Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

The SSL In OsCommerce Guide For The Innocent


Simplyeasier

Recommended Posts

To see trusted roots if you use IE go to Internet Options under tools and select the content tab where you will see in the middle section all the trusted root certs installed on IE and their issuers.

 

Hi,

 

The company I am looking at say they own the root used to issue the certificate but their name does not appear in the trusted root certs section in Internet Options. Does this mean that a warning will come up each time on my site if I went with them?

 

Thanks

-turner2000

Link to comment
Share on other sites

  • Replies 401
  • Created
  • Last Reply

includes/configure.php

 

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.greatlakesanime.com'); // eg, [url=http://localhost]http://localhost[/url] - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.greatlakesanime.com'); // eg, [url=https://localhost]https://localhost[/url] - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.greatlakesanime.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.greatlakesanime.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');

 

admin/includes/configure.php

 

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://greatlakesanime.com'); // eg, [url=http://localhost]http://localhost[/url] - should not be empty for productive servers
 define('HTTP_CATALOG_SERVER', 'http://www.greatlakesanime.com');
 define('HTTPS_CATALOG_SERVER', 'https://www.greatlakesanime.com');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

 

 

My name is register as www.greatlakesanime.com.Does that look right?Because the https things are not working on my site.Also my store in uloaded in the root not the catalog folder.

Link to comment
Share on other sites

hello!

 

I have just installed the ssl certificate on my website. Everything seems to be ok... it shows in the catalog... and it shows in the administration panel...

 

1. however, in the admin I have a statement that worries me; it says:

You are protected by a unknown secure SSL connection

In the address bar I have https://www.mydomain.com/.... this is when you open the admin panel, before you take any action... Do you have any idea how I can correct that to show 128 Bit or something like that? The certificate is from Geotrust.

 

2. Could you, please, have a look at My Webpage and tell me if you get any error about the SSL certificate? I would really appreciate that...

 

Thank you for your time and support! :)

Link to comment
Share on other sites

1. however, in the admin I have a statement that worries me; it says:
You are protected by a unknown secure SSL connection

In the address bar I have https://www.mydomain.com/.... this is when you open the admin panel, before you take any action... Do you have any idea how I can correct that to show 128 Bit or something like that? The certificate is from Geotrust.

Thank you for your time and support! :)

You could have found the answer by reading this thread more carefully.

 

http://www.oscommerce.com/forums/index.php?sho...86entry744686

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

I've read about a third of this thread and can't find my specific problem (but it's probably here)

 

I created and ran myenv.php and got this:

 

HTTP HOST: www.lyndamart.com

Server Port: 80

SSL Status:

Fowarded Server:

Fowarded Host:

Fowarded By:

 

In a word NADA.

 

When I click on "My Account" I get that I'm entering securec pages, but I never do.

 

All I get are "The page cannot be displayed" pages.

 

(and the padlock is open on the admin panel)

 

Any suggestions? :blush:

Link to comment
Share on other sites

I've read about a third of this thread and can't find my specific problem (but it's probably here)

 

I created and ran myenv.php and got this:

 

HTTP HOST: www.lyndamart.com

Server Port: 80

SSL Status:

Fowarded Server:

Fowarded Host:

Fowarded By:

 

In a word NADA.

 

When I click on "My Account" I get that I'm entering securec pages, but I never do.

 

All I get are "The page cannot be displayed" pages.

 

(and the padlock is open on the admin panel)

 

Any suggestions? :blush:

I can't find the script at https://lyndamart.com/myenv.php or https://www.lyndamart.com/myenv.php. Are you trying to use an ssl proxy (shared ssl)?

 

First off, try the later version of the script, there's an extra query.

 

http://www.oscommerce.com/forums/index.php?s=&...ndpost&p=713688

 

If that offers no help then look at this post...

 

http://www.oscommerce.com/forums/index.php?s=&...ndpost&p=824536

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

I can't find the script at https://lyndamart.com/myenv.php or https://www.lyndamart.com/myenv.php. Are you trying to use an ssl proxy (shared ssl)?

 

First off, try the later version of the script, there's an extra query.

 

http://www.oscommerce.com/forums/index.php?s=&...ndpost&p=713688

 

If that offers no help then look at this post...

 

http://www.oscommerce.com/forums/index.php?s=&...ndpost&p=824536

 

_______________________________

 

No on the shared ssl.

 

_______________________________

 

results of the improved script:

 

$HTTP_HOST == www.lyndamart.com

$HTTPS_HOST ==

getenv('SERVER_PORT') == 80

getenv('HTTPS') ==

getenv('HTTP_X_FORWARDED_SERVER') ==

getenv('HTTP_X_FORWARDED_HOST') ==

getenv('HTTP_X_FORWARDED_BY') ==

$_SERVER['HTTPS'] ==

getenv('DOCUMENT_ROOT') == /home/lyndama/public_html

$DOCUMENT_ROOT == /home/lyndama/public_html

 

_______________________________

 

Working on the 3rd item.

Link to comment
Share on other sites

Hey guys, I have spent a few days trouble shooting my ssl. I have read through the forum looking for anything that might help me. I have my includes/configure.php & admin/includes/configure.php set up as mentioned at the beginning of this topic. My csr has been approved and I have it in my signed certificates in cpanel. When I go to my site and nav to a https:// page I get "The page cannot be displayed". I'm having alot of trouble with this one! Any Ideas?

 

My Site

 

 Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.ashleyannedesigns.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://ashleyannedesigns.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.ashleyannedesigns.com');
 define('HTTPS_COOKIE_DOMAIN', 'ashleyannedesigns.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

Link to comment
Share on other sites

I have read everything thats above and my config files matches, i removed all links to external sites but i still get the security warning about you will be directed to a page with secure and unsecure files (along with not getting the padlock to show, i am currently speaking with template monster who i bought then template from. i was told the padlock may not show because of sloppy coding).

Is it that my SSL is made out to www.mydomain.com and that my OSC is installed directly to the root instead of to a catalog folder?(sorry for being such a bother):blush:

Thanks again

Link to comment
Share on other sites

I have read everything thats above and my config files matches, i removed all links to external sites but i still get the security warning about you will be directed to a page with secure and unsecure files (along with not getting the padlock to show, i am currently speaking with template monster who i bought then template from. i was told the padlock may not show because of sloppy coding).

Is it that my SSL is made out to www.mydomain.com and that my OSC is installed directly to the root instead of to a catalog folder?(sorry for being such a bother):blush:

Thanks again

 

What is your site url?

Link to comment
Share on other sites

What is your site url?

 

Sorry again for being such a pain. I finally got the padlock to show i tried a couple days ago with the getenv.php file that AlanR posted but this was the responce i got

HTTP HOST: www.aventdesigns.com

Server Port: 80

SSL Status:

Fowarded Server:

Fowarded Host:

Fowarded By:

that looked blanked to me so i was lost, then further in the forun he stated that most https:// are linked to port 443 and most http:// are 80. So i decided to just changes line 41 in the application_top.php to $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; without knowing why on earth i'm doing it, BUT IT WORKED!!!! Now my padlock comes up when the http:// changes to https://.

Now i'm thanking the lord for AlanR for helping out "not so smart people" like myself :thumbsup:

Thanks Again

Link to comment
Share on other sites

Sorry again for being such a pain. I finally got the padlock to show i tried a couple days ago with the getenv.php file that AlanR posted but this was the responce i got

HTTP HOST: www.aventdesigns.com

Server Port: 80

SSL Status:

Fowarded Server:

Fowarded Host:

Fowarded By:

that looked blanked to me so i was lost, then further in the forun he stated that most https:// are linked to port 443 and most http:// are 80. So i decided to just changes line 41 in the application_top.php to $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; without knowing why on earth i'm doing it, BUT IT WORKED!!!! Now my padlock comes up when the http:// changes to https://.

Now i'm thanking the lord for AlanR for helping out "not so smart people" like myself :thumbsup:

Thanks Again

 

Glad you got it working. ;) And I don't think you were being a pain. Sometimes I find the answers to my question right after I post it. :( "Can't see the forest for the trees"

Link to comment
Share on other sites

I have SSL by Geotrust through netfirms I have 3 stores setup 1) is basically stock and the secure pages are fine, 2) a test site that I use to test code (last mod installed was PWA), 3) A fairly moded store.

 

In store 1 and 2 all secure page are perfect. Store 3 on the other hand has this page contains secure and unsecure blah blah blah. I have searched and searched and I am ready to give up.

 

EX.

On my login page I removed the header L/R columns and the footer still no luck the only images are the buttons and some text.

 

I honestly have no Idea what to do.

Can someone give me an idea to try or would like to look at my store and tell me what it might be. My host isnt helping me much other then giving me info that I already know and have tried.

 

Thanks in advance

Link to comment
Share on other sites

I have read through all these posts and found them all very useful but I still am a bit confused - sorry

 

I have just purchased an SSL with Geotrust. My ISP is Vodahost and I have purchased a dedicated IP address and I think I have done everything I need to do.

 

I have received an email from Geotrust saying Congratulations you have purchased an SSL with a load of script!!!! What do I do with it?

 

I'm pretty sure my configure.php files are OK - if I change the enable SSL from True to False I am able to create accounts, login and checkout all OK. As soon as I change the configure.php to True I get "Page cannot be displayed" Although I get this message the URL states https so I think that is correct.

 

What else do I need to do?

 

Any help would be most appreciated.

 

Thanks

Link to comment
Share on other sites

  • 2 weeks later...

Can someone help please?

Ever since I have installed my SSL cert. everything works fine except that I can't download my data base backups to my computer anymore. A message says the site cannot be opened or doesn't exist. I have encountered this problem ever since installing the SSL so I'm assuming it's because of that. Has anyone had the same problem? :(

~ Don't mistake my kindness for weakness ~

Link to comment
Share on other sites

I'm a bit confused. I've read most of the thread and here's what I don't get. Am I supposed to upload my code to both my httpdocs/ and httpsdocs/ directories? The SAME CODE? If this is the case, this is a maintenance nightmare!

 

Can I just link? (Which I probably cannot do since I don't have terminal access.)

 

There's got to be a better way to do this than to duplicate data.

 

Better solutions appreciated.

 

ezjam

Link to comment
Share on other sites

I'm a bit confused. I've read most of the thread and here's what I don't get. Am I supposed to upload my code to both my httpdocs/ and httpsdocs/ directories? The SAME CODE? If this is the case, this is a maintenance nightmare!

 

Can I just link? (Which I probably cannot do since I don't have terminal access.)

 

There's got to be a better way to do this than to duplicate data.

 

Better solutions appreciated.

 

ezjam

You're right, it sucks if you have to load both directories. Your hosting company can fix this for you by setting up a symlink from the https directory to the http one or you may be able to do it yourself, have a look at webadmin, it allows you to set up symlinks.

 

http://wacker-welt.de/webadmin/

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

You're right, it sucks if you have to load both directories. Your hosting company can fix this for you by setting up a symlink from the https directory to the http one or you may be able to do it yourself, have a look at webadmin, it allows you to set up symlinks.

 

http://wacker-welt.de/webadmin/

 

Muchas Gracias Se?or. U DA MAN. Did it through Plesk. One simple little checkbox and it is all done.

 

ezjam

Link to comment
Share on other sites

Hello all. Thanks for the thread, Ive reviewed and reviewed the postings to find my answer but nothing worked for me. So hopefully someone can help!

I bought and loaded the SSL certificate. I changed the 2 files everyone said in this thread, but I still am not seeing the beloved goldlock on the bottom anywhere! Ive tried to check out and it doesnt show. Here are my two files:

 

Includes/configure:

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.nighttimeplay.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://nighttimeplay.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.nighttimeplay.com');

define('HTTPS_COOKIE_DOMAIN', 'nighttimeplay.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

 

 

and then the admin/inlcudes/cinfig says this:

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.nighttimeplay.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'http://www.nighttimeplay.com');

define('HTTPS_CATALOG_SERVER', 'https://nighttimeplay.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/home/garyeep/public_html'); // where the pages are located on the server

define('DIR_WS_ADMIN', '/admin/'); // absolute path required

define('DIR_FS_ADMIN', '/home/garyeep/public_html/admin/'); // absolute pate required

define('DIR_WS_CATALOG', '/'); // absolute path required

define('DIR_FS_CATALOG', '/home/garyeep/public_html/'); // absolute path required

 

Thanks in advance!

Link to comment
Share on other sites

Very informative,

 

however I have a question. Do you know if there is a way of turning off the 'you are about to be transferrd to a non-secure page' - when switching between https to http??? I am worried my clients will be put off by the warning message.

 

J

Link to comment
Share on other sites

I also need help here. Here's my code:

 

(For /includes/configure.php)
// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://shop.thereignofcatsanddogs.com/'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://thereignofcatsanddogscom.secure.powweb.com/'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'shop.thereignofcatsanddogs.com');
 define('HTTPS_COOKIE_DOMAIN', 'thereignofcatsanddogs.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');

(for /admin/includes/configure.php)
// define our webserver variables
// FS = Filesystem (physical)
// WS = Webserver (virtual)
 define('HTTP_SERVER', 'http://shop.thereignofcatsanddogs.com/'); // eg, http://localhost or - https://localhost should not be NULL for productive servers
 define('HTTP_CATALOG_SERVER', 'http://shop.thereignofcatsanddogs.com/');
 define('HTTPS_CATALOG_SERVER', 'https://thereignofcatsanddogscom.secure.powweb.com/');
 define('ENABLE_SSL_CATALOG', true); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', '/www/t/thereignofca/shop/htdocs/'); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)
 define('DIR_WS_ADMIN', '/admin/');
 define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);
 define('DIR_WS_CATALOG', '/');
 define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);
 define('DIR_WS_IMAGES', 'images/');

 

Nothing happens - all pages are still http://. Any thoughts?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...