Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Alert Window


JonPKibble

Recommended Posts

Since you created your own certificate, unless you have a trusted authority bundle to install on your server there is not much that you can do as far as I know.

 

My first question is why is your main site trying to use security anyway? Check your catalog/includes/configure.php file near the top and verify that your secure path is https and not http.

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

My secure path is HTTPS.

 

I am using security on the checkout module only, as the person's credit card # is entered on the site, and passed to 2Checkout.

 

Is there another way I can do this, to avoid the warning alerts?

Link to comment
Share on other sites

I received the security warning when initially visiting your site. The only time that a security check should be made is when in secure mode (like as you said during checkout, but not at the front door).

 

Something is wrong with your configuration to be receiving the security warning when at the standard store. Verify your standard catalog path otherwise you have something somewhere that is using https when it should not be.

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

Wrong setting.

 

At the top of your catalog/includes/configure.php there should be:

  define('HTTP_SERVER', 'http://http://www.OshkoshMagic.com'); // eg, http://localhost - should not be empty for productive servers

 define('HTTPS_SERVER', 'https://http://www.OshkoshMagic.com'); // eg, https://localhost - should not be empty for productive servers

 define('ENABLE_SSL', true); // secure webserver for checkout procedure?

 

Verify that the first is only http and the second is https.

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.oshkoshmagic.com');

define('HTTPS_SERVER', 'https://www.oshkoshmagic.com');

define('ENABLE_SSL', true);

 

 

 

That's what I have - do I need to do it like you did, with http://http:// ?

Link to comment
Share on other sites

I just looked at your site but saw no problems other than the warning about your certificate.

 

You get this warning because you are using a certificate given out by an organization that is not registered as trusted in the browser. As this organization is 'you', there is nothing you can do about it. The only thing to do is to obtain a certificate from an authorized organization.

Greetings from Marcel

|Current version|Documentation|Contributions|

Link to comment
Share on other sites

Thank you :)

 

Question - is there a way I can avoid the entire use of SSL, and have the person put their credit card in on 2Checkout's website, so I don't have to pay lots of money to become a "trusted site" (seems silly in my opinion, that all one needs to do is pay money, to become "trusted")

 

Please let me know

 

Thanks

Link to comment
Share on other sites

Why is the certificate being checked when you are going through a standard http connection instead of https? That does not seem right to me.

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

Question - is there a way I can avoid the entire use of SSL, and have the person put their credit card in on 2Checkout's website, so I don't have to pay lots of money to become a "trusted site" (seems silly in my opinion, that all one needs to do is pay money, to become "trusted")
If you set "ENABLE_SSL" to "false" in catalog/includes/configure.php then the site will run entirely without the use of SSL. You should ask yourself, however, if it's acceptable to have your customers enter their personal data/password on a normal link. Apart from that, I do not know if 2Checkout does supports what you want, perhaps someone else on the forum knows...
Why is the certificate being checked when you are going through a standard http connection instead of https?  That does not seem right to me.
Well, it didn't when I visited the site. It changed to SSL only when I clicked the login-link. Just as expected...

Greetings from Marcel

|Current version|Documentation|Contributions|

Link to comment
Share on other sites

"Why is the certificate being checked when you are going through a standard http connection instead of https? That does not seem right to me."

 

 

If I knew, I wouldn't be asking for help :) :) :)

 

I could have sworn someone on here mentioned something about entering the credit card on 2CO's website instead of on OSC. That would pretty much solve this problem, either that or getting an SSL certificate.

 

Thing is, 90% of my orders are through paypal. I do about $200 a month of credit card transactions, about 40% of which is profit, tops. So the cost to become a "Trusted" site doesn't seem justified.

 

And I still don't get how paying money equals trust :P

Link to comment
Share on other sites

Well it is working now. At the start of this thread, when you visited the main page you would be prompted with the security warning as if you were going through https, even though it was a standard http connection.

 

That is what the majority of this thread was about. That is too wierd.

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

And I still don't get how paying money equals trust :P
I agree on that, but it will keep the warnings away and may keep your customers from leaving too soon.

 

And remember: Disabling ssl means the passwords and personal data of your customers will travel over unencrypted links.

Greetings from Marcel

|Current version|Documentation|Contributions|

Link to comment
Share on other sites

That being said, where I can find the best price on a trusted SSL certificate?

 

I just looked at Verisign, Thawte, and Geotrust.... geotrust is the cheapest, are they all the same, what is the difference if any?

Link to comment
Share on other sites

I use instantssl on all mine.

 

You have to make sure this line is in the httpd.conf in the ssl define:

 

SSLCACertificateFile /usr/share/ssl/certs/cabundle.crt

 

otherwise you will get that not trusted error message.

 

When you install the certificate it might not get in there so you will have to put it in.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...