Jump to content

Archived

This topic is now archived and is closed to further replies.

Simplyeasier

The SSL In OsCommerce Guide For The Innocent

Recommended Posts

FlyingKites,

 

you need to run your env.php from the domain of the https server

 

i.e. ssl.perfora.net/mydomain.com/catalog/admin/env.php

 

also, another helpful trick from Allen R is to create a docroot.php

 

<?php

echo 'Document Root: ' . getenv('DOCUMENT_ROOT');

?>

 

helps for absolute paths

 

BTW, what was wrong with mine? bad stupid lines in the end of my application_top.php

 

only need to make the 2 changes for SSL

 

Kevin

Share this post


Link to post
Share on other sites

well it was not from godaddy after all. anyway how can I tell if the certificate has actually been installed properly on his server (outside of oscommerce)? ared there files I should be able to see? should that env.php be telling me something?


Kym

Projects Director @ ozEworks.com

Share this post


Link to post
Share on other sites
FlyingKites,

 

you need to run your env.php from the domain of the https server

 

Yes, those results don't look like they came from an https url at all.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites
how can I tell if the certificate has actually been installed properly on his server (outside of oscommerce)?

 

Simple.

 

Just look at any old plain html page on the server through the https address.

 

If you can see it without getting an error and you get a solid padlock the ssl address is working.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

Has anyone come across this problem..

 

When I have shared SSL working correctly (padlock closed) it will not display ANY images in the catalog SSL side, thats logos, 1pixel.gif's, icons, product images etc etc.

 

Also, in the admin side when secured it gives this error and dispays no images..

 

Error: Catalog images directory does not exist: //public_html/store/images/

 

I am probably wrong but it looks to me like a path error? I have moved '/' about in the config.php's but to no avail.

 

I have tried as many as I can of the different configs kindly posted here and the base 'on' on line 41 seems to be the best for my server setup with the results from AlanR's helpful myenv.php report.

 

I installed a vanilla osC to test again and its still the same..

 

Anyone had this problem and managed to fix it?

 

Any help gratefully recieved.

Share this post


Link to post
Share on other sites

With regard to the no images in SSL mode.

 

I see now that any images residing in the 'includes/languages/english/images/' directory are displaying ok

 

:huh:

Share this post


Link to post
Share on other sites
Has anyone come across this problem..

 

When I have shared SSL working correctly (padlock closed) it will not display ANY images in the catalog SSL side, thats logos, 1pixel.gif's, icons, product images etc etc

 

Repost your question in Installation & Configuration. If we turn this thread into a clone of an I&C thread it becomes less useful for future readers, they'll have too many posts to wade through.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

Need help on the SSL configuration here. My site is under testing with a test SSL cert. The security locks disappear immediately after the page is loaded eg. at the login page. Below is my configure.php settings:

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.blueseatackle.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://blueseatackle.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.blueseatackle.com');

define('HTTPS_COOKIE_DOMAIN', 'blueseatackle.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/domains/blueseatackle.com/wwwroot/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

Hope some expert can solve my problem.

Share this post


Link to post
Share on other sites

Hi all.

 

I am pretty sure I know what I am doing with the SSL and all. But I do have a question.

 

I am questioning whether I should have my certificate made for 'www.mydomain.com' or just 'mydomain.com'

 

I am assuming, that given the changes to the code, if a user were at http://www.mydomain.com and proceeded to checkout, they would be sent to https://mydomain.com.

 

define('HTTP_SERVER', 'http://www.yourdomain.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://yourdomain.com'); // eg, https://localhost - should not be empty for productive servers

 

so everything would work out fine.

 

But for people on the other side of the world, buying my products, they may need the www prefix before mydomain.com. So consider that they need the www and that they are surfing http://www.mydomain.com. They go to checkout and are reditrected to https://mydomain.com (no www). Wouldnt this create a problem for them in not being able to access my site?

 

So if this is true, which it very well may not be (I have never tried to access a U.S. site from the other side of the world or vice versa as far as i know).....

 

If this is true, then should I have my certificate made for www.mydomain.com? and change the HTTPS_SERVER code to include the www prefix?

 

Someone knowledgable help me please :D

 

Thank you in advance,

Chris

Share this post


Link to post
Share on other sites

This has been a great source of information. Thank you to everyone.

 

Having spent the last hour reading, i now have my index page showing as https. BRILLIANT.

 

BUT..........

 

When i click on one of my products and all other pages are showing as http

 

WHY ?

 

I changed my configuration to read the https server define information.... and everything else i need to change....or so i thought.

Take a look at my config file and if someone could check it for me ?....I think its correct, but not sure why the rest of the site is not showing as http except the index page?

 

  define('HTTP_SERVER', 'http://www.belly-unique.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://secure.hosts.co.uk/~belly-unique.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.belly-unique.com');
 define('HTTPS_COOKIE_DOMAIN', 'https://secure.hosts.co.uk/~belly-unique.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', 'belly-unique.com');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

Thanking you ALL in advance for any help with this :rolleyes:

Share this post


Link to post
Share on other sites

Just to add that i find out that the checkout and account login IS HTTPS....but the products on display are not.....i guess this is correct ? :blush:

Share this post


Link to post
Share on other sites
Just to add that i find out that the checkout and account login IS HTTPS....but the products on display are not.....i guess this is correct ?  :blush:

 

 

DAMN......... now when i click on CHECKOUT...... the page cant be found ?

 

WHY WHY WHY ??????????

 

Please help with this one as this is crucial at the moment..... :'(

Share this post


Link to post
Share on other sites

Its ok....my ISP was playing silly games....probably backing up the server at the same time i was trying to gain access to https. All working :rolleyes:

Share this post


Link to post
Share on other sites

I have a SSL file when I look in my file manager of my host server. Is that it if so what do I do with it? Does it have to be in a certain dir? Sorry for the newbness :blush:

Share this post


Link to post
Share on other sites

I'm finding an odd problem with shared SSL (ie. a shared certificate offered by the hosting provider). The shop itself works perfectly with the shared cert, no problem. The administration area displays properly, but if I try to make any changes to an admin area (say, a shipping price) the value for that option gets wiped out entirely. This happens on all carts with a shared cert. Unfortunately, getting the client off the shared cart is not an option. Anyone else seen smiliar behaviour?

Share this post


Link to post
Share on other sites

I have a bit of info that may be useful to some.

 

There are 3 files that I had to edit in order for my SSL to work properly. So far (and i may be mistaken), I have only seen 2 main files being mentioned. (and of course catalog/includes/application_top.php for checking if ur server settings match the ur code.)

 

Here are the files I had to edit:

1. admin/includes/configure.php

2. catalog/includes/configure.php

3. catalog/includes/local/configure.php

 

Once I editted all three of them, it worked flawlessly.

 

My Conficuration:

Godaddy certificate.

Hosted with Hostexcellence.com

osCommerce 2.2

Share this post


Link to post
Share on other sites

Ok I have a proplem when I goto a secured part it comes up 404 page not found what am i dont wrong.

Share this post


Link to post
Share on other sites

I've got a little update on the little diagnostic file I posted here:

 

http://forums.oscommerce.com/index.php?sho...23entry672623

 

We had a user who had that version of that little myenv.php script come up completely blank on a dedicated ssl except for $HTTP_HOST, a test I didn't put in worked. So here's a slightly different version. It's got the tests more explicitly set out (easier to see what works and what doesn't) and it adds $_SERVER['HTTPS']

 

I threw in the document root queries for free. ;) (They're not really needed for the ssl fix)

 

Most of these things can be found by examining phpinfo.php but this puts them all together in a simple easy to understand way.

 

You can still name the script myenv.php or whatever you like. Check my previous post (linked above) to see how to use it.

 

 <?php
echo '$HTTP_HOST == ' . "$HTTP_HOST";
echo '<br>$HTTPS_HOST == ' . "$HTTPS_HOST";
echo '<br>getenv(\'SERVER_PORT\') == ' . getenv('SERVER_PORT');
echo '<br>getenv(\'HTTPS\') == ' . getenv('HTTPS');
echo '<br>getenv(\'HTTP_X_FORWARDED_SERVER\') == ' . getenv('HTTP_X_FORWARDED_SERVER');
echo '<br>getenv(\'HTTP_X_FORWARDED_HOST\') == ' . getenv('HTTP_X_FORWARDED_HOST');
echo '<br>getenv(\'HTTP_X_FORWARDED_BY\') == ' . getenv('HTTP_X_FORWARDED_BY');
echo '<br>$_SERVER[\'HTTPS\'] == ' . $_SERVER['HTTPS'];
echo '<br>getenv(\'DOCUMENT_ROOT\') == ' . getenv('DOCUMENT_ROOT');
echo '<br>$DOCUMENT_ROOT == ' . "$DOCUMENT_ROOT";
?>


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

God bless your heart AlanR!!!!!!!!!!!!

 

I've been trying to figure this out for 4-5 days, finally did a search on the board and found your posts. My problem was solved by adding

 

$request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

 

in application top.

 

Thanks again!

Share this post


Link to post
Share on other sites

OK, I'm not getting it.

 

I've set up certs using cpanel ssl manager. The cert is for myaddon.com

I've done a fantastico install into myaddon.com/store

 

Since this is an addon domain, the install is actually in /home2/mydomain/public_html/myaddon/store

 

I've looked at the includes/configure.php and the HTTP and HTTPS SERVERS were all set to no www.

I've tried all 4 combinations and have not succeeded.

 

It shows as secure, but always responds "/store/create_account.php was not found on this server".

Share this post


Link to post
Share on other sites

Hello,

 

If you would to https://terfex.com/account.php on my store you will be told "the page contains both secure and non-secure items" and I want to remove this.

 

This is because of the paypal and visa pics on right side of my store.

 

Please tell me that how do i get rid of this message... please tell me step by step as i m new and i know this is an easy job but i still dont know how to go about this.

 

 

Bye

Share this post


Link to post
Share on other sites

Hi, I made a post a little while back. I got my SSL working great in my catalog. But I have a problem with ssl in my admin directory. Something is not configured correctly in my admin files.

 

I can log into my admin dir using https://mysite.com/admin. But once i click on a link, say 'configuration', it goes to http://mysite.com/admin/configuration.php...

 

Does anyone know, really know, what files need to be edited and how in the admin section?? This would really help since my store will launch soon and dont want my customer's credit card info being transfered un-encrypted....

 

Thank you very much in advance.

 

Chris :thumbsup:

Share this post


Link to post
Share on other sites
Hi, I made a post a little while back. I got my SSL working great in my catalog. But I have a problem with ssl in my admin directory. Something is not configured correctly in my admin files.

 

I can log into my admin dir using https://mysite.com/admin. But once i click on a link, say 'configuration', it goes to http://mysite.com/admin/configuration.php...

 

Does anyone know, really know, what files need to be edited and how in the admin section?? This would really help since my store will launch soon and dont want my customer's credit card info being transfered un-encrypted....

 

Thank you very much in advance.

 

Chris :thumbsup:

 

 

i've been having the same problem, anyone know a fix for this?

Share this post


Link to post
Share on other sites
Hi, I made a post a little while back. I got my SSL working great in my catalog. But I have a problem with ssl in my admin directory. Something is not configured correctly in my admin files.

 

I can log into my admin dir using https://mysite.com/admin. But once i click on a link, say 'configuration', it goes to http://mysite.com/admin/configuration.php...

 

Does anyone know, really know, what files need to be edited and how in the admin section?? This would really help since my store will launch soon and dont want my customer's credit card info being transfered un-encrypted....

 

Thank you very much in advance.

 

Chris :thumbsup:

 

I have the same problem, I read every single messeges in this thrade but nothing helped...


?,???`???,?? God must love stupid people, he made so many ??,???`???,?

Share this post


Link to post
Share on other sites

Hi..

my configure.php content is as follows.. my admin configure is similar .. Do I need to change anything else so that once a user goes from checkout_shipping to checkout_payment.php, they should get to the SSL enabled page?

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://scrapmode.com');

define('HTTPS_SERVER', 'https://scrapmode.com');

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.scrapmode.com');

define('HTTPS_COOKIE_DOMAIN', 'scrapmode.com');

define('HTTP_COOKIE_PATH', '/osc/catalog/');

define('HTTPS_COOKIE_PATH', '/osc/catalog/');

define('DIR_WS_HTTP_CATALOG', '/osc/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/osc/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

Share this post


Link to post
Share on other sites

×