Jump to content

Archived

This topic is now archived and is closed to further replies.

Simplyeasier

The SSL In OsCommerce Guide For The Innocent

Recommended Posts

I'm about to post something for those having problems with error messages or images not showing when you're website is accessing secure areas:

 

1) I took AlanR's advice to create a small file called myenv.php. I ran the file to see how my server responded. I then posted the proper code given by AlanR in line 41 of /includes/application_top.php

 

 

2) I was still having problems with images not showing in secure areas. So, I called my host and the tech told me to add the address of the secure server to the list of 'HotLink Protection' area in the Control panel. (i.e. https://secure.server.com)

 

Now I have no problems with nonsecure items and all images show in secure areas.

 

I hope this helps someone.

 

Have a nice day :thumbsup:

Share this post


Link to post
Share on other sites

SSL - A question or two ...

 

Scenario

Dedicated Windows Server 2003 (pro package with 1and1)

iis v6 (configured to use .php files with php5isapi.dll)

dedicated ssl cert from thawte

 

osCommerce Online Merchant v2.2 RC1

PHP Version 5.2.3 (php5isapi.dll)

 

Configuring the config parameters as per the docs ...

 

define('HTTP_SERVER', 'http://www.allweathercovers.co.uk'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.allweathercovers.co.uk'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.allweathercovers.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'allweathercovers.co.uk');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

 

Other bits defined as usual ...

 

Browsing to https://www.allweathercovers.co.uk returns a blank page no matter what I change. Can Oscommerce use https with php isapi on iis or is it not possible?

 

In addition I have tried various fixes found through the forum but without success including changing all instances of 'getenv' to 'tep_getenv' and using the compatability function in compatability.php

 

function tep_getenv($index) {

if (isset($_SERVER[$index])) return $_SERVER[$index];

elseif (isset($_ENV[$index])) return $_ENV[$index];

else return false;

}

 

Any ideas ???

 

James

Share this post


Link to post
Share on other sites

Hi.

 

I have a heavily modified osCommerce installation.

I have just obtained FreeSSL to test the SSL capabilities

of osCommerce and am just waiting for my hosting

company to install it.

 

When it is installed, what will be the next step. I know

how to configure the configure.php files, but on my

server I have two folders ... Public_Html and

Public_SSL. Currently all my folders are in

public_html, but if I go to the https:// version

of my site, it opens up the test index.html file

currently in Public_ssl.

Will I have to copy all or some of my files to the

public_ssl directory, or is there an easier way of

going about this.

Also, I only want the osCommerce installation to

connect to the secure server when a customer

is either creating an account, logged in or going

through the checkout procedure ... I don't want

SSL when just anyone is browsing the site, as

I have counters and stuff for statistics that will be

disabled when SSL activates.

How would I go about this.

 

Regards

 

Itai Etzman.

 

P.s. You can see my site at www.digitaladdiction.co.za

and type https:// to see the test file however, you will

get a security warning because the certificate isn't

installed yet.

Share this post


Link to post
Share on other sites
How do i install a verisign ssl cert in osc.

 

 

You must get your host to give you the CSR with the 100% correct domain name ... if you want to use the www ... then tell them.

Then you must go to the verisign website and submit all the correct information along with the CSR they give you (its a bunch of jumbled letters). Then they will verify that its you. Once thats done, they will send you the certificate ... more jumbled info ... which you give back to your host to install.

Your host will then either secure the current "Public_HTML" or "httpdocs" or whatever they use in your ftp server ... then just follow the steps in this form to adjust the configure.php. If your host creates a second folder i.e. "Public_SSL" or "httpsdocs" or whatever they call it ... tell them you want to use only 1 folder and that they must make the folder with your current oscommerce data the secured folder ... oscommerce does the rest.

 

On a side note ... I have secured www.digitaladdiction.co.za ... please can anyone go through it and if you get any security warnings or problems ... please e-mail me on webmaster@digitaladdiction.co.za ... if you want to create an account ... please e-mail me with the name used and I can delete it afterwords.

 

Regards

 

Itai Etzman

Share this post


Link to post
Share on other sites
Hi.

 

I have a heavily modified osCommerce installation.

I have just obtained FreeSSL to test the SSL capabilities

of osCommerce and am just waiting for my hosting

company to install it.

 

When it is installed, what will be the next step. I know

how to configure the configure.php files, but on my

server I have two folders ... Public_Html and

Public_SSL. Currently all my folders are in

public_html, but if I go to the https:// version

of my site, it opens up the test index.html file

currently in Public_ssl.

Will I have to copy all or some of my files to the

public_ssl directory, or is there an easier way of

going about this.

Also, I only want the osCommerce installation to

connect to the secure server when a customer

is either creating an account, logged in or going

through the checkout procedure ... I don't want

SSL when just anyone is browsing the site, as

I have counters and stuff for statistics that will be

disabled when SSL activates.

How would I go about this.

 

Regards

 

Itai Etzman.

 

P.s. You can see my site at www.digitaladdiction.co.za

and type https:// to see the test file however, you will

get a security warning because the certificate isn't

installed yet.

You will need to establish a symbolic link between your public_html and Public_SSL folders so that you can use one set of files. Ask you web host to do this for you. Otherwise, you will have to maintain two copies of your files.

Share this post


Link to post
Share on other sites

I am hosted at bluehost and they give a share SSL is this alright ? or do i have to buy extra thing ?

 

Here is what they say about the path can you tell me what exactly i have to put in my Oscommernce config please ?

 

 

What is the Path to my shared SSL certificate?

 

Solution

To use your SSL certificate you would point your hyperlinks that you want to be secure to https://secure.bluehost.com/~yourunixusername

Or you can purchase a dedicated ip address from us, for 30.00 per year and install your own SSL certificate that you have purchased.

 

If my transaction pass through paypal I still need to SLL my site ?

 

Thanks for your help :)

Share this post


Link to post
Share on other sites
I am hosted at bluehost and they give a share SSL is this alright ? or do i have to buy extra thing ?

 

Here is what they say about the path can you tell me what exactly i have to put in my Oscommernce config please ?

If my transaction pass through paypal I still need to SLL my site ?

 

Thanks for your help :)

It isn't whether you need it for paypal but that you need it to not lose customers. They will see that your site is not protected and some will leave. How many can you afford to lose?

 

Jack

Share this post


Link to post
Share on other sites

Hi I've been reading threads on ssl in trying to resolve my issues. made modifications listed but still don't know why my flash header or backround images aren't showing when ssl pages are viewed in Explorer.

I've changed all the http links to https in header file and tryed all the methods detailed.

My site is www.weaponsdrop.com/catalog

 

catalog/includes configure.php:

define('HTTP_SERVER', 'http://www.weaponsdrop.com'); // eg, http://localhost - ...

define('HTTPS_SERVER', 'https://www.weaponsdrop.com'); // eg, https://localhost ....

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.weaponsdrop.com');

define('HTTPS_COOKIE_DOMAIN', '.weaponsdrop.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

 

admin/includes configure.php:

define('HTTP_SERVER', 'https://www.weaponsdrop.com'); // eg, http://localhost - ...

define('HTTP_CATALOG_SERVER', 'https://www.weaponsdrop.com/catalog');

define('HTTPS_CATALOG_SERVER', 'https://www.weaponsdrop.com/catalog');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

Let me know what you think as this has me prety stumped. Thanks Chris

Share this post


Link to post
Share on other sites

This

define('HTTPS_COOKIE_DOMAIN', '.weaponsdrop.com');

should be

define('HTTPS_COOKIE_DOMAIN', '.www.weaponsdrop.com');

 

Jack

Share this post


Link to post
Share on other sites
This
define('HTTPS_COOKIE_DOMAIN', '.weaponsdrop.com');

should be

define('HTTPS_COOKIE_DOMAIN', '.www.weaponsdrop.com');

 

Jack

 

 

Hi Jack I tried that change with and without the . infront of the www.domain.com

but the flash header still fails to load. Do you have any other ideas?

Thanks Chris

Share this post


Link to post
Share on other sites

Do you have to install all this (which I'm lost with all that talk) when you use paypal only?

Share this post


Link to post
Share on other sites
Do you have to install all this (which I'm lost with all that talk) when you use paypal only?

 

 

Oh, I just found that same question. I just don't understand how to install it. That seems so complicated and I can't afford any errors to deal with. Can you make it simple stupid :'(

Share this post


Link to post
Share on other sites

I bought SSL from Godaddy.com and I host on Godaddy.com. I changed the codes to read like this and nothing happens when i go to SleeveKing.com, so I added www. to https servers in both.... which crashes msSQL database instantly! (my database crashes for minor changes to my site unknowingly) i had to reinstall databases twice I dont want to do it again. Why doesnt sleeveking.com get the lock or ssl?! the only place i see i have SSL is if i go to "https://sleeveking.com/admin]https://sleeveking.com/admin" it shows a lock!

 

includes/configure.php

define('HTTP_SERVER', 'http://www.sleeveking.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://sleeveking.com'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.sleeveking.com');
define('HTTPS_COOKIE_DOMAIN', 'sleeveking.com');
define('HTTP_COOKIE_PATH', '/catalog/');
define('HTTPS_COOKIE_PATH', '/catalog/');
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

admin/includes/configure.php

define('HTTP_SERVER', 'http://www.sleeveking.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTP_CATALOG_SERVER', 'http://www.sleeveking.com');
define('HTTPS_CATALOG_SERVER', 'https://sleeveking.com');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

Share this post


Link to post
Share on other sites

1) SSL, https, and lock image ONLY turn on in checkout and my account!!! I thought it wasnt working and reinstalled like 3 times before i went past my index :sweating:

 

2) "You have unsecure items" ..... click dont show items and you'll see what your exact problems are because they wont show then go fix each of them

 

my problem was the credit card image in my header. you have to change everything to your LOCAL domain

http://www.sleeveking.com/images/creditcards.gif

/images/creditcards.gif

hope this helps some of the newbie stuff you guys passed over quickly, i love figuring things out before someone answers

Share this post


Link to post
Share on other sites

Does the below look correct assuming if I'm using a shared SSL?

 

 

define('HTTP_SERVER', 'http://www.mysite.com');

define('HTTPS_SERVER', 'https://ssl.perfora.net/mysite.com');

define('HTTP_SERVER_BREADCRUMB', 'http://www.mysite.com/catalog/index.php');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'www.mysite.com');

define('HTTPS_COOKIE_DOMAIN', 'https://ssl.perfora.net/www.mysite.com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

Share this post


Link to post
Share on other sites

Why is the session id being passed in the url like below in my SSL pages??

 

create_account.php?osCsid=4d6464028d9919aee88485dae8044557

Share this post


Link to post
Share on other sites

I am on the verge of shooting myself with frustration here !

 

Is there anywhere else other than the 2 config files that could be stopping SSL from working ???

 

 define('HTTP_SERVER', 'http://www.gamesnash.ie'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://gamesnash.ie'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL',true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'http://www.gamesnash.ie');
 define('HTTPS_COOKIE_DOMAIN', 'https://gamesnash.ie');
 define('HTTP_COOKIE_PATH', '/catalog');
 define('HTTPS_COOKIE_PATH', '/catalog');
 define('DIR_WS_HTTP_CATALOG', '/catalog');
 define('DIR_WS_HTTPS_CATALOG', '/catalog');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

My SSL cert was issued without the www so this is fine and is working fine. I just can't get OSC to use it.

 

Would appreciate any thoughts.

Share this post


Link to post
Share on other sites

Here's a quirky one for you which may help others along the way.

 

Turns out that my host has a slightly modded version of OSC which installs literally with a click of button when you are doing it. However they have their own local configure files referenced around the code which override the configure files that come as standard - and I had to play around with those as well to get it working.

Share this post


Link to post
Share on other sites
Here's a quirky one for you which may help others along the way.

 

Turns out that my host has a slightly modded version of OSC which installs literally with a click of button when you are doing it. However they have their own local configure files referenced around the code which override the configure files that come as standard - and I had to play around with those as well to get it working.

 

Who is your host and what files did you change?

Share this post


Link to post
Share on other sites

I have created an SSL certificate using cpanel. It is found in: /home/energysa/ssl/certs/

I am using an account set up on a webhosting server.

I have editted both configure files as instructed in the beginning of this post.

But it's not working. Using firefox, my login, create account and checkout links come back with an error code: -12263

However I can still login to admin and it does not show https in the address bar.

My config files are as follows:

 

shop/includes/configure.php

 

define('HTTP_SERVER', 'http://www.energysavedirect.com');

define('HTTPS_SERVER', 'https://energysavedirect.com');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'www.energysavedirect.com');

define('HTTPS_COOKIE_DOMAIN', 'energysavedirect.com');

define('HTTP_COOKIE_PATH', '/shop/');

define('HTTPS_COOKIE_PATH', '/shop/');

define('DIR_WS_HTTP_CATALOG', '/shop/');

define('DIR_WS_HTTPS_CATALOG', '/shop/');

 

shop/admin/includes/configure.php

 

define('HTTP_SERVER', 'http://www.energysavedirect.com');

define('HTTP_CATALOG_SERVER', 'http://www.energysavedirect.com');

define('HTTPS_CATALOG_SERVER', 'https://energysavedirect.com');

define('ENABLE_SSL_CATALOG', 'true');

define('DIR_FS_DOCUMENT_ROOT', '/home/energysa/public_html/shop/');

define('DIR_WS_ADMIN', '/shop/admin/');

define('DIR_FS_ADMIN', '/home/energysa/public_html/shop/admin/');

define('DIR_WS_CATALOG', '/shop/');

define('DIR_FS_CATALOG', '/home/energysa/public_html/shop/');

 

Can anyone tell me what I'm doing wrong or what I need to do to get it working?

 

Cheers, Alex.

Share this post


Link to post
Share on other sites

Hi all,

 

I've installed a certificate from GoDaddy, but I think I've managed to mess up the site big-time.

 

1. For some reason, my products page is secure, but the shopping cart isn't. Does that make sense? It means that every time some one adds an item from a secure page (products listing) to an unsecure page (shopping cart), they get a warning message saying they are doing so. I'm trying to avoid any and all error messages about my SSL.

 

2. One you've filled up the shopping cart, clicking on "Checkout" brings you to the log in page, which is secure. I can't log in however - If I use an existing customer log in, it appears to complete the action, but simply refreshes the page - I can't actually get to my checkout pages now!

 

3. If I then try to create a new account, the page is secure, but when I submit the information, I find myself back in the index page (not the checkout page as I would expect), and find that my shopping cart's been emptied. And then I can't get to the checkout point once I fill my cart because I'm asked to log in. (see problem #2).

 

Fortunately, my admin side seems fine, but the above problems have rendered my site useless! Any help would be greatly appreciated. :blush:

 

Janna

Share this post


Link to post
Share on other sites

Hi,

 

when I go on SSL secured pages on my website, the URL in pictures show "http/..." and not "https//..."

 

Example :

 

If I go on https://www.myweb.fr/login.php

 

When I put the mouse on the banner, the URL I see is "http://www.myweb.fr/index.php"

 

But in SSL mode, I should see "https://www.myweb.fr/index.php" , no?

 

if in my configure.php if I put https in the first line:

 

define('HTTP_SERVER', 'https://www.myweb.fr'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.myweb.fr'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

 

it work perfeclty in https pages. ( but http don't work anymore)

 

and If I write http in 'HTTP_SERVER', I have a secutity alert in https pages (secured and non secured...)

 

Thanks for your help!

Share this post


Link to post
Share on other sites

×