JonPKibble Posted April 17, 2003 Share Posted April 17, 2003 How can I get the alert window to stop popping up when people first visit my site? The URL is: http://www.OshkoshMagic.com I have a feeling this might give some people the wrong idea. Link to comment Share on other sites More sharing options...
Daemonj Posted April 17, 2003 Share Posted April 17, 2003 Since you created your own certificate, unless you have a trusted authority bundle to install on your server there is not much that you can do as far as I know. My first question is why is your main site trying to use security anyway? Check your catalog/includes/configure.php file near the top and verify that your secure path is https and not http. "Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein Link to comment Share on other sites More sharing options...
JonPKibble Posted April 17, 2003 Author Share Posted April 17, 2003 My secure path is HTTPS. I am using security on the checkout module only, as the person's credit card # is entered on the site, and passed to 2Checkout. Is there another way I can do this, to avoid the warning alerts? Link to comment Share on other sites More sharing options...
Daemonj Posted April 17, 2003 Share Posted April 17, 2003 I received the security warning when initially visiting your site. The only time that a security check should be made is when in secure mode (like as you said during checkout, but not at the front door). Something is wrong with your configuration to be receiving the security warning when at the standard store. Verify your standard catalog path otherwise you have something somewhere that is using https when it should not be. "Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein Link to comment Share on other sites More sharing options...
JonPKibble Posted April 17, 2003 Author Share Posted April 17, 2003 Ok, what do I need to do, in order to do that? Link to comment Share on other sites More sharing options...
JonPKibble Posted April 17, 2003 Author Share Posted April 17, 2003 My catalog path is correct.... how can I correct this problem? Link to comment Share on other sites More sharing options...
JonPKibble Posted April 17, 2003 Author Share Posted April 17, 2003 Someone please help :) :) :) Link to comment Share on other sites More sharing options...
grantjm Posted April 18, 2003 Share Posted April 18, 2003 What does the path to your catalog say? Is it http://www.mystore.com/ or https://www.mystore.com/ BG Making the internet community better. Knowledge is power. Link to comment Share on other sites More sharing options...
JonPKibble Posted April 18, 2003 Author Share Posted April 18, 2003 The default setting: define('DIR_WS_CATALOG', '/catalog/'); // absolute path required What should it be set to? I think you might be onto something. Link to comment Share on other sites More sharing options...
JonPKibble Posted April 18, 2003 Author Share Posted April 18, 2003 I tried changing it to other things, nothing else seemed to load the pictures right. Link to comment Share on other sites More sharing options...
Daemonj Posted April 18, 2003 Share Posted April 18, 2003 Wrong setting. At the top of your catalog/includes/configure.php there should be: define('HTTP_SERVER', 'http://http://www.OshkoshMagic.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://http://www.OshkoshMagic.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? Verify that the first is only http and the second is https. "Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein Link to comment Share on other sites More sharing options...
JonPKibble Posted April 18, 2003 Author Share Posted April 18, 2003 // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.oshkoshmagic.com'); define('HTTPS_SERVER', 'https://www.oshkoshmagic.com'); define('ENABLE_SSL', true); That's what I have - do I need to do it like you did, with http://http:// ? Link to comment Share on other sites More sharing options...
M@rcel Posted April 18, 2003 Share Posted April 18, 2003 I just looked at your site but saw no problems other than the warning about your certificate. You get this warning because you are using a certificate given out by an organization that is not registered as trusted in the browser. As this organization is 'you', there is nothing you can do about it. The only thing to do is to obtain a certificate from an authorized organization. Greetings from Marcel |Current version|Documentation|Contributions| Link to comment Share on other sites More sharing options...
JonPKibble Posted April 18, 2003 Author Share Posted April 18, 2003 Thank you :) Question - is there a way I can avoid the entire use of SSL, and have the person put their credit card in on 2Checkout's website, so I don't have to pay lots of money to become a "trusted site" (seems silly in my opinion, that all one needs to do is pay money, to become "trusted") Please let me know Thanks Link to comment Share on other sites More sharing options...
Daemonj Posted April 18, 2003 Share Posted April 18, 2003 Why is the certificate being checked when you are going through a standard http connection instead of https? That does not seem right to me. "Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein Link to comment Share on other sites More sharing options...
M@rcel Posted April 18, 2003 Share Posted April 18, 2003 Question - is there a way I can avoid the entire use of SSL, and have the person put their credit card in on 2Checkout's website, so I don't have to pay lots of money to become a "trusted site" (seems silly in my opinion, that all one needs to do is pay money, to become "trusted")If you set "ENABLE_SSL" to "false" in catalog/includes/configure.php then the site will run entirely without the use of SSL. You should ask yourself, however, if it's acceptable to have your customers enter their personal data/password on a normal link. Apart from that, I do not know if 2Checkout does supports what you want, perhaps someone else on the forum knows...Why is the certificate being checked when you are going through a standard http connection instead of https? That does not seem right to me.Well, it didn't when I visited the site. It changed to SSL only when I clicked the login-link. Just as expected... Greetings from Marcel |Current version|Documentation|Contributions| Link to comment Share on other sites More sharing options...
JonPKibble Posted April 18, 2003 Author Share Posted April 18, 2003 "Why is the certificate being checked when you are going through a standard http connection instead of https? That does not seem right to me." If I knew, I wouldn't be asking for help :) :) :) I could have sworn someone on here mentioned something about entering the credit card on 2CO's website instead of on OSC. That would pretty much solve this problem, either that or getting an SSL certificate. Thing is, 90% of my orders are through paypal. I do about $200 a month of credit card transactions, about 40% of which is profit, tops. So the cost to become a "Trusted" site doesn't seem justified. And I still don't get how paying money equals trust :P Link to comment Share on other sites More sharing options...
Daemonj Posted April 18, 2003 Share Posted April 18, 2003 Well it is working now. At the start of this thread, when you visited the main page you would be prompted with the security warning as if you were going through https, even though it was a standard http connection. That is what the majority of this thread was about. That is too wierd. "Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein Link to comment Share on other sites More sharing options...
M@rcel Posted April 18, 2003 Share Posted April 18, 2003 And I still don't get how paying money equals trust :PI agree on that, but it will keep the warnings away and may keep your customers from leaving too soon. And remember: Disabling ssl means the passwords and personal data of your customers will travel over unencrypted links. Greetings from Marcel |Current version|Documentation|Contributions| Link to comment Share on other sites More sharing options...
JonPKibble Posted April 18, 2003 Author Share Posted April 18, 2003 That being said, where I can find the best price on a trusted SSL certificate? I just looked at Verisign, Thawte, and Geotrust.... geotrust is the cheapest, are they all the same, what is the difference if any? Link to comment Share on other sites More sharing options...
M@rcel Posted April 18, 2003 Share Posted April 18, 2003 Can't help you with that one, sorry. Search for "certificate" in the forums should bring up some references. Greetings from Marcel |Current version|Documentation|Contributions| Link to comment Share on other sites More sharing options...
JonPKibble Posted April 18, 2003 Author Share Posted April 18, 2003 Just tried InstantSSL.com - they have a free trial. This looks good. Link to comment Share on other sites More sharing options...
Guest Posted April 18, 2003 Share Posted April 18, 2003 I use instantssl on all mine. You have to make sure this line is in the httpd.conf in the ssl define: SSLCACertificateFile /usr/share/ssl/certs/cabundle.crt otherwise you will get that not trusted error message. When you install the certificate it might not get in there so you will have to put it in. Link to comment Share on other sites More sharing options...
JonPKibble Posted April 18, 2003 Author Share Posted April 18, 2003 Thanks!:) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.