Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Tiny SSL issue: after checkout_success, non-SSL


raddygast

Recommended Posts

First suggestion is to change your database password, as you have exposed it to the world.

 

My guess as to the images problem is that your host requires that you load https-accessed content into a separate area.  The URLs for the images look ok, and the base address is coming up ok, but the images just aren't there when accessed by https.

 

A secondary problem is that your Flash header is accessed by http.  This will cause "broken lock" icons and possible browser warnings.

 

A third problem is that your SSL certificate is issued by a provider that my browser (Firefox 1.0.6) does not know.  I expect that other users will encounter the same problem.

 

Well.....*#$%@ :'( I deleted the database info, but posted the wrong one. Changed it. :blush:

 

I have asked my host about where to load https content and have not gotten a response yet.

 

I also fixed the http in the flash header. The green padlock now stays "on" however, the other images besides the header do not load.

 

I am also running Firefox 1.0.6, shouldn't I also be getting a browser warning that it does not recognize the certificate? I have't gotten one yet.

 

I am willing to try any other suggestions. Thanks for the help!

Link to comment
Share on other sites

  • Replies 76
  • Created
  • Last Reply
I am also running Firefox 1.0.6, shouldn't I also be getting a browser warning that it does not recognize the certificate? I have't gotten one yet.

 

I am willing to try any other suggestions.  Thanks for the help!

 

If you accepted the certificate once Fire Fox will not complain again until you quit and restart the browser.

 

As to the two folder problem, set up a symbolic link from within the https folder to the store folder.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

My host got back to me with this answer:

 

"All your "secure" items and images should be stored in your web root directory (public_html)"

 

Hmmm????

 

Can you see a private_html folder with your ftp program?

 

If so just drop a little Hello World index.html file in there and access

 

https://www.bossmasonicworld.com

 

You've got the same issue with this link.

 

https://www.bossmasonicworld.com/news.htm

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Oh, wait a second.

 

Check for hotlinking protection on your images folder(s).

 

The https request may be blocked.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

ALAN YOU ARE A GENIUS!!!!!!!!!!

 

The hotlink protection was it! Once I added https to the list, everything popped right up! What a relief.

 

I do have a _private folder in my root directory, however since the images came up without moving anything, will I need to move them to that folder?

 

I did however, get an error message this time (actually it is the first time it has happened) that the name on the certificate did not match the site. The name on the certificate is bossmasonicworld.com and in the browser it said I was on https://bossmasonicworld.com. Why the error?

Link to comment
Share on other sites

I do have a _private folder in my root directory, however since the images came up without moving anything, will I need to move them to that folder?

 

I did however, get an error message this time (actually it is the first time it has happened) that the name on the certificate did not match the site.  The name on the certificate is bossmasonicworld.com and in the browser it said I was on https://bossmasonicworld.com.  Why the error?

 

The server admins have already made an adjustment (probably to the hppd file) to direct ssl requests to the public folder.

 

A lot of people have had trouble with the Starfield Certs. I'm not quite sure how they've been resolved.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Ignore that _private folder. That is unrelated to https. Your host says that there is not a separate place for https files, which is good.

 

I keep forgetting to check for anti-leech code when people have these problems.

Link to comment
Share on other sites

Change this line in the header

 

<param name="movie" value="//www.bossmasonicworld.com/BMWheader.swf">

 

to

 

<param name="movie" value="//bossmasonicworld.com/BMWheader.swf">

 

I get two cert errors, one because of the Starfield problem and the second because the cert is for

bossmasonicworld.com

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

OKay, I removed the www in the header.

 

After re-starting my computer and visiting the store, I recieved no error messages in either FireFox or IE.

 

You you still receiving error messages?

 

Thanks again for the help!

Link to comment
Share on other sites

OKay, I removed the www in the header.

 

After re-starting my computer and visiting the store, I recieved no error messages in either FireFox or IE.

 

You you still receiving error messages?

 

Thanks again for the help!

Yes I still get the same error I posted earlier in this thread about the issuing authority or server misconfiguration.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Send a nasty email to Starfield. This is not the first time I've seen this.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

I don't think a nastygram to Starfield is in order. Perhaps to those who sell Starfield certs and claim they're compatible with most browsers. I think it's worth paying a bit more to get a Geotrust, Thawte or Equifax certificate.

Link to comment
Share on other sites

I don't think a nastygram to Starfield is in order.

 

Huh?

 

Web Server SSL Certificates

 

Secure systems and customer trust build succesful online business. ?And Starfield Technologies? 128-bit SSL Web Server Certificates help assure both.

 

Starfield?s trusted and cost-effective SSL Certificates enable e-businesses to build customer confidence and increase sales by securing online transactions with virtually unbreakable encryption.

 

Starfield?s SSL Certificates are fully validated; offer outstanding browser recognition; are available with one- and two-year validity; and are supported live, 24/7. Most important, Starfield owns the trusted "root" in the browser, unlike some competing certificate providers

 

http://starfieldtech.com/

 

Why cut them any slack? If they didn't claim to have a good product people wouldn't sell it.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

From Starfield's site:

 

What is an intermediate certificate?

In order to enhance the security of the Starfield (Valicert Class 2 Policy Validation Authority) Root certificate Starfield has created an intermediate certificate (Starfield Secure Certification Authority) from which SSL certificates are signed and issued. An intermediate certificate is a subordinate certificate issued by the trusted root specifically to issue end-entity server certificates. The result is a trust-chain that begins at the trusted root CA, through the intermediate and finally ending with the SSL certificate issued to you. Such certificates are called chained root certificates.

 

Creating certificates directly from the CA Root Certificate increases the risk of CA Root Certificate compromise, and if the CA Root Certificate is compromised, the entire trust infrastructure built by the SSL provider will fail. The usage of intermediate certificates for issuing SSL certificates to end entities, therefore, provides an added level of security. You must install the intermediate certificate in your Web server along with your issued SSL certificate.

 

 

What this gobbledegook basically means is that you have a "chained" certificate - these can be fiddly to install properly and your host has probably botched the job.

Link to comment
Share on other sites

From Starfield's site:

What this gobbledegook basically means is that you have a "chained" certificate - these can be fiddly to install properly and your host has probably botched the job.

They say as much in their FAQ

 

https://certificates.starfieldtech.com/Faq.go#securityalert

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Yes I still get the same error I posted earlier in this thread about the issuing authority or server misconfiguration.

 

Your images now work. My browser still doesn't like your SSL certificate.  I recommend you get one issued by a more widely-accepted issuer.

 

Are you both using FireFox? Is this an issue with IE, too?

 

Are you used to getting certificate problems with FireFox? Does it stop you from using a site that you visit? Or do you figure that it is a problem like this?

 

Thanks for the suggestion - I have already found info for GeoTrust, no more Starfield Tech!!!!!

Link to comment
Share on other sites

The problem is not with the certificate - it just hasn't been installed on your web server properly. Yes, the problem is only with firefox, but I don't think that any SSL cert that wasn't compatible with firefox would last long...

 

You should be berating whoever installed the SSL cert, not starfield.

Link to comment
Share on other sites

...I would have registered it to https://www, rather than https://, just for consistency, but it's no big deal.

 

Well, when I was thinking about what to register, I talked to several people and read this:

 

"Your certificate will encrypt data in a very precise way - if the cert is issued to www.yourdomain.com it will NOT encrypt transfers between yourdomain.com and browsers and vice versa.

...

I normally use the domain name without the www. qualifier because servers for a number of reasons can strip the www. off, but I have yet to see a server add it on without a deliberate redirect"

 

And I decided to go with the yourdomain.com instead of the www.yourdomain.com on the SSL certificate.

 

A BIG THANK YOU to everyone who helped! :thumbsup: Everything is up and running as it is suppose to.

Link to comment
Share on other sites

  • 8 months later...

no pad lock dislpaying please help me fix it

 

no pad lock shows up, but when i goto in internetexplorer, file, propertys, it says

connection:= TLS 1.0, RC4 with 128 bit encryption (High); RSA with 1024 bit exchange

address:= https://www.ozziechoppers.com/shop/login.php

 

please cheak my site and tell me what you think

 

 

 

my includesconfigure.php content is as follows

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.ozziechoppers.com'); // eg, http://localhost - should not be empty for

 

productive servers

define('HTTPS_SERVER', 'https://www.ozziechoppers.com'); // eg, https://localhost - should not be empty for

 

productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.ozziechoppers.com');

define('HTTPS_COOKIE_DOMAIN', 'www.ozziechoppers.com');

define('HTTP_COOKIE_PATH', '/shop/');

define('HTTPS_COOKIE_PATH', '/shop/');

define('DIR_WS_HTTP_CATALOG', '/shop/');

define('DIR_WS_HTTPS_CATALOG', '/shop/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/home/content/O/z/z/OzzieChoppers/html/shop/');

 

 

 

my admin/includes/configure.php content is as follows

 

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.ozziechoppers.com'); // eg, http://localhost - should not be empty for

 

productive servers

define('HTTP_CATALOG_SERVER', 'http://www.ozziechoppers.com');

define('HTTPS_CATALOG_SERVER', 'https://www.ozziechoppers.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/home/content/O/z/z/OzzieChoppers/html/shop/'); // where the pages are located

 

on the server

define('DIR_WS_ADMIN', '/shop/admin/'); // absolute path required

define('DIR_FS_ADMIN', '/home/content/O/z/z/OzzieChoppers/html/shop/admin/'); // absolute pate required

define('DIR_WS_CATALOG', '/shop/'); // absolute path required

define('DIR_FS_CATALOG', '/home/content/O/z/z/OzzieChoppers/html/shop/'); // absolute path required

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

 

 

 

 

 

 

 

ran test on

https://www.ozziechoppers.com/shop/admin/ssltest.php

 

results is

HTTP HOST: www.ozziechoppers.com

Server Port: 443

SSL Status:

Fowarded Server:

Fowarded Host:

Fowarded By: Document Root: /home/content/O/z/z/OzzieChoppers/html

 

changed

the bit in file to

 

$request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

 

 

 

what now

Link to comment
Share on other sites

The assignment to $request_type is the problem. It is getting NONSSL for you. Either that, or the code that sets up the <base> tag on each page is getting the wrong answer.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...