMAIN', '.weaponsdrop.com');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '/');
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');
define('DIR_WS_IMAGES', 'images/');
admin/includes configure.php:
define('HTTP_SERVER', 'https://www.weaponsdrop.com'); // eg, http://localhost - ...
define('HTTP_CATALOG_SERVER', 'https://www.weaponsdrop.com/catalog');
define('HTTPS_CATALOG_SERVER', 'https://www.weaponsdrop.com/catalog');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
Let me know what you think as this has me prety stumped. Thanks Chris
I've changed all the http links to https in header file and tryed all the methods detailed.
My site is www.weaponsdrop.com/catalog
catalog/includes configure.php:
define('HTTP_SERVER', 'http://www.weaponsdrop.com'); // eg, http://localhost - ...
define('HTTPS_SERVER', 'https://www.weaponsdrop.com'); // eg, https://localhost ....
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.weaponsdrop.com');
define('HTTPS_COOKIE_DOMAIN', '.weaponsdrop.com');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '/');
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');
define('DIR_WS_IMAGES', 'images/');
admin/includes configure.php:
define('HTTP_SERVER', 'https://www.weaponsdrop.com'); // eg, http://localhost - ...
define('HTTP_CATALOG_SERVER', 'https://www.weaponsdrop.com/catalog');
define('HTTPS_CATALOG_SERVER', 'https://www.weaponsdrop.com/catalog');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
Let me know what you think as this has me prety stumped. Thanks Chris
#336
Posted 09 October 2007, 03:50
This
Jack
define('HTTPS_COOKIE_DOMAIN', '.weaponsdrop.com');should bedefine('HTTPS_COOKIE_DOMAIN', '.www.weaponsdrop.com');
Jack
Recommended SEO Addons:
Most Important: Header Tags SEO - Ultimate SEO V 2.2d
All SEO Addons: Recommended SEO Addons
Support Links:
Finding relevant link exchanges - Headers Already Sent - What does it cost? -What's my version? - How to change titles? - Preventing HotLinking
Most Important: Header Tags SEO - Ultimate SEO V 2.2d
All SEO Addons: Recommended SEO Addons
Support Links:
Finding relevant link exchanges - Headers Already Sent - What does it cost? -What's my version? - How to change titles? - Preventing HotLinking
#337
Posted 10 October 2007, 01:50
Jack_mcs, on Oct 9 2007, 03:50 AM, said:
This
Jack
define('HTTPS_COOKIE_DOMAIN', '.weaponsdrop.com');should bedefine('HTTPS_COOKIE_DOMAIN', '.www.weaponsdrop.com');
Jack
Hi Jack I tried that change with and without the . infront of the www.domain.com
but the flash header still fails to load. Do you have any other ideas?
Thanks Chris
#339
Posted 10 October 2007, 03:09
dogtails, on Oct 10 2007, 03:07 AM, said:
Do you have to install all this (which I'm lost with all that talk) when you use paypal only?
Oh, I just found that same question. I just don't understand how to install it. That seems so complicated and I can't afford any errors to deal with. Can you make it simple stupid
#340
Posted 12 October 2007, 21:45
I bought SSL from Godaddy.com and I host on Godaddy.com. I changed the codes to read like this and nothing happens when i go to SleeveKing.com, so I added www. to https servers in both.... which crashes msSQL database instantly! (my database crashes for minor changes to my site unknowingly) i had to reinstall databases twice I dont want to do it again. Why doesnt sleeveking.com get the lock or ssl?! the only place i see i have SSL is if i go to "https://sleeveking.com/admin]https://sleeveking.com/admin" it shows a lock!
includes/configure.php
admin/includes/configure.php
includes/configure.php
define('HTTP_SERVER', 'http://www.sleeveking.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://sleeveking.com'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.sleeveking.com');
define('HTTPS_COOKIE_DOMAIN', 'sleeveking.com');
define('HTTP_COOKIE_PATH', '/catalog/');
define('HTTPS_COOKIE_PATH', '/catalog/');
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');
admin/includes/configure.php
define('HTTP_SERVER', 'http://www.sleeveking.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTP_CATALOG_SERVER', 'http://www.sleeveking.com');
define('HTTPS_CATALOG_SERVER', 'https://sleeveking.com');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
Edited by tecno, 12 October 2007, 21:47.
