First stop: Read this:
How to install SSL on OSC: A Simple 1-2-3 Instruction, Simple, straighforward instructions
That thread contains the basics on modifying your /includes/configure.php file to enable SSL.
Common mistakes YOU can make that prevent SSL from working:
1. Forgetting to make the HTTPS_SERVER define with https in the URL.
define('HTTPS_SERVER', 'http://yourdomain.com');If you can't see the difference - LOOK CLOSER!
2. Forgetting to enable SSL in the configure file.
This turns it ON:
define('ENABLE_SSL', 'true'); // secure webserver for checkout procedure?This turns it OFF:
define('ENABLE_SSL', 'false'); // secure webserver for checkout procedure?3. Modifying the configure file on your local PC then NOT making sure the new one gets to the store website.
If you modify it locally and use FTP, Dreamweaver, Frontpage, or whatever, to transfer it to your site MAKE CERTAIN THE MODIFIED VERSION GETS TO YOUR SITE!!!
Sometimes file permissions can prevent a successful transfer to your website.
4. Not checking for and examining the contents of /includes/local/configure.php if it exists on your site.
This file isn't present on all installs, but if it is, ANYTHING IN IT OVERRRIDES ANYTHING IN THE "NORMAL" CONFIGURE FILE!!
Check for it, and if found examine it's contents.
It may not look like the normal configure file in one respect:
define('ENABLE_SSL', 1);The define for ENABLE_SSL may have a 1 or a 0 instead of true or false. If so, remember that 1 = true, 0 = false.
So you've done all that and it still doesn't work. All your images are X!
This probably means osC isn't getting the cue from the server that SSL is active.
The code that tests to see if SSL is active is in /includes/application_top.php around like 41:
// set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';Unfortunately this doesn't work an all servers.
If you're on "1 and 1" Hosting, this usually works:
// set the type of request (secure or not) $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';If it's a Windowz server, try this:
// set the type of request (secure or not) $request_type = ($_SERVER['HTTPS'] == 'on') ? 'SSL' : 'NONSSL';If neither of those are true for you try this:
// set the type of request (secure or not) $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';Always backup any file on your site before making any edits.
A file that doesn't work quite like you want it to is better than one that won't work at all.
And sometimes none of those settings work.
I've written a few programs to assist in debugging, and implementation of SSL and have made a contribution of them.
I will post a link to it and a brief explanation after it's uploaded.