Jump to content

Archived

This topic is now archived and is closed to further replies.

Simplyeasier

The SSL In OsCommerce Guide For The Innocent

Recommended Posts

Hello all,

 

I am having problems with SSL on my site as well:

 

Catalog - The padlock is not appearing and when logged in some pages are SSL and some are not.

Admin ? I have tried in vain to SSL protect this but it just ain't happening

 

Your base href isn't switching.

 

<base href="http://www.mysite.co.uk/">

 

You better post the results from myenv.php and the line from application_top.php


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

hello alan my catalog side is working properly. but the admin shows "you are not protected...." at first page.

next when i click on modules-->payments link a page opens with the pad lock , but no payment methods are there. the list is empty. when i go to "tools" link , it gives error "backups directory is not created.."

still the padlock is there.

 

here is my configure.php:

 

define('HTTP_SERVER', 'http://www.bathroomsupplies.co.uk'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://ss63.shared.server-system.net/~bathroomsupplies.co.uk/'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', 'true'); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.bathroomsupplies.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'ss63.shared.server-system.net/~bathroomsupplies.co.uk/');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

 

AND here is adminn/icludes/configure.php (i named the "admin" as "adminn" don't wory it's right):==

 

define('HTTP_SERVER', 'https://ss63.shared.server-system.net/~bathroomsupplies.co.uk/'); // eg, http://localhost or - https://localhost should not be NULL for productive servers

define('HTTP_CATALOG_SERVER', 'http://www.bathroomsupplies.co.uk');

define('HTTPS_CATALOG_SERVER', 'https://ss63.shared.server-system.net/~bathroomsupplies.co.uk/');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)

 

define('DIR_WS_ADMIN', 'adminn/');

define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);

define('DIR_WS_CATALOG', '/');

define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);

 

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

 

And when i runs https://ss63.shared.server-system.net/~bath...co.uk/myenv.php

the answer is:

 

HTTP HOST: ss63.shared.server-system.net

Server Port: 443

SSL Status: on

Fowarded Server:

Fowarded Host:

Fowarded By:

 

And when i runs http://ss63.shared.server-system.net/~bath...co.uk/myenv.php

the answer is:

 

HTTP HOST: ss63.shared.server-system.net

Server Port: 80

SSL Status:

Fowarded Server:

Fowarded Host:

Fowarded By:

 

my line 41 is:

========

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

can you help me.

please help me

Share this post


Link to post
Share on other sites
Your base href isn't switching.

 

<base href="http://www.mysite.co.uk/">

 

You better post the results from myenv.php and the line from application_top.php

 

Hi Alan,

 

Normal http myenv.php results in:

$HTTP_HOST = www.mysite.uk

$HTTPS_HOST =

getenv('SERVER_PORT') = 80

getenv('HTTPS') =

getenv('HTTP_X_FORWARDED_SERVER') =

getenv('HTTP_X_FORWARDED_HOST') =

getenv('HTTP_X_FORWARDED_BY') =

$_SERVER['HTTPS'] =

getenv('DOCUMENT_ROOT') = /home/mysite/public_html

$DOCUMENT_ROOT = /home/mysite/public_html

 

SSL https myenv.php results in:

$HTTP_HOST = www.mysite.co.uk

$HTTPS_HOST =

getenv('SERVER_PORT') = 443

getenv('HTTPS') = on

getenv('HTTP_X_FORWARDED_SERVER') =

getenv('HTTP_X_FORWARDED_HOST') =

getenv('HTTP_X_FORWARDED_BY') =

$_SERVER['HTTPS'] = on

getenv('DOCUMENT_ROOT') = /home/mysite/public_html

$DOCUMENT_ROOT = /home/mysite/public_html

 

And this is what the line in application_top.php looks like:

// set the type of request (secure or not)

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

And...thanks in advance.

 

Cheers,

 

Nagsy

Share this post


Link to post
Share on other sites

PS I also tried changing the request type to check for port 443 in application_top.php when in SSL mode, but still no joy.

Share this post


Link to post
Share on other sites
PS I also tried changing the request type to check for port 443 in application_top.php when in SSL mode, but still no joy.
I don't know what the problem is. Most likely something you've changed in your code.

 

I'd install a basic test installation in a different directory and once that's working you may understand what's going wrong.


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites
I don't know what the problem is. Most likely something you've changed in your code.

 

I'd install a basic test installation in a different directory and once that's working you may understand what's going wrong.

 

Ok.....thanks for your help anyway.

 

Nagsy

Share this post


Link to post
Share on other sites

hello alan !

my catalog side is working fine with my shared ssl and also my admin is now working well but only a single issue remains.

 

When i go to my admin page the page is shown:

"You are not protected by a secure ssl conection" + No padlock is there.

But when i click on "Administration" link at the top of same page.

this page is now shown to be protected by a 256_bit connection.all other links are also working fine.

Can any one answer me.??

Share this post


Link to post
Share on other sites
hello alan !

my catalog side is working fine with my shared ssl and also my admin is now working well but only a single issue remains.

 

When i go to my admin page the page is shown:

"You are not protected by a secure ssl conection" + No padlock is there.

But when i click on "Administration" link at the top of same page.

this page is now shown to be protected by a 256_bit connection.all other links are also working fine.

Can any one answer me.??

http://forums.oscommerce.com/index.php?s=&...ndpost&p=744686


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

hey i'm haveing some problems with SSL, i installed a SSL cert, my cart is secure, but in order for it to be secure i have to enter the 's' after 'http' in oder to make 'https', how would i go about fixing this? also when i go to "https://www.mydomain.com/catalog" there are no images, just boxes with red X's, how can i fix this?

 

heres my catalog Configure.php

 

 

<?php

/*

osCommerce, Open Source E-Commerce Solutions

 

http://www.oscommerce.com

 

Copyright ? 2003 osCommerce

 

Released under the GNU General Public License

*/

 

 

//Define the webserver and path parameters

 

//* DIR_FS_* = Filesystem directories (local/physical)

 

//* DIR_WS_* = Webserver directories (virtual/URL)

 

 

define('HTTP_SERVER', 'https://products.mickeysmotors.com'); // eg, http://localhost - should not be empty for productive servers

 

define('HTTPS_SERVER', 'https://mickeysmotors.com'); // eg, https://localhost - should not be empty for productive servers

 

define('ENABLE_SSL', 'true'); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'products.mickeysmotors.com');

 

define('HTTPS_COOKIE_DOMAIN', 'mickeysmotors.com');

 

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

 

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

define('DIR_WS_IMAGES', 'images/');

 

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

 

define('DIR_WS_INCLUDES', 'includes/');

 

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

 

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

 

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

 

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

 

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

 

define('DIR_FS_CATALOG', 'D:/hshome/mickeys/products.mickeysmotors.com/catalog/');

 

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

 

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

 

define('DB_SERVER', '72.41.4.4'); // eg, localhost - should not be empty for productive servers

 

define('DB_SERVER_USERNAME', 'Mickeys_motors');

 

define('DB_SERVER_PASSWORD', 'paitt');

define('DB_DATABASE', 'Mickeys_motors');

 

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

?>

 

 

 

Heres my admin configure.php

 

<?php

/*

$Id: configure.php,v 1.3 2003/09/30 16:13:41 serg Exp $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2002 osCommerce

 

Released under the GNU General Public License

*/

 

// define our webserver variables

// FS = Filesystem (physical)

// WS = Webserver (virtual)

define('HTTP_SERVER', 'https://products.mickeysmotors.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers

define('HTTP_CATALOG_SERVER', 'https://products.mickeysmotors.com');

define('HTTPS_CATALOG_SERVER', 'https://products.mickeysmotors.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)

define('DIR_WS_ADMIN', '/admin/');

define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);

define('DIR_WS_CATALOG', '/catalog/');

define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

// define our database connection

define('DB_SERVER', '');

define('DB_SERVER_USERNAME', 'mysql');

define('DB_SERVER_PASSWORD', '');

define('DB_DATABASE', 'osCommerce');

define('USE_PCONNECT', 'false');

define('STORE_SESSIONS', '');

?>

 

 

thanks for any help

Share this post


Link to post
Share on other sites

doesnt matter, you do not have a db username / password where anyone can get to things. if you are worried about your domain name, well your domain name is out there for the world, no big secret. unless you dont want to sell anything.


John Oligario

 

Knowledge Base Contributions

Share this post


Link to post
Share on other sites

I've got an interesting situation, if anyone can help me...

I've got a shared SSL cert with my host... The https pages don't seem to be able to set cookies (the http pages can).

 

Here' my catalog/includes/config.php info:

 

define('HTTP_SERVER', 'http://www.aquariumsnstuff.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://secure.monkeyfeather.com/~ad1028/oscommerce/catalog'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.aquariumsnstuff.com');

define('HTTPS_COOKIE_DOMAIN', 'secure.monkeyfeather.com/~ad1028/oscommerce/catalog');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

 

I do have the "Force cookies" option set, because I don't like the oscID in the URL of my pages.

 

Basically, whenever I visit to a secure page (i.e. "My Account") a cookie isn't set, and I get redirected to the cookie_usage.php page.

 

Thanks in advance...

Share this post


Link to post
Share on other sites
I've got an interesting situation, if anyone can help me...

I've got a shared SSL cert with my host... The https pages don't seem to be able to set cookies (the http pages can).

I do have the "Force cookies" option set, because I don't like the oscID in the URL of my pages.

 

Basically, whenever I visit to a secure page (i.e. "My Account") a cookie isn't set, and I get redirected to the cookie_usage.php page.

 

Thanks in advance...

This has been covered many, many times before.

 

You can not use force cookies with shared ssl. The user comes into the site from two different urls. Basic internet security requires that a browser can not access cookies set by another site. For all intents and purposes as far as the browser is concerned your shared ssl secure pages come from a different site, it's a different url.

 

Just think about it, say this rule did not exist.

 

I know what the cookies look like for this forum, I have them on my machine. So if I could trick you into visiting another site which I control I could read your osC forum cookies and pretend that I was you. See the reason now?


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

Excellent topic! a must read for those like me who are newbie in SSL. I just like to know if I can use the SSL Manager in cPanel for osCommerce? I want to know how Private Keys, Cerificate Signing Request, and Cerificates(CRT) works?

 

I'am now studying this aspect of my shop, and I'am very concern about the privacy and security in regards to credit card number being hacked and use in illegal purchase of goods. Is the security features of SSL in osCommerce transactions will not be compromise by hackers?

Share this post


Link to post
Share on other sites

My server has shared cert and it is required to create an ssl folder and upload files to it. I want the user sign up form and the shopping cart checkout to be secure. What files are required and how do I point them to the folder?

Share this post


Link to post
Share on other sites

I purchased a dedicated SSL from ipower.com , they emailed me and said:

The second and final stage of your SSL certificate installation has been completed. The certificate has been successfully installed onto the server, and your unique IP address is 11.11.11.11. (All numbers there, i switched them just in case, it is not really all "1's" but i am still new to all of this and im not sure if i can post that.) Then they said "We have changed the DNS settings for your domain to point to this new IP address, and these changes should take effect within the next 12-24 hours. Until then, you can view your SSL-enabled site by going to the following address: https://11.11.11.11

 

I followed the instructions on this forum, and i just cannot get my SSL to work, can someone help? I am new to this so i must be doing something ditzy!

 

The top of my includes/configure.php is

 

<?php

/*

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.jawproducts.com'); // eg, http://localhost - should not be empty for

 

productive servers

define('HTTPS_SERVER', 'https://.jawproducts.com'); // eg, https://localhost - should not be empty for

 

productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.jawproducts.com');

define('HTTPS_COOKIE_DOMAIN', 'jawproducts.com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

 

and my admin/includes/configure.php is

 

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.jawproducts.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'http://www.jawproducts.com');

define('HTTPS_CATALOG_SERVER', 'https://jawproducts.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/home/jawprodu/public_html/catalog/'); // where the pages are located on the server

define('DIR_WS_ADMIN', '/catalog/admin/'); // absolute path required

define('DIR_FS_ADMIN', '/home/jawprodu/public_html/catalog/admin/'); // absolute path required

define('DIR_WS_CATALOG', '/catalog/'); // absolute path required

define('DIR_FS_CATALOG', '/home/jawprodu/public_html/catalog/'); // absolute path required

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

i thought i was supposed to change the https_server part to the https://xx.xx.xx.xx but i guess ia m wrong? please help!! i also changed application.php to say // set the type of request (secure or not)

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

can someone tell me why i dont have the padlock AND when iget to a checkout page i just get page not found...

Share this post


Link to post
Share on other sites

The ssl certificate on your website is made out to 'host391.ipowerweb.com' and not to your domain.

 

The installation of a full ssl cert requires that your site (instead of using a shared ip address) has a dedicated ip address of its own. This is probably what they are referring to. There will be a cache on the server which will require up to 24 hrs to update to the new ip address, and also each ISP will have a cache of your domain on its shared ip address. Basically - you have to wait 1-2 days before you can use the full cert.

 

Vger

Share this post


Link to post
Share on other sites

i am confused. we paid for this over a week ago, they told us this was finished over a week ago. we paid for a dedicated ssl certificate. so im still confused? how do i fix this configure and is that link with the numbers the address? is that what i put in the configure?

Share this post


Link to post
Share on other sites

Since I last posted the certificate details on your website have changed to your own full ssl cert, but it's still not showing a padlock in the browser. From other things I see it is obvious that the new ip address has still not fully propagated on the server.

 

Also remember that your ssl cert is made out to www.jawproducts.com, so your http and https_cookie_domains should be made out to 'www.jawproducts.com', and your http server address should be made out to http://www.jawproducts.com (not strictly necessary, but it keeps things consistent) and your https server addresses should be made out to https://www.jawproducts.com (this one is necessary).

 

Vger

Share this post


Link to post
Share on other sites

Hi,

 

I posted this on General support without much luck so I'll try here.

 

I've got SSL working on the main page, as mentioned previously it works when required, that is logon, account creation and checkout. However there is one issue. Once you log in, their are 5 pictures on the front page, that I created, that are located in images directory do not load up under https.

 

In admin I still cannot get the images to load under https. Now these images are located under sub directories in the images/ directory. Could this be a problem?

 

Just to help out the relevant code for each is

 

admin/includes/configure.php

define('DIR_WS_CATALOG', '/'); // absolute path required

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

 

includes/configure.php

define('DIR_WS_IMAGES', 'images/');

 

well I think this is the relevant code I could be completely wrong

 

Regards

Neil

Share this post


Link to post
Share on other sites

I thought that I would throw out some information about secured pages for the greenhorns out there like myself that may not understand how this stuff works.

 

Even though I set my SSL up correctly on my site I was still having problems getting alert windows stating that I had mixed content, or secure and unsecure items on my page.

 

It took me a while to realize that one of the problems was the banners in my footer which were loading in from outside servers. These were "unsecure" even though they were in no way comprimizing the security of the site. It just doesn't look good for customers to see anything that might look like your site is insecure.

 

The answer to this was found on these forums and all you have to do is find this code in includes/footer.php:

 

echo tep_display_banner('static', $banner);

 

and replace it with this:

 

if ($request_type != 'SSL') {echo tep_display_banner('static', $banner);}

 

Now your banners will only show up when the page is not an ssl page.

 

Another problem that I ran into was that I was using absolute links to some of the images on my front page. That can be an issue once someone logs into their account and returns to the front page. Only use relative links to your image folder and you wont have that problem.

 

Hope this helps. I would hate for folks to have to go through my foibles.

Share this post


Link to post
Share on other sites

×