398 replies to this topic

[meulenb]

earlier today I've resolved, or in fact my provider resolved an issue for which I believe others might run into as well

(when it comes to software I always say that no problem can be unique )

It started with installing SSL and being happy that my first https pages such as login and cart were working. The exercise became quite frustrating when things weren't working for all the checkout pages: html, formats and layouts were complete gone, all left was a pile of rubbish on each page. Nobody had a clue about what was going one with OsC.

At the end it turned out it wasn't OsC. In stead it is a function used within OsC in the general.php called Eval for which the usage under https, together with using Suhosin (a protection system for php installations) is switched off at many providers for security and protection reasons.

[georaldc]

I believe I got everything set up properly but I'm not sure if this behavior is normal:

Browsing the entire site normally gives me http in the address bar. Once I click the my account link to login or checkout, it changes to https. Now that's good and all but once I return back to a different link other than the login page, all the pages still stay as https, even those that were http previously. Also, removing the 's' in https, even when logged in gives me the http link of the current page I'm viewing. Is this normal?

[Nilbolgin]

/includes here


CODE
<?php
// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://www.portagebeverage.com');
define('HTTPS_SERVER', 'http://www.portagebeverage.com');
define('ENABLE_SSL', true);
define('HTTP_COOKIE_DOMAIN', 'www.portagebeverage.com');
define('HTTPS_COOKIE_DOMAIN', 'www.portagebeverage.com');
define('HTTP_COOKIE_PATH', '/catalog/');
define('HTTPS_COOKIE_PATH', '/catalog/');
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
define('DIR_FS_CATALOG', '/home/www/portagebeverage.com/catalog/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

define('DB_SERVER', 'supremecenter35.com');
define('DB_SERVER_USERNAME', 'massnaz_pbdb');
define('DB_SERVER_PASSWORD', 'rjpbdb321');
define('DB_DATABASE', 'massnaz_pbdb');
define('USE_PCONNECT', 'false');
define('STORE_SESSIONS', 'mysql');
?>


admin/includes here


CODE
<?php
// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://www.portagebeverage.com');
define('HTTP_CATALOG_SERVER', 'http://www.portagebeverage.com');
define('HTTPS_CATALOG_SERVER', 'http://www.portagebeverage.com');
define('ENABLE_SSL_CATALOG', 'true');
define('DIR_FS_DOCUMENT_ROOT', '/home/www/portagebeverage.com/catalog/');
define('DIR_WS_ADMIN', '/catalog/admin/');
define('DIR_FS_ADMIN', '/home/www/portagebeverage.com/catalog/admin/');
define('DIR_WS_CATALOG', '/catalog/');
define('DIR_FS_CATALOG', '/home/www/portagebeverage.com/catalog/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

define('DB_SERVER', 'supremecenter35.com');
define('DB_SERVER_USERNAME', 'massnaz_pbdb');
define('DB_SERVER_PASSWORD', 'rjpbdb321');
define('DB_DATABASE', 'massnaz_pbdb');
define('USE_PCONNECT', 'false');
define('STORE_SESSIONS', 'mysql');
?>


www.portagebeverage.com
I am using this code in an htaccess file in the root

RewriteEngine On
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://www.portagebeverage.com/$1 [L,R]

The ssl certificate works fine. But I can not log into the Admin center.
If I delete the bove code form the htacess it allows me to log in.
Any suggestions?

[jmotion]

I have installed my SSL cert changed the config files but the store side checkout/login pages do not go to https? I have searched and tried endless tips and tricks to fix this but I stil have the problem.

I can manually edit the url to https to check the page is loading o.k. so all is good there.


Can anyone give me any pointers.

Config files seem correct: (admin)
define('HTTP_SERVER', 'https://mydomain.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers
define('HTTP_CATALOG_SERVER', 'https://mydomain.com');
define('HTTPS_CATALOG_SERVER', 'https://mydomain.com');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

and
(catalog)
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://mydomain.com/'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://mydomain.com/'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_MAIL_DOMAIN', 'http://mydomain.com');
define('HTTP_COOKIE_DOMAIN', 'mydomain.com'); // added this may need to remove
define('HTTPS_COOKIE_DOMAIN', 'mydomain.com');
define('HTTP_COOKIE_PATH', ''); // added this may need to remove
define('HTTPS_COOKIE_PATH', '');
define('DIR_WS_HTTP_CATALOG', '');
define('DIR_WS_HTTPS_CATALOG', '');

I am not sure if there could be an issue with html_output or application_top??!??!

Please help!

[steptoe675]

jmotion, on Oct 22 2008, 07:43 PM, said:

I have installed my SSL cert changed the config files but the store side checkout/login pages do not go to https? I have searched and tried endless tips and tricks to fix this but I stil have the problem.

I can manually edit the url to https to check the page is loading o.k. so all is good there.


Can anyone give me any pointers.

Config files seem correct: (admin)
define('HTTP_SERVER', 'https://mydomain.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers
define('HTTP_CATALOG_SERVER', 'https://mydomain.com');
define('HTTPS_CATALOG_SERVER', 'https://mydomain.com');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

and
(catalog)
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://mydomain.com/'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://mydomain.com/'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_MAIL_DOMAIN', 'http://mydomain.com');
define('HTTP_COOKIE_DOMAIN', 'mydomain.com'); // added this may need to remove
define('HTTPS_COOKIE_DOMAIN', 'mydomain.com');
define('HTTP_COOKIE_PATH', ''); // added this may need to remove
define('HTTPS_COOKIE_PATH', '');
define('DIR_WS_HTTP_CATALOG', '');
define('DIR_WS_HTTPS_CATALOG', '');

I am not sure if there could be an issue with html_output or application_top??!??!

Please help!

Hi I had same problem when you install Oscommerce when it comes up with the locations of your webserver change the settings to https and continue the install this should solve the problem ?

hope this helps

[jmotion]

steptoe675, on Oct 22 2008, 06:18 PM, said:

Hi I had same problem when you install Oscommerce when it comes up with the locations of your webserver change the settings to https and continue the install this should solve the problem ?

hope this helps

Thank for the reply.

I installed oscommerce some time ago and I am just about to go live. I am hoping that I won't have to start with a fresh install just to get my SSL working on the checkout/login pages but thanks for the suggestion.

Has anyone else got any simple solutions?

[jmotion]

jmotion, on Oct 22 2008, 07:59 PM, said:

Thank for the reply.

I installed oscommerce some time ago and I am just about to go live. I am hoping that I won't have to start with a fresh install just to get my SSL working on the checkout/login pages but thanks for the suggestion.

Has anyone else got any simple solutions?

I managed to resolve my problem and thought it was worth posting.

I also had configure.php files in admin/includes/local/ and catalog/includes/local/ (I believe this is for development use on local servers only). I removed the LOCAL folder from my webhost server which was good enough for one site. For my second site in addition to deleting the local folder, I had to take some of the data from these config files and add them to my main config files in admin/includes/configure.php and catalog/includes/configure.php.

This resolved my problems with getting the SSL to work on the checkout and admin pages and also my problem where my data was being pulled from my old database.

I am not 100% sure that this was the correct method but there is very little information on the net regarding the config files in the local folder...

Hope this helps someone...

[uncommonhound]

I'm having the similar problem... Did you find a fix?

georaldc, on Aug 28 2008, 04:18 PM, said:

I believe I got everything set up properly but I'm not sure if this behavior is normal:

Browsing the entire site normally gives me http in the address bar. Once I click the my account link to login or checkout, it changes to https. Now that's good and all but once I return back to a different link other than the login page, all the pages still stay as https, even those that were http previously. Also, removing the 's' in https, even when logged in gives me the http link of the current page I'm viewing. Is this normal?

[shunshifu]

uncommonhound, on Nov 4 2008, 05:44 AM, said:

I'm having the similar problem... Did you find a fix?

So am I. If you find a fix please post.

Thanks

Phil

[jje-007]

Simplyeasier, on May 16 2005, 01:14 PM, said:

What is (or Isn't) SSL ?

SSL stands for Secure Sockets Layer. This is technology derived in part from the military that encrypts data transfers across the internet. There are several flavours of SSL but the most prevalent one today is 128 bit encryption, but watch out 256 bit encryption is on it's way !
...
...
...
Charles

Hello all,

I am currently looking for a hoster. In the case of one hoster, he can do up to 256 bit encryption. I suppose that this is more secure than 128 bit encryption. My questions:

• Is 256-bit encryption possible in OS-commerce, whithout having to reprogram everything myself (something I am not able to do )?
  
• Or should I ask this provider for 128-bit encryption?
  
• To what extent is it reasonable that 128 is cheaper than 256?
  
• What are the advantges an disadvantages of each of these 2 choices?

Thanks for advising!
JJ

[aaroncornell]

Simplyeasier, on May 16 2005, 12:14 PM, said:

What is (or Isn't) SSL ?

SSL stands for Secure Sockets Layer. This is technology derived in part from the military that encrypts data transfers across the internet. There are several flavours of SSL but the most prevalent one today is 128 bit encryption, but watch out 256 bit encryption is on it's way !

For an e-trader, SSL encryption protects your customers transaction details as they are passed back and forth between their browser and your server \ domain. The data encryption happens at one end using a key and is deciphered at the other end using an equivalent key. The permutations for how data can be encrypted are astronomical making it virtually theft and interference proof during transit.

SSL DOES NOT PROTECT your server from attacks, nor your admin or catalog from malicious hacks. In order to protect your server and files you need to use facilities such as firewalls, virus checkers, Apache and IIS user and password protection for directories and files.

Why Do I Need SSL ?

You need SSL if you are selling to the public for two very good reasons.

1) Your customers expect it - As surfers become more sophisticated they look at your site and want to make sure their details will be safe should they order products. SSL seals are part - but a big part - in that re-assurance process. If the choice between two sites comes down to which offers transaction security - do you want to be the site that misses out ?

2) Even if you have unsophisticated customers who do not look for SSL encryption before they buy - if the data they send you is intercepted and misused - you could land up being in heavy lawsuits for amongst many other things negligence. This is a small possibility - but do you want to take the risk ?

How Does SSL Work With OsCommerce ?

The workings of SSL with osCommerce are quite straightforward.
Once your SSL is installed - see sections below, you set the configuration paths for https:// in catalog/includes/configure.php and admin/includes/configure.php, enable SSL and the code takes care of the rest.

If you look through the code you will see example after example of statements that refer to SSL where osC is making a decision based on request type as to whether to display the secured or non secured pages.

In short neither you nor your customers has to type in https:// into the address line to get to secure pages. osCommerce will identify from the configuration if SSL is installed and direct browsers to the correct page depending on what the browser is doing on your site.

How Do I Get SSL ?

1) Surf and find a Certificate issuer you feel happy with where you buy your SSL cerificate for a period of time 1 year, 2 year etc etc)

Things to look out for are

a) They own or have a trusted root in most browsers.

All browsers come pre-installed with so called Trusted roots.

These prevent Joe Shmoe and his cousin Joe Bloggs from issuing worthless certificates that cannot do the encrypting to unsuspecting buyers.

To see trusted roots if you use IE go to Internet Options under tools and select the content tab where you will see in the middle section all the trusted root certs installed on IE and their issuers.

b ) If they don't have a trusted root in most browsers make sure they have a cert known as a chaining cert that links whatever they sell to you with a trusted root.

What is the difference -

Trusted root sellers are EXPENSIVE and very well recognised brands.

Chaining certs are affordable - They are still 128 bit encryption hence no less secure - but the brands are less well known.

2) Get your host to raise a CSR (Certificate Signing request) - To do this the host will need certain information from you, especially if they are not also your registrar. Such info will be your domains registered admistrator. This info will be required by the SSL issuer. Along with the CSR they also generate a key that will be used to encrypt and decipher data transmissions from your server \ domain. -

Things to look out for are

Your certificate will encrypt data in a very precise way - if the cert is issued to www.yourdomain.com it will NOT encrypt transfers between yourdomain.com and browsers and vice versa.

So make sure you instruct your host to get the CSR raised with the correct AND full name of the domain you want to be encrypted.

I normally use the domain name without the www. qualifier because servers for a number of reasons can strip the www. off, but I have yet to see a server add it on without a deliberate redirect.

3) Send the CSR to your cert issuer who will vet the details and write to the administrator noted when the CSR was raised.

4) Assuming you are the administrator of your domain - you will have to acknowledge the mail from the issuer and OK the SSL.

5) The issuer will raise a SSL cert and send it to you. If you are using a chaining issuer they will also send a chain certificate.

6) Send these to your host who will install as follows :
a) The SSL cert will be installed in a directory on your server along with the chaining certificate if applicable.
b ) They will also instal the key they generated in step 2 above.
c) They will then add certain statements known as directives to your Apache configure files. These tell Apache that the site has SSL encryption certification.

Making SSL Work With The Catalog and Admin

In order to make SSL work with osCommerce you need to set the correct configuration paths in

a) catalog/includes/configure.php

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://www.yourdomain.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://yourdomain.com'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.yourdomain.com');
define('HTTPS_COOKIE_DOMAIN', 'yourdomain.com');
define('HTTP_COOKIE_PATH', '/catalog/');
define('HTTPS_COOKIE_PATH', '/catalog/');
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');

b ) admin/includes/configure.php

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://www.yourdomain.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTP_CATALOG_SERVER', 'http://www.yourdomain.com');
define('HTTPS_CATALOG_SERVER', 'https://yourdomain.com');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

* Note the assumptions above - The certificate was issued WITHOUT the www. qualifier and this shop is installed in Catalog directory ONE level below root.

In normal working - these changes above will result in a small padlock being shown in the bottom right of your browser status bar when you navigate to a secure page AND your address line will show the https:// URL instead of http://

Trouble Shooting

1) Security Alert

The alert box says info you exchange with this site cannot be viewed or changed by others. However there is a problem with the sites security certificate.

The box has 3 levels of alert

a) The certificate is from a trusted certifying authority - Green tick for good or Red cross for bad will show
b ) The security certificate date is valid - Green tick for good or Red cross for bad will show
c) The name on the security certificate is invalid or does not match the name of the site - Green tick for good or Red cross for bad will show

If the problem is a) then you need to take account of How Do I Get SSL point 1 above !
If the problem is B ) you need to extend the certificates validity - refer to the issuer.
If the problem is c) Your certificate has probably been issued with or without the www. and you have used the other spellng in your configure files. Make sure the cert name as issued is used in the configure.php files. (See How Do I Get SSL point 2 above)

2) This page has both secure and insecure items

This alert appears if the secured page the browser is trying to show has objects or references that point to non secured domains.

So for instance if you had a graphical image of credit cards as processed by your gateway and say you were hotlinking to the images with a piece of code such as <img src="http://mycreditcardprocessor.com.....> That image is not on your encrypted domain hence the alert would show.

Often this problem will appear from one or more of three sources

a) Where you are hotlinking images for your products from the wholesalers server
b ) objects in your footer
c) objects in your boxes in the columns

3) Page 404 (unavailable)

If you set your site up and during instal you choose SSL security WITHOUT having done the stuff in here you may get 404's when you try to access secured pages.

Wrapping Up

1) Self issued certificates

Some people have dedicated servers and even on some shared server you can raise a self issued SSL certification. This does everything as above except the certificate root does not exist in browsers. Therefore your site may be secure (although I do not profess to know if self certificates offer 128 bit encryption), BUT your site visitors will ALWAYS get the alert in Trouble Shooting point 1.

Even though the alert says the site is safe, this is perhaps worse than not having a certificate as it alerts people to the fact that there is a problem with the certificate - and people do not like problems !!!

2) Shared SSL certificates

Talk to your host for the path you need to apply in your configure.php paths

Charles

thanks Charles. that is very thorough and im good at following directions but the problem im having is that when i go to alter the code to provision the changes for SSL, i have to set file permissions from 444 in Filezilla. once i do that i get the error message on my site. "Warning, I am able to write to the configuration file......" I cant get rid of that pink bar nor can i change my file permissions back to 444. what do you think? thank you for any assistance.

[treeman]

Hi,

I am wondering if somebody could tell me if the following setup would work or create any problems:

I have several domains for which I plan to host a few different oscommerce instances. They will all be originating
from the same ip and same box, so for http traffic I will be using apache virtual hosts.

Now for https I plan to buy a certificate for one of my domains, lets call it "secure-checkout.com"

So each domain will have 1 website/catalog assigned through http,

domain1.com -> /catalog1
domain2.com -> /catalog2
domain3.com -> /catalog3


Now when users from each website access a https area I plan on redirecting them to "secure-checkout.com" for which I will
have a certificate.

Since all my catalogs are on the same box then the below setup will also work
secure-checkout.com/catalog1
secure-checkout.com/catalog2
secure-checkout.com/catalog3

Now here is my question, in the configuration if i set all my https traffic to secure-checkout.com but keep my http traffic
to individual domains will this create any problems?

Example



http://domain1.com/catalog1 => https://secure-checkout.com/catalog1
http://domain2.com/catalog2 => https://secure-checkout.com/catalog2
http://domain3.com/catalog3 => https://secure-checkout.com/catalog3


Any comments or thoughts would be very appreciated, thanx guys

[mycreativewishes]

I got a question, I have everything else setup in the configure.php like is described below except for the following:

define('HTTPS_COOKIE_DOMAIN', 'yourdomain.com');
define('HTTP_COOKIE_PATH', '/catalog/');
define('HTTPS_COOKIE_PATH', '/catalog/');
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');

I don't have the site setup in a catalog folder, it is installed directly in the public_html folder. Does that make a difference and do I need to change "catalog" to something else like root directory or public_html?

Thanks

Joe

[treeman]

/catalog should be the folder name under which index.php is.
So if your index.php is in public_html e.g /public_html/index.php then you need to set it to
/public_html

[germ]

Probably need to use:

define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '/');
define('DIR_WS_HTTP_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');

[bwit]

We recently got the SSL installed on one of our website : www.bongsnbongs.com

but we keep on getting the error that the site contains both secure and insecure links after I click on any product which comes in HTTPS url as there are some HTTP links also .

I recently checked another good Oscommerce website http://www.mrgadget.com.au/catalog/
and for SSL which comes after Checkout it goes to

https://secure.mrgadget.com.au

Also NOTE that the error for secure and insecure links do not come even in IE although the links on this website have both HTTP and HTTPS .

My Query is :
1) they have the SSL to "secure.mrgadget.com.au" and not to "www.mrgadget.com.au" . Is it better to have the SSL like thi instaed of the complete URL
2) Why this website do not have secure and insecure prompt though if you check the source it has both HTTP and HTTPS links
3) How to enable SSL only on CHECKOUT
4) How is it possible that they have all the product and category links to HTTP even if they are in HTTPS domain

Any inputs from you is appreiciated

[BryceJr]

bwit, on 04 November 2009, 08:34, said:

We recently got the SSL installed on one of our website : www.bongsnbongs.com

but we keep on getting the error that the site contains both secure and insecure links after I click on any product which comes in HTTPS url as there are some HTTP links also .

I recently checked another good Oscommerce website http://www.mrgadget.com.au/catalog/
and for SSL which comes after Checkout it goes to

https://secure.mrgadget.com.au

Also NOTE that the error for secure and insecure links do not come even in IE although the links on this website have both HTTP and HTTPS .

My Query is :
1) they have the SSL to "secure.mrgadget.com.au" and not to "www.mrgadget.com.au" . Is it better to have the SSL like thi instaed of the complete URL
2) Why this website do not have secure and insecure prompt though if you check the source it has both HTTP and HTTPS links
3) How to enable SSL only on CHECKOUT
4) How is it possible that they have all the product and category links to HTTP even if they are in HTTPS domain

Any inputs from you is appreiciated

Double post. Follow ->here

[latincosmo]

"You configured HTTP(80) on the standard HTTPS(443) port!" on /var/log/httpd/error_log and blank page when accessing www.mydomain.com

Hello everyone, I was trying to install SSL certificate for a week now, with no success.

My Server info:
Linux Distro: Fedora 10 2.6.27.12-170.2.5.fc10.i686
HTTP Server: Apache/2.2.11 (Fedora)
PHP Version: 5.2.9 (Zend: 2.2.0)
OpenSSL support enabled
OpenSSL Version OpenSSL 0.9.8g

I'm my own hosting and have only one domain in one linux box with 1 interface, 1 public IP address and no virtual domains.
Hostname is "web" so certificate was issued to web.mydomain.com
httpd.conf and ssl.conf have both a line "ServerName www.mydomain.com"

Now, after uncommenting "SSLEngine on" in ssl.conf file, making necesary changes in /includes/configure.php and /admin/includes/configure.php and restarting httpd service:

[root@web conf.d]# service httpd restart

Stopping httpd: [ OK ]
Starting httpd:
Apache/2.2.11 mod_ssl/2.2.11 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server www.mydomain.com:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.
[ OK ]

Everything looks good so far, but I get:

"You configured HTTP(80) on the standard HTTPS(443) port!" on error_log and blank page when accessing www.mydomain.com


Any clue on what i am missing??

Thank you all for reading

[pingpongrob]

Hi All, I have read through every post in this Section, and for the life of me cannot find an answer to my problem.

I've been trying to get my SSL connection to work within the admin area, but it seem to fall in a heap. None of the images (icons display)

I have checked the configure file in the admin/includes directory.

 $Id: configure.php,v 1.14 2003/02/21 16:55:24 dgw_ Exp $

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2002 osCommerce

  Released under the GNU General Public License
*/

// define our webserver variables
// FS = Filesystem (physical)
// WS = Webserver (virtual)
  define('HTTP_SERVER', 'http://www.affordablett.com.au'); // eg, http://localhost or - https://localhost should not be NULL for productive servers
  define('HTTP_CATALOG_SERVER', 'http://www.affordablett.com.au');
  define('HTTPS_CATALOG_SERVER', 'https://www.affordablett.com.au/~affordab/');
  define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
  define('DIR_FS_DOCUMENT_ROOT', '/home/affordab/public_html/shop/'); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)
  define('DIR_WS_ADMIN', '/shop/admin/');
  define('DIR_FS_ADMIN', '/home/affordab/public_html/shop/admin/');
  define('DIR_WS_CATALOG', '/shop/');
  define('DIR_FS_CATALOG', '/home/affordab/public_html/shop/');
  define('DIR_WS_IMAGES', 'images/');
  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
  define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
  define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
  define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
  define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
  define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
  define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
  define('HTTPS_SERVER', 'https://www.affordablett.com.au'); // secure webserver for admin
  define('ENABLE_SSL', 'false');	// enable SSL for customers/orders viewing
// define our database connection
  define('DB_SERVER', '');
  define('DB_SERVER_USERNAME', 'xxxxxxxxx');
  define('DB_SERVER_PASSWORD', 'xxxxxxxxx');
  define('DB_DATABASE', 'xxxxxxxxxxxx');
  define('USE_PCONNECT', 'true');
  define('STORE_SESSIONS', '');

I have obviosly changed the line define('ENABLE_SSL', 'false'); // enable SSL for customers/orders viewing to true and even tried 1, but no icons will display.
can someone point me in the right direction.

I have got the SSL to work correctly in the shop site. Except for the images being unsecured - not sure if they matter anyway.

your help would be apprecated.

Thanks in advance.

[germ]

pingpongrob, on 05 December 2009, 12:36, said:

Hi All, I have read through every post in this Section, and for the life of me cannot find an answer to my problem.

I've been trying to get my SSL connection to work within the admin area, but it seem to fall in a heap. None of the images (icons display)

I have checked the configure file in the admin/includes directory.

 $Id: configure.php,v 1.14 2003/02/21 16:55:24 dgw_ Exp $

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2002 osCommerce

  Released under the GNU General Public License
*/

// define our webserver variables
// FS = Filesystem (physical)
// WS = Webserver (virtual)
  define('HTTP_SERVER', 'http://www.affordablett.com.au'); // eg, http://localhost or - https://localhost should not be NULL for productive servers
  define('HTTP_CATALOG_SERVER', 'http://www.affordablett.com.au');
  define('HTTPS_CATALOG_SERVER', 'https://www.affordablett.com.au/~affordab/');
  define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
  define('DIR_FS_DOCUMENT_ROOT', '/home/affordab/public_html/shop/'); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)
  define('DIR_WS_ADMIN', '/shop/admin/');
  define('DIR_FS_ADMIN', '/home/affordab/public_html/shop/admin/');
  define('DIR_WS_CATALOG', '/shop/');
  define('DIR_FS_CATALOG', '/home/affordab/public_html/shop/');
  define('DIR_WS_IMAGES', 'images/');
  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
  define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
  define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
  define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
  define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
  define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
  define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
  define('HTTPS_SERVER', 'https://www.affordablett.com.au'); // secure webserver for admin
  define('ENABLE_SSL', 'false');	// enable SSL for customers/orders viewing
// define our database connection
  define('DB_SERVER', '');
  define('DB_SERVER_USERNAME', 'xxxxxxxxx');
  define('DB_SERVER_PASSWORD', 'xxxxxxxxx');
  define('DB_DATABASE', 'xxxxxxxxxxxx');
  define('USE_PCONNECT', 'true');
  define('STORE_SESSIONS', '');

I have obviosly changed the line define('ENABLE_SSL', 'false'); // enable SSL for customers/orders viewing to true and even tried 1, but no icons will display.
can someone point me in the right direction.

I have got the SSL to work correctly in the shop site. Except for the images being unsecured - not sure if they matter anyway.

your help would be apprecated.

Thanks in advance.

Looks to me like the store isn't getting the cue from the server that SSL is on.

SSL Help

SSL Help support thread