Jump to content

Archived

This topic is now archived and is closed to further replies.

Simplyeasier

The SSL In OsCommerce Guide For The Innocent

Recommended Posts

I have read through most of these messages and forgive me if I'm missing the obvious, but I'm having just a small amount of trouble with the SSL.

 

I have everything working, I can access images using both HTTP & HTTPS.

 

I go to the webpage, it loads the HTTP version, I click "My Account" which redirects me to my https://www.intotheoven.com/login.php, I proceed to login, so far so good....

 

I can then click on the catalog, home page, add items to the cart, etc... I'm still logged in but using HTTP pages at this point...

 

Then when I hit "Checkout", this is where the problem happens. It redirects me to the "https://www.intotheoven.com/checkout_shipping.php" page and anywhere from 20% - 70% of the time, I will get a blank page. There are no errors in my Apache log files and if I just go up to the URL bar of the browser and hit return (or reload button), it will pull it up correctly everytime.

 

I have verified this problem on Firefox, Safari, and IE.

 

Any ideas?

 

xao,

 

I am a newbie with OScommerce, and am having the same issue or similar issue. Just added the SSL to my config file.

 

With is added:

Can add product, when checkout asks me to log-in. I log in and everything in my cart is gone. States "Your Shopping Cart is empty!"

 

Without SSL:

can ad product, when checkout asks me to log-in. I log in and everything I added to my cart is still there and I can proceed with check out.

 

Any ideas? This post is awesome by the way. Thanks for all your help!

 

Sincerely, TK421

Share this post


Link to post
Share on other sites
To see trusted roots if you use IE go to Internet Options under tools and select the content tab where you will see in the middle section all the trusted root certs installed on IE and their issuers.

 

Hi,

 

The company I am looking at say they own the root used to issue the certificate but their name does not appear in the trusted root certs section in Internet Options. Does this mean that a warning will come up each time on my site if I went with them?

 

Thanks

-turner2000

Share this post


Link to post
Share on other sites

includes/configure.php

 

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.greatlakesanime.com'); // eg, [url=http://localhost]http://localhost[/url] - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.greatlakesanime.com'); // eg, [url=https://localhost]https://localhost[/url] - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.greatlakesanime.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.greatlakesanime.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');

 

admin/includes/configure.php

 

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://greatlakesanime.com'); // eg, [url=http://localhost]http://localhost[/url] - should not be empty for productive servers
 define('HTTP_CATALOG_SERVER', 'http://www.greatlakesanime.com');
 define('HTTPS_CATALOG_SERVER', 'https://www.greatlakesanime.com');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

 

 

My name is register as www.greatlakesanime.com.Does that look right?Because the https things are not working on my site.Also my store in uloaded in the root not the catalog folder.

Share this post


Link to post
Share on other sites

hello!

 

I have just installed the ssl certificate on my website. Everything seems to be ok... it shows in the catalog... and it shows in the administration panel...

 

1. however, in the admin I have a statement that worries me; it says:

You are protected by a unknown secure SSL connection

In the address bar I have https://www.mydomain.com/.... this is when you open the admin panel, before you take any action... Do you have any idea how I can correct that to show 128 Bit or something like that? The certificate is from Geotrust.

 

2. Could you, please, have a look at My Webpage and tell me if you get any error about the SSL certificate? I would really appreciate that...

 

Thank you for your time and support! :)

Share this post


Link to post
Share on other sites
1. however, in the admin I have a statement that worries me; it says:
You are protected by a unknown secure SSL connection

In the address bar I have https://www.mydomain.com/.... this is when you open the admin panel, before you take any action... Do you have any idea how I can correct that to show 128 Bit or something like that? The certificate is from Geotrust.

Thank you for your time and support! :)

You could have found the answer by reading this thread more carefully.

 

http://forums.oscommerce.com/index.php?sho...86entry744686


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites

Is the paypal verify the same or different and how can we work on the side boxes again. Could you direct me to the message?

Share this post


Link to post
Share on other sites

I've read about a third of this thread and can't find my specific problem (but it's probably here)

 

I created and ran myenv.php and got this:

 

HTTP HOST: www.lyndamart.com

Server Port: 80

SSL Status:

Fowarded Server:

Fowarded Host:

Fowarded By:

 

In a word NADA.

 

When I click on "My Account" I get that I'm entering securec pages, but I never do.

 

All I get are "The page cannot be displayed" pages.

 

(and the padlock is open on the admin panel)

 

Any suggestions? :blush:

Share this post


Link to post
Share on other sites
I've read about a third of this thread and can't find my specific problem (but it's probably here)

 

I created and ran myenv.php and got this:

 

HTTP HOST: www.lyndamart.com

Server Port: 80

SSL Status:

Fowarded Server:

Fowarded Host:

Fowarded By:

 

In a word NADA.

 

When I click on "My Account" I get that I'm entering securec pages, but I never do.

 

All I get are "The page cannot be displayed" pages.

 

(and the padlock is open on the admin panel)

 

Any suggestions? :blush:

I can't find the script at https://lyndamart.com/myenv.php or https://www.lyndamart.com/myenv.php. Are you trying to use an ssl proxy (shared ssl)?

 

First off, try the later version of the script, there's an extra query.

 

http://forums.oscommerce.com/index.php?s=&...ndpost&p=713688

 

If that offers no help then look at this post...

 

http://forums.oscommerce.com/index.php?s=&...ndpost&p=824536


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites
I can't find the script at https://lyndamart.com/myenv.php or https://www.lyndamart.com/myenv.php. Are you trying to use an ssl proxy (shared ssl)?

 

First off, try the later version of the script, there's an extra query.

 

http://forums.oscommerce.com/index.php?s=&...ndpost&p=713688

 

If that offers no help then look at this post...

 

http://forums.oscommerce.com/index.php?s=&...ndpost&p=824536

 

_______________________________

 

No on the shared ssl.

 

_______________________________

 

results of the improved script:

 

$HTTP_HOST == www.lyndamart.com

$HTTPS_HOST ==

getenv('SERVER_PORT') == 80

getenv('HTTPS') ==

getenv('HTTP_X_FORWARDED_SERVER') ==

getenv('HTTP_X_FORWARDED_HOST') ==

getenv('HTTP_X_FORWARDED_BY') ==

$_SERVER['HTTPS'] ==

getenv('DOCUMENT_ROOT') == /home/lyndama/public_html

$DOCUMENT_ROOT == /home/lyndama/public_html

 

_______________________________

 

Working on the 3rd item.

Share this post


Link to post
Share on other sites

Hey guys, I have spent a few days trouble shooting my ssl. I have read through the forum looking for anything that might help me. I have my includes/configure.php & admin/includes/configure.php set up as mentioned at the beginning of this topic. My csr has been approved and I have it in my signed certificates in cpanel. When I go to my site and nav to a https:// page I get "The page cannot be displayed". I'm having alot of trouble with this one! Any Ideas?

 

My Site

 

 Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.ashleyannedesigns.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://ashleyannedesigns.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.ashleyannedesigns.com');
 define('HTTPS_COOKIE_DOMAIN', 'ashleyannedesigns.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

Share this post


Link to post
Share on other sites

I have read everything thats above and my config files matches, i removed all links to external sites but i still get the security warning about you will be directed to a page with secure and unsecure files (along with not getting the padlock to show, i am currently speaking with template monster who i bought then template from. i was told the padlock may not show because of sloppy coding).

Is it that my SSL is made out to www.mydomain.com and that my OSC is installed directly to the root instead of to a catalog folder?(sorry for being such a bother):blush:

Thanks again

Share this post


Link to post
Share on other sites
I have read everything thats above and my config files matches, i removed all links to external sites but i still get the security warning about you will be directed to a page with secure and unsecure files (along with not getting the padlock to show, i am currently speaking with template monster who i bought then template from. i was told the padlock may not show because of sloppy coding).

Is it that my SSL is made out to www.mydomain.com and that my OSC is installed directly to the root instead of to a catalog folder?(sorry for being such a bother):blush:

Thanks again

 

What is your site url?

Share this post


Link to post
Share on other sites
What is your site url?

 

Sorry again for being such a pain. I finally got the padlock to show i tried a couple days ago with the getenv.php file that AlanR posted but this was the responce i got

HTTP HOST: www.aventdesigns.com

Server Port: 80

SSL Status:

Fowarded Server:

Fowarded Host:

Fowarded By:

that looked blanked to me so i was lost, then further in the forun he stated that most https:// are linked to port 443 and most http:// are 80. So i decided to just changes line 41 in the application_top.php to $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; without knowing why on earth i'm doing it, BUT IT WORKED!!!! Now my padlock comes up when the http:// changes to https://.

Now i'm thanking the lord for AlanR for helping out "not so smart people" like myself :thumbsup:

Thanks Again

Share this post


Link to post
Share on other sites
Sorry again for being such a pain. I finally got the padlock to show i tried a couple days ago with the getenv.php file that AlanR posted but this was the responce i got

HTTP HOST: www.aventdesigns.com

Server Port: 80

SSL Status:

Fowarded Server:

Fowarded Host:

Fowarded By:

that looked blanked to me so i was lost, then further in the forun he stated that most https:// are linked to port 443 and most http:// are 80. So i decided to just changes line 41 in the application_top.php to $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; without knowing why on earth i'm doing it, BUT IT WORKED!!!! Now my padlock comes up when the http:// changes to https://.

Now i'm thanking the lord for AlanR for helping out "not so smart people" like myself :thumbsup:

Thanks Again

 

Glad you got it working. ;) And I don't think you were being a pain. Sometimes I find the answers to my question right after I post it. :( "Can't see the forest for the trees"

Share this post


Link to post
Share on other sites

I have SSL by Geotrust through netfirms I have 3 stores setup 1) is basically stock and the secure pages are fine, 2) a test site that I use to test code (last mod installed was PWA), 3) A fairly moded store.

 

In store 1 and 2 all secure page are perfect. Store 3 on the other hand has this page contains secure and unsecure blah blah blah. I have searched and searched and I am ready to give up.

 

EX.

On my login page I removed the header L/R columns and the footer still no luck the only images are the buttons and some text.

 

I honestly have no Idea what to do.

Can someone give me an idea to try or would like to look at my store and tell me what it might be. My host isnt helping me much other then giving me info that I already know and have tried.

 

Thanks in advance


Eric

 

Keep up on osCommerce changes and updates at

Github | Understand osCommerce a little further at OsCommerce Documentation | Copy and paste your error message in Google add "in osCommerce" at the end to get relevant answers to most issues.

Share this post


Link to post
Share on other sites

I have read through all these posts and found them all very useful but I still am a bit confused - sorry

 

I have just purchased an SSL with Geotrust. My ISP is Vodahost and I have purchased a dedicated IP address and I think I have done everything I need to do.

 

I have received an email from Geotrust saying Congratulations you have purchased an SSL with a load of script!!!! What do I do with it?

 

I'm pretty sure my configure.php files are OK - if I change the enable SSL from True to False I am able to create accounts, login and checkout all OK. As soon as I change the configure.php to True I get "Page cannot be displayed" Although I get this message the URL states https so I think that is correct.

 

What else do I need to do?

 

Any help would be most appreciated.

 

Thanks

Share this post


Link to post
Share on other sites

Can someone help please?

Ever since I have installed my SSL cert. everything works fine except that I can't download my data base backups to my computer anymore. A message says the site cannot be opened or doesn't exist. I have encountered this problem ever since installing the SSL so I'm assuming it's because of that. Has anyone had the same problem? :(


~ Don't mistake my kindness for weakness ~

Share this post


Link to post
Share on other sites

I'm a bit confused. I've read most of the thread and here's what I don't get. Am I supposed to upload my code to both my httpdocs/ and httpsdocs/ directories? The SAME CODE? If this is the case, this is a maintenance nightmare!

 

Can I just link? (Which I probably cannot do since I don't have terminal access.)

 

There's got to be a better way to do this than to duplicate data.

 

Better solutions appreciated.

 

ezjam

Share this post


Link to post
Share on other sites
I'm a bit confused. I've read most of the thread and here's what I don't get. Am I supposed to upload my code to both my httpdocs/ and httpsdocs/ directories? The SAME CODE? If this is the case, this is a maintenance nightmare!

 

Can I just link? (Which I probably cannot do since I don't have terminal access.)

 

There's got to be a better way to do this than to duplicate data.

 

Better solutions appreciated.

 

ezjam

You're right, it sucks if you have to load both directories. Your hosting company can fix this for you by setting up a symlink from the https directory to the http one or you may be able to do it yourself, have a look at webadmin, it allows you to set up symlinks.

 

http://wacker-welt.de/webadmin/


Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Share this post


Link to post
Share on other sites
You're right, it sucks if you have to load both directories. Your hosting company can fix this for you by setting up a symlink from the https directory to the http one or you may be able to do it yourself, have a look at webadmin, it allows you to set up symlinks.

 

http://wacker-welt.de/webadmin/

 

Muchas Gracias Se?or. U DA MAN. Did it through Plesk. One simple little checkbox and it is all done.

 

ezjam

Share this post


Link to post
Share on other sites

Hello all. Thanks for the thread, Ive reviewed and reviewed the postings to find my answer but nothing worked for me. So hopefully someone can help!

I bought and loaded the SSL certificate. I changed the 2 files everyone said in this thread, but I still am not seeing the beloved goldlock on the bottom anywhere! Ive tried to check out and it doesnt show. Here are my two files:

 

Includes/configure:

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.nighttimeplay.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://nighttimeplay.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.nighttimeplay.com');

define('HTTPS_COOKIE_DOMAIN', 'nighttimeplay.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

 

 

and then the admin/inlcudes/cinfig says this:

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.nighttimeplay.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'http://www.nighttimeplay.com');

define('HTTPS_CATALOG_SERVER', 'https://nighttimeplay.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/home/garyeep/public_html'); // where the pages are located on the server

define('DIR_WS_ADMIN', '/admin/'); // absolute path required

define('DIR_FS_ADMIN', '/home/garyeep/public_html/admin/'); // absolute pate required

define('DIR_WS_CATALOG', '/'); // absolute path required

define('DIR_FS_CATALOG', '/home/garyeep/public_html/'); // absolute path required

 

Thanks in advance!

Share this post


Link to post
Share on other sites

Very informative,

 

however I have a question. Do you know if there is a way of turning off the 'you are about to be transferrd to a non-secure page' - when switching between https to http??? I am worried my clients will be put off by the warning message.

 

J

Share this post


Link to post
Share on other sites

×