Jump to content

Archived

This topic is now archived and is closed to further replies.

Simplyeasier

The SSL In OsCommerce Guide For The Innocent

Recommended Posts

I guess I should add one more thing. I'm so used to it that I forget that others might not know.

 

How do you know if your ssl is switching on and off as it should? Simple, in source view, near the top of every page you'll see in your browser you'll find this line:

 

In http (no ssl engaged, regular pages)

 

<base href="http://www.somedomain.com/catalog/"> (assuming you're using the catalog folder)

 

In https (ssl engaged - my account, checkout, etc.)

 

<base href="https://www.somedomain.com/catalog/">

 

or for shared ssl something like this:

 

<base href="https://ssl.myhost.com/somedomain/catalog/">

 

That's it. That's what line 41 is all about, it sets that line. So when you find a broken padlock or the images aren't loading that's the first place you need to look. The goal is to get that switching back and forth as you change from http to https and back.

 

Fanyastic information and advice here - Thanks guys. I do have a couple of slight problems which I would be very grateful for a steer on.

 

I use 1and1 and am now aware that using the shared SSL is not too easy. However thanks to the tips in the forum I have made progress. When moving from cart to checkout SSL seems to kick in and I am diverted to https://sslrelay.com/mydomain.co.uk/etcetc.

 

However the locked padlock flashes up for less than a second and then disappears. What is going on here and is it a problem? If so how can I fix it? It would be so nice to see the secure padlock on the checkout page to give my customers some added security and confidence.

 

Secondly SSL in Admin???? I can access this using the https://sslrelay.com/mydomain/ catalog/admin and the secure padlock appears (although the bottom left hand side shows "You are not protected by a secure SSL connection." However I can also access this admin area through http://www.mydomain.co.uk/catalog/admin/ Surely I should not be able to do this as it could be a security gap? Am I going mad?? Sorry if these are stupid questions but many thanks for the fantastic help and pointers so far!


You will never learn if you don't try. And boy am I trying....!

Share this post


Link to post
Share on other sites
Fanyastic information and advice here - Thanks guys. I do have a couple of slight problems which I would be very grateful for a steer on.

 

I use 1and1 and am now aware that using the shared SSL is not too easy. However thanks to the tips in the forum I have made progress. When moving from cart to checkout SSL seems to kick in and I am diverted to https://sslrelay.com/mydomain.co.uk/etcetc.

 

However the locked padlock flashes up for less than a second and then disappears. What is going on here and is it a problem? If so how can I fix it? It would be so nice to see the secure padlock on the checkout page to give my customers some added security and confidence.

 

Secondly SSL in Admin???? I can access this using the https://sslrelay.com/mydomain/ catalog/admin and the secure padlock appears (although the bottom left hand side shows "You are not protected by a secure SSL connection." However I can also access this admin area through http://www.mydomain.co.uk/catalog/admin/ Surely I should not be able to do this as it could be a security gap? Am I going mad?? Sorry if these are stupid questions but many thanks for the fantastic help and pointers so far!

 

 

Ok, strangely I have got the SSL admin working fine but still cannot get the catalog working fully in SSL. When checking out the site diverts to the ssl page (shared ssl) and is fine. When loging in I am again diverted to ssl pages. However on all of these occassions the treasured "Golden Padlock" flickers on for a second or two and then disappears.

 

My guess would be that it is a link from "outside" but I have managed to disable banners when in the SSL side of the site such as checkout. I have no external counter so must have missed something obvious.

 

Please would someone have a look and make some suggestions please. The site is here http://www.pianocoversonline.co.uk/catalog

 

Many thanks.


You will never learn if you don't try. And boy am I trying....!

Share this post


Link to post
Share on other sites
Please would someone have a look and make some suggestions please. The site is here http://www.pianocoversonline.co.uk/catalog

 

Many thanks.

Just look at the source view. You're pulling in all kinds of stuff from http: sources.

 

<script language="javascript"><!-- function session_win() {
window.open("http://www.pianocoversonline.co.uk/catalog/
info_shopping_cart.php?osCsid=
51bd45214a195b97c7142e72e247e026","info_shopping_cart","
height=460,width=430,toolbar=no,statusbar=no,scrollbars=yes"
).focus(); } //--></script>

var phpmyvisitesURL =
"http://www.pianocoversonline.co.uk/stats/phpmyvisites.php";
<script language=javascript
src="http://www.pianocoversonline.co.uk/stats/phpmyvisites.
js"></script> <img
src="http://www.pianocoversonline.co.uk/stats/phpmyvisites.
php" alt="phpMyVisites" style="border:0" />
src="http://rcm-uk.amazon.co.uk/e/cm?t=arcadianscric-21&o=2&
p=6&l=bn1&mode=video-games-uk&browse=403718&=1&fc1=&lt1=&lc1
=&bg1=&f=ifr"


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites
Just look at the source view. You're pulling in all kinds of stuff from http: sources.

 

<script language="javascript"><!-- function session_win() {
window.open("http://www.pianocoversonline.co.uk/catalog/
info_shopping_cart.php?osCsid=
51bd45214a195b97c7142e72e247e026","info_shopping_cart","
height=460,width=430,toolbar=no,statusbar=no,scrollbars=yes"
).focus(); } //--></script>

var phpmyvisitesURL =
"http://www.pianocoversonline.co.uk/stats/phpmyvisites.php";
<script language=javascript
src="http://www.pianocoversonline.co.uk/stats/phpmyvisites.
js"></script> <img
src="http://www.pianocoversonline.co.uk/stats/phpmyvisites.
php" alt="phpMyVisites" style="border:0" />
src="http://rcm-uk.amazon.co.uk/e/cm?t=arcadianscric-21&o=2&
p=6&l=bn1&mode=video-games-uk&browse=403718&=1&fc1=&lt1=&lc1
=&bg1=&f=ifr"

 

Thanks for this. I just need to find the reight file with this in. Could you tell e which page pleae?


You will never learn if you don't try. And boy am I trying....!

Share this post


Link to post
Share on other sites

Ok, from looking through this entire topic, I will tell you EXACTLY what I did to get both admin and secure areas of my site to work. (Thanks to everyone who posted here)

 

First I made the file called mytest.php with the following lines:

 

<?php
echo 'HTTP HOST: ' . "$HTTP_HOST";
echo '<br>Server Port: ' . getenv('SERVER_PORT');
echo '<br>SSL Status: ' . getenv('HTTPS');
echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER');
echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST');
echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY');
?>

 

Then I uploaded it to my site (root)

 

Then I opened up internet explorer and typed:

 

https://www.mysite.com/mytest.php

 

I saw that it said port 443

 

I then opened /includes/application_top.php

 

And went to line 40 (approx - mine has has addons)

 

And changed:

 

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

To:

 

// set the type of request (secure or not)
 $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

 

Then I went to /admin/index.php

 

And went to line 226 (approx - mine has has addons)

 

And changed:

 

  $contents = array();

 if (getenv('HTTPS') == 'on') {
$size = ((getenv('SSL_CIPHER_ALGKEYSIZE')) ? getenv('SSL_CIPHER_ALGKEYSIZE') . '-bit' : '<i>' . BOX_CONNECTION_UNKNOWN . '</i>');
$contents[] = array('params' => 'class="infoBox"',
					'text' => tep_image(DIR_WS_ICONS . 'locked.gif', ICON_LOCKED, '', '', 'align="right"') . sprintf(BOX_CONNECTION_PROTECTED, $size));
 } else {
$contents[] = array('params' => 'class="infoBox"',
					'text' => tep_image(DIR_WS_ICONS . 'unlocked.gif', ICON_UNLOCKED, '', '', 'align="right"') . BOX_CONNECTION_UNPROTECTED);
 }

 

To:

 

  $contents = array();

 if (getenv('SERVER_PORT') == '443') {

$contents[] = array('params' => 'class="infoBox"',
					'text' => tep_image(DIR_WS_ICONS . 'locked.gif', ICON_LOCKED, '', '', 'align="right"') . sprintf(BOX_CONNECTION_PROTECTED, $size));
 } else {
$contents[] = array('params' => 'class="infoBox"',
					'text' => tep_image(DIR_WS_ICONS . 'unlocked.gif', ICON_UNLOCKED, '', '', 'align="right"') . BOX_CONNECTION_UNPROTECTED);
 }

 

Then I went to /admin/includes/configure.php

 

And I made it look like this: (There should be https Twice)

 

  define('HTTP_SERVER', 'https://www.mysite.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTP_CATALOG_SERVER', 'http://www.mysite.com');
 define('HTTPS_CATALOG_SERVER', 'https://www.mysite.com');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

Then I went to /inludes/configure.php

 

And I made it look like this: (there should be https Once)

 

define('HTTP_SERVER', 'http://www.mysite.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.mysite.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.mysite.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.mysite.com');

 

Both the secure checkout work and the admin pages. I have a godaddy dedicated Cert. However, I have already helped my buddy get his to work and he uses some other company for SSL. So if you do this EXACTLY how I have done, you will get it to work. Any questions, please post here, and I will help as best as I can as this forum has done for me.

Share this post


Link to post
Share on other sites

I have a few questions. First, if I am only using PayPal (IPN) and the check/money order option, do I need SSL, or will that not be necessary until I "upgrade" to a "real" payment gateway?

 

Second, which pages should be showing up as secure?

 

Third, how do I secure the admin tool?

 

Fourth, how do I know where to copy my catalog files to? I have an SSL folder in my site's root directory, but I don't see anything like http_docs or https_docs. My files are currently all in public_html (top directory); there is no private_html. Once I figure this out, do I have to copy *everything* to that directory?

 

I am currently working with a shared cert from my webhost. The security alert popup says that the cert name does not match my site name. Am I correct in assuming that is just part of its being a shared cert, or is there something I've input incorrectly that has created this particular warning? (I know that the root name will show up as untrusted.)

Share this post


Link to post
Share on other sites

it's been 47 hours.

i've been *really* busy.

 

colocated server had one ip i could use for a cert (and it had my cert on it already).

built an os commerce site for a friend of a friend. she got exited about the results and told the world.

all of a sudden i have to get 22 osc customers on one ip with one cert.

 

i got it working, but it's an ugly hack (in my eyes) and i'm hoping someone can tell me a cleaner way

to do this.

 

test site to make this work is http://www.kindertunes.net/catalog

ssl certificate is at https://secure.l7.net

 

the catalog lives in /home/shelley/www.kindertunes.net/catalog/

ssl root is /home/dd/secure.l7.net/

 

includes/configure.php:

 

define('HTTP_SERVER', 'http://www.kindertunes.net');

define('HTTPS_SERVER', 'https://secure.L7.net/secure.kindertunes.net/catalog');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'www.kindertunes.net');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/');

<snip>

define('DIR_FS_CATALOG', '/home/shelley/www.kindertunes.net/catalog/');

<snip>

define('DB_SERVER', 'localhost');

define('DB_DATABASE', 'kindertunes');

define('USE_PCONNECT', 'false');

define('STORE_SESSIONS', 'mysql');

 

this works perfectly. after i did this:

 

cd /home/dd/secure.l7.net/

ln -s /home/shelley/www.kindertunes.net/ secure.kindertunes.net/

 

however, it broke at the continue button after checkout.

 

it was trying to go to http://www.kindertunes.net/catalog/catalog...hp?blahblahblah

 

i fixed that with this:

 

cd /home/shelley/www.kindertunes.net/catalog

 

ln -s /home/shelley/www.kindertunes.net/catalog catalog

 

anyone have any suggestions?

(other than get some sleep?)

 

kinda looking for a cleaner way, or potential problems, etc...

thanks :)

-dd

Share this post


Link to post
Share on other sites

Urgent help required before i pull my hair out!!

 

Hi all, currently hitting a major brick wall when swapping over to SSL.

 

Have installed the cert with no probs at all via PLESK & get a nice lock & no messages.

 

Have run myenv.php & got nice correct results.

 

Im running a 1and1 root server running LINUX.

 

SSL cert is for www.rapidstands.com & store is in root.

 

Have read the lot & all seem A Ok ( i think unless ive seriously overlooked somthing)

 

I have run numerous re-installs from other folders to test but still no Joy.

 

All i get every time i 404 Not Found Error???

 

Heres my configs:

Includes/config.php

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.rapidstands.com');

define('HTTPS_SERVER', 'https://www.rapidstands.com');

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.rapidstands.com');

define('HTTPS_COOKIE_DOMAIN', 'www.rapidstands.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/home/httpd/vhosts/rapidstands.com/httpdocs/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', '*****');

define('DB_SERVER_PASSWORD', '******');

define('DB_DATABASE', '******');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

 

Admin/includes/config.php

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.rapidstands.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'http://www.rapidstands.com');

define('HTTPS_CATALOG_SERVER', 'https://www.rapidstands.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/home/httpd/vhosts/rapidstands.com/httpdocs/'); // where the pages are located on the server

define('DIR_WS_ADMIN', '/admin/'); // absolute path required

define('DIR_FS_ADMIN', '/home/httpd/vhosts/rapidstands.com/httpdocs/admin/'); // absolute pate required

define('DIR_WS_CATALOG', '/'); // absolute path required

define('DIR_FS_CATALOG', '/home/httpd/vhosts/rapidstands.com/httpdocs/'); // absolute path required

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

// define our database connection

define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', '*****');

define('DB_SERVER_PASSWORD', '*****');

define('DB_DATABASE', '******');

define('USE_PCONNECT', 'false'); // use persisstent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

 

Aplication top:

 

// set the type of request (secure or not)

$request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

 

 

Ive tried the lot, all the variations from different posts etc.... but all lead to a 404??

 

Any help will be much appreciated. Have tried on 2 projects now. 1 which i had to abandon due to sheer time taken. All EPDQ is set up etc... all i need is SECURITY? please help me!!! Argghhh!!1

 

site is @

 

Kind Regads

 

James

 

Main Site:

 

http://www.rapidstands.com

 

Test Folder:

 

http://www.rapidstands.com/catalog

Share this post


Link to post
Share on other sites

Plesk requires the use of two folders, one for http docs and one for https docs. You need to copy your files/folders in your http docs folder to your https docs folder. Once you've got it working right then you can delete your 'admin' folder from the http docs folder.

 

Vger

Urgent help required before i pull my hair out!!

 

Hi all, currently hitting a major brick wall when swapping over to SSL.

 

Have installed the cert with no probs at all via PLESK & get a nice lock & no messages.

 

Have run myenv.php & got nice correct results.

 

Im running a 1and1 root server running LINUX.

 

SSL cert is for www.rapidstands.com & store is in root.

 

Have read the lot & all seem A Ok ( i think unless ive seriously overlooked somthing)

 

I have run numerous re-installs from other folders to test but still no Joy.

 

All i get every time i 404 Not Found Error???

Share this post


Link to post
Share on other sites
Plesk requires the use of two folders, one for http docs and one for https docs. You need to copy your files/folders in your http docs folder to your https docs folder. Once you've got it working right then you can delete your 'admin' folder from the http docs folder.

 

Vger

 

 

Arghhhhhhhhhhhhh!!!!!! & thats it????? My friend you are a star!!

Obviously i think this could be the main prob. for most people on here using 1and1 & plesk.

I havnt seen any documentation stating this??

 

Thanks a lot. Im there!!!!! :thumbsup:

Share this post


Link to post
Share on other sites
Plesk requires the use of two folders, one for http docs and one for https docs. You need to copy your files/folders in your http docs folder to your https docs folder. Once you've got it working right then you can delete your 'admin' folder from the http docs folder.

 

Vger

If it's a root server he can configure Plesk to work in non standard ways and eliminate the two folder issue (which sucks). I don't have any experience doing this but I did Google up this thread.

 

http://forum.ev1servers.net/showthread.php?threadid=2706


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

Don't take this as 100% accurate - but:

 

You need to create a vhost_ssl.conf file in

 

/home/httpd/vhosts/domainname.com/conf/

 

DocumentRoot /home/httpd/vhosts/site.com/httpdocs

<Directory /home/httpd/vhosts/site.com/httpdocs>

<IfModule mod_perl.c>

<Files ~ (\.pl)>

SetHandler perl-script

PerlHandler ModPerl::Registry

Options ExecCGI

allow from all

PerlSendHeader On

</Files>

</IfModule>

<IfModule sapi_apache2.c>

php_admin_flag engine on

php_admin_value open_basedir "/home/httpd/vhosts/site.com/httpdocs:/tmp"

</IfModule>

SSLRequireSSL

Options +includes +ExecCGI

</Directory>

<IfModule sapi_apache2.c>

php_admin_flag engine on

php_admin_value open_basedir "/home/httpd/vhosts/site.com/httpdocs:/tmp"

</IfModule>

 

Vger

Share this post


Link to post
Share on other sites

I'm slightly confused. I believe my host (gomama) installed the godaddy ssl cert (there is more stuff on my site's root ssl folder now).

 

I have changed/added as per the instructions here for the configure.php files.

 

I do NOT have any error message at all. However, when I logged into my own customer account (for test purposes and such), I did not get any padlock icon in the browser window NOR does the URL change to https.

 

What have I missed?

 

My site is not live yet: www.moonlightdelights.com/catalog/index.php

Don't mind the "dust", I still have loads to do yet.

 

I also uploaded a robot.txt file, I hope it's right.


26 contributions installed - - And counting ....

 

Just want to take this time to extend my appreciation to everyone who have patiently answered my questions over the months of working on my site. I hope to be able to "pass it forward" and help new folks.

Share this post


Link to post
Share on other sites
Don't take this as 100% accurate - but:

Vger

 

 

The day just gets better & better!! Worked a treat!! When i was using the 2 folders it said that the httpdocs/images folder didnt exist?? Very strange, on another site when i tested in the 2 folders but wasnt sure this was correct it was saying the download folder didnt exist?? Hmmmm...

 

Anyway, no 2 folders needed now with VGER`s conf file. Top Man!!

 

Kind Regards

 

James (one happy bunny!!)

Share this post


Link to post
Share on other sites
Top Man!!

 

Top woman! But in the spirit of Open Source, I got that from somewhere else, and kept a record of it (just in case). Looks like it proved useful.

 

Vger

Share this post


Link to post
Share on other sites
But in the spirit of Open Source, I got that from somewhere else, and kept a record of it (just in case). Looks like it proved useful.

Even better, we know it is a working solution now.

 

This should also also work on shared servers (if one knows how to access the correct directory).

 

riddler: Did you need to restart Apache?


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

The solution should have worked, as it came from someone who runs a Plesk server themselves - if I could remember who posted it and where then I could attribute it correctly - but I didn't save that info, only the code.

 

Vger

Share this post


Link to post
Share on other sites
Even better, we know it is a working solution now.

 

This should also also work on shared servers (if one knows how to access the correct directory).

 

riddler: Did you need to restart Apache?

 

 

Actually, when i start/stopped apache it fell over??

 

So....

 

I did a simlink to the http folder by doing this from root using putty.

 

Login as Root, and run the following comments:

1. cd home/httpd/vhosts/xxx.com/

2. mv httpsdocs _httpsdocs

3. ln -sd httpdocs httpsdocs

 

This renames the httpsdocs folder insted of deleting it & mirrors the httpdocs folder.

 

Working ok now. But hit another prob. when i log in now as a customer i get a blank screen?????

 

Grrrr!! But at least the SSL prob is solved.

 

VGER sorry i presumed u were male!! oops!

Share this post


Link to post
Share on other sites
Have re-uploaded login.php & hey presto??? Very strange considering i have not edited this file??

 

Now i cant see any Modules???

Share this post


Link to post
Share on other sites

The BIG dilema haunting me today is getting the SSL working. I do not see the padlock at the bottom of my screen.

 

I've read sections of the knowledge base and read this post a couple times -and it's going over my head what to do next. Can I please get some advise?

 

I have a shared SSL. Here is my code:

define('HTTP_SERVER', 'http://sharonunlimited.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://server1.sslpage.com/~sharonu'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', false); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'sharonunlimited.com');

define('HTTPS_COOKIE_DOMAIN', 'server1.sslpage.com/~sharonu');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

 

How can I go about troubleshooting? Can anyone see a problem here?? My admin/includes/configure is set up similarly.

 

Thanks anyone/every one!

Sharon

Share this post


Link to post
Share on other sites

You need to turn off the 'Force Cookie Use' setting, because you can't use this feature with a shared ssl cert. It looks as though you've now set 'enable_ssl' to true in both configure.php files - because I am getting the padlock.

 

However, there is a problem with images on your https pages being drawn from an http connection, and this is causing the 'mixed content' error message I get when switching to https pages.

Share this post


Link to post
Share on other sites

Hello again. Forgive me.. this just went over my head and my admin area now has a error message so I can't go change the force cookies to off. 1) If I repeat the error here can you help me in this section of the forum?

 

2) I don't know what you mean by the images being drawn from an http and not https. Do the images need SSL because of the shopping cart? If this is the case then the whole website should be referenced https: etc. Then is my code wrong?

 

Thanks so much for your valuable time!

Sharon

Share this post


Link to post
Share on other sites

Your path to images in your includes/configure.php file should read only 'images/' and nothing else - no you should not make all of your store https (search engines don't rank https pages). Post the error here and someone will look at it for you, but if it says "$this in uploads.php" then look at the link below my name.

 

Vger

Share this post


Link to post
Share on other sites

×