How to install SSL on OSC: A Simple 1-2-3 Instruction

[germ]

As far as I know they should be.

 

I don't believe the format or function of the config files changed in that respect.

 

And if they have I'm sure someone will let us know.

[www.in.no]

I havent installed ssl on osc before so i dont know the correct way, but...

 

You dont install ssl certificate in OSC, you enable it from the config file by setting the ssl domain name, path to the ssl secured files and enable it. This have to be done in bote catalog and admin.

 

define('HTTPS_SERVER', 'https://domain.com');

define('ENABLE_SSL', false);

define('DIR_WS_HTTPS_CATALOG', '/');

 

You may also have to move files from the non ssl directory to the ssl directory if they are not set to the same.

 

The ssl certificate is installed on the server, eighter from the admin panel or by the hosting provider after you purchace it.

[Guest]

i just enabled ssl to my registered domain name www.mydomain.com

 

but im actually using 301 redirect to point to my actual shop folder. therefore my shop is at www.mydomain.com/catalog/

 

so does that affect my SSL to work properly? I cannt test it as yet cos GoDaddy says to take 24-72hrs to finish the whole activate SSL process. Atm, i cannt even go into my Hosting Control Center til the SSL activation process is completed :( crap

 

thanks

[ehm]

I am struggling the same as everyone else here, but on a Media Temple server (Grid Server). Please help! I have tried countless different combos of settings, starting with the ones at the start of this post, but the cart still goes empty when switching from http to https on checkout.

 

If you have successfully installed osCommerce on Media Temple (gs) Grid-Service please add your configure.php settings to this forum or send me an email.

 

I have purchased and installed an SSL cert, installed for https://www.mysite.com

 

 

Here's what I have for include/configure.php

 

define('HTTP_SERVER', 'http://www.mysite.net'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://www.mysite.net'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.mysite.net');
define('HTTPS_COOKIE_DOMAIN', 'https://www.mysite.net');
define('HTTP_COOKIE_PATH', '/catalog/');
define('HTTPS_COOKIE_PATH', '/www.mysite.net/catalog/');
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

 

And admin/includes/configure.php

 

define('HTTP_SERVER', 'http://www.mysite.net'); // eg, http://localhost - should not be empty for productive servers
define('HTTP_CATALOG_SERVER', 'https://www.mysite.net');
define('HTTPS_CATALOG_SERVER', 'https://www.mysite.net');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

[germ]

SSL Implementation Help support thread

[ehm]

SSL Implementation Help support thread

 

Thanks germ - I wish I had found that post earlier!

 

My solution was to do a fresh install on the same server (different directory and different database) to let the installer do the work.

 

Here are the settings for Media Temple should it help anyone:

 

I also had to change a line in catalog/includes/application_top.php

 

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

to

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

This was because I was getting a security warning that there was both secure and insecure content on the site. This change fixed that SSL warning.

 

Here are the settings for includes/configure.php

 

  define('HTTP_SERVER', 'http://www.yoursite.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.yoursite.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', '');
 define('HTTPS_COOKIE_DOMAIN', '');
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', '/catalog/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', 'catalog/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection

 define('DB_SERVER', 'XXXXXXXXXXX.gridserver.com'); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', 'XXXXX');
 define('DB_SERVER_PASSWORD', 'XXXXX');
 define('DB_DATABASE', 'XXXXX');
 define('USE_PCONNECT', 'false'); // use persistent connections?
 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

 

...and admin/includes/configure.php

 

// * DIR_WS_* = Webserver directories (virtual/URL)

 define('HTTP_SERVER', 'http://www.yoursite.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTP_CATALOG_SERVER', 'http://www.yoursite.com');
 define('HTTPS_CATALOG_SERVER', 'https://www.yoursite.com');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', '/nfs/cXX/hXX/mnt/XXXXX/domains/yoursite.com/html/catalog/'); // where the pages are located on the server
 define('DIR_WS_ADMIN', '/catalog/admin/'); // absolute path required
 define('DIR_FS_ADMIN', '/nfs/cXX/hXX/mnt/XXXXX/domains/yoursite.com/html/catalog/admin/'); // absolute pate required
 define('DIR_WS_CATALOG', '/catalog/'); // absolute path required
 define('DIR_FS_CATALOG', '/nfs/cXX/hXX/mnt/XXXXX/domains/yoursite.com/html/catalog/'); // absolute path required
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

// define our database connection

 define('DB_SERVER', 'XXXXXXXXXXX.gridserver.com'); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', 'XXXXX');
 define('DB_SERVER_PASSWORD', 'XXXXX');
 define('DB_DATABASE', 'XXXXX');
 define('USE_PCONNECT', 'false'); // use persisstent connections?
 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

 

In DIR_FS_ADMIN, DIR_FS_ADMIN, and DIR_FS_CATALOG above you'll see /cXX/hXX/mnt/XXXXX/ here's what you should place instead of the Xs

 

- cXX (replace the XXs with your cluster number)

- hXX (replace the XXs with your storage segment number)

- XXXXX (replace the XXXXXs with your site number)

[Fourpaws]

I see two folders on the server, public_html and public_ssl. Everything is currently in the public_html folder. Do I physically need to move/copy files across to the public_ssl folder for this to work? Apologies if this has been answered before in this tread, I have read through most of it but cannot find the answer.

[germ]

You should ask your host what is correct for your situation.

 

I would appear that copying to the public_ssl would be the correct action, but, again, only your host can answer your question correctly.

[Guest]

To start, an excellent thread! Many thanks to Jason, Jim and the other experts assisting. Five star vote for sure! :thumbsup:

 

Now my issue: In updating a site running CRE Loaded to support SSL, I've inadvertently prevented items from being added to shopping carts. The carts stay empty. Details of the configure.php files are posted here:

 

http://creloaded.org/forum/23/29967.html

 

After reading the first 15 pages or so of this thread, I've tweaked them since, but regardless, empty carts.

 

The actual site is https://www.envyss.com. Will post, PM or email config files etc. if required.

 

Thanks!

[winnerscircle]

This is as simple as it gets -- how to install SSL, which is a mandate on every e-commerce site, easily and effectively on OSC:

 

(1) Inform your host. Tell your host you're going to install SSL through another company. They shouldn't charge you, but they might ... 10 bucks or whatever. They'll e-mail you a CSR (certificate signing request), which is really just a big clump of mumble-jumbled coding.

 

(2) Find an SSL Company. A popular one seems to be the RapidSSL by Geotrust, 'cause it's cheap, but there are plenty. Many people use Geotrust, Verisign, Networksolutions, GoDaddy, and others. A Simple Google Search can give you plenty of other options. Make sure it has at least 128-bit data encryption, and is compatible with all browsers. Make sure it has a trusted root. Make sure it puts a padlock in your browser. These are all questions you'll ask the SSL company.

 

(3) Purchase the SSL. E-mail the SSL company your CSR that your host gave to you. Be sure that both your host and the SSL company are on the same page -- assign your SSL to either http://www.yoursite.com, or http://yoursite.com -- but make sure the host and the SSL company are on the same page, and both do the same thing.

 

(4) Go back to your host. You'll receive an SSL Certificate Key from the SSL company once purchased. This will be more mumble-jumbled coding in your e-mail. E-mail the SSL Certificate Key back to your host. They'll install it for you.

 

(5) Alter your config files. All you need to do now is to alter your configure.php files. They're located in (path to catalog)/includes/configure.php, and (path to catalog)/admin/includes/configure.php. OSC is designed to protect the pages that require data encryption, and altering your config files will do this for you. These pages include login, create_account, checkout, etc,. and any other pages that require data-input by the end-user.

 

(6) In includes/configure.php, set the SSL to "true"; it should look something like this near the top, if you assigned the SSL to www.yoursite.com:

define('HTTP_SERVER', 'http://www.yoursite.com');

define('HTTPS_SERVER', 'https://www.yoursite.com');

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', '.yoursite.com');

define('HTTPS_COOKIE_DOMAIN', '.yoursite.com');

 

(7) In admin/includes/configure.php, set the SSL to "true" and add an "s" after all the http's. So it'll look something like this, if assigned to www.yoursite.com:

define('HTTP_SERVER', 'https://www.yoursite.com/');

define('HTTP_CATALOG_SERVER', 'https://www.yoursite.com/');

define('HTTPS_CATALOG_SERVER', 'https://www.yoursite.com/');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

(8) Save and upload your configure.php files to their appropriate directories, perhaps using your FTP tool, or other upload tool of choice, and your SSL should be running smoothly and efficiently.

 

I am really having a problem and I can not find a way to make it go away. It is related to my SSL certificate and I am getting a notification when my customers try to check out that my connection is untrusted due to an invalid security certificate. I have contacted my hosting company and they say the SSL is valid and that the problem is on the OSC end.

 

here are the top few lines of code in includes/configure.php

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.winnerscirclerc.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'http://winnerscirclerc.com');

define('HTTPS_CATALOG_SERVER', 'https://winnerscirclerc.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/home/www/winnerscirclerc.com/'); // where the pages are located on the server

define('DIR_WS_ADMIN', '/admin/'); // absolute path required

define('DIR_FS_ADMIN', '/home/www/winnerscirclerc.com/admin/'); // absolute pate required

define('DIR_WS_CATALOG', '/'); // absolute path required

define('DIR_FS_CATALOG', '/home/www/winnerscirclerc.com/'); // absolute path required

 

Do you see a reason why I am getting "this connection is untrusted" on the top line and under technical details "www.winnerscirclerc.com uses and invalid security certificate.

 

What do I need to do in order to make this warning go away?

 

Lee Muse

[germ]

The lines you posted are from the admin config file.

 

You need to be concerned about the catalog one.

 

Your SSL cert. is for your domain name WITHOUT THE www.

 

So in the catalog config file you need this:

 

  define('HTTPS_SERVER', 'http://winnerscirclerc.com');

 

It looks like it says this currently:

 

  define('HTTPS_SERVER', 'http://www.winnerscirclerc.com');

[winnerscircle]

The lines you posted are from the admin config file.

 

You need to be concerned about the catalog one.

 

Your SSL cert. is for your domain name WITHOUT THE www.

 

So in the catalog config file you need this:

 

  define('HTTPS_SERVER', 'http://winnerscirclerc.com');

 

It looks like it says this currently:

 

  define('HTTPS_SERVER', 'http://www.winnerscirclerc.com');

 

Thank you for the help. I will remove the www from the 2 places it shows up.

 

Lee

[winnerscircle]

No one will place an order on our website because of the warning that shows up saying that the connection is untrusted and references a SSL error. I have tried everything that I know how to do and I can't make this go away. The host says it is OSC. I don't know what to do except go out of business.

[winnerscircle]

Please go to www.winnerscriclerc.com and act like you are checking out and you will see the warning message that is ruining my business. I have requested help from my hosting company and from the experts on this site but NOTHING has worked. I think I made a huge mistake going with OSC.

 

Lee Muse

[germ]

Yor SSL links still have the www. in them.

 

Remove it like I said.

[winnerscircle]

Yor SSL links still have the www. in them.

 

Remove it like I said.

 

Now I get

 

Warning: I am able to write to the configuration file: /home/www/winnerscirclerc.com/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

[winnerscircle]

Now I have this warning

 

Warning: I am able to write to the configuration file: /home/www/winnerscirclerc.com/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

It shows for anyone on the site. How do I make this go away.

 

Lee

[winnerscircle]

I finally got it right! Sorry for venting but I was experiencing frustration at a extremely high level. I tried every combination of permissions and finally go the 2nd warning to stop showing up.

 

Lee

[Guest]

Big thanks for this thread! It saved me some heartburn.

[srphotos]

Special note to shared SSL users, in particular bluehost users. Now I don't really recommend Shared SSL, although it's worked for many. I'd prefer the real thing. Anyway, with bluehost, your config files would look like this (note: "username" refers to the username given to you by Bluehost):

 

Includes/Configure.php:

define('HTTP_SERVER', 'http://www.yoursite.com');

define('HTTPS_SERVER', 'https://secure.bluehost.com/~username');

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', '.yoursite.com');

define('HTTPS_COOKIE_DOMAIN', 'secure.bluehost.com/~username');

 

Admin/Includes/Configure.php:

define('HTTP_SERVER', 'https://www.yoursite.com');

define('HTTP_CATALOG_SERVER', 'https://www.yoursite.com');

define('HTTPS_CATALOG_SERVER', 'https://secure.bluehost.com/~username');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

As is any case with Shared SSL, you'll have to contact your host for the proper configure files, but a simple google search will help, seeing as that many users using the same Shared SSL have already installed OSC beforehand, and have posted about it. So search the web, or call your host -- but if you're going through Bluehost, you already know now. Good luck!

 

I'm currently trying to set-up a shared sll on my site (will move to a dedicated ssl at some point in the future) but I have what is probably a really stupid question...

 

I've followed all the adviuce above but when I now click on "my account" button to test my secure connection I get a 404 page not found error.

Now here's the silly part... do I need to copy my catalog into my https section of my web space or just certain parts of it?

 

Also, under my shared ssl section on my cPanel I also have the choice to have it set to http ot https, it's currently set to https as this is how it was set up my my host.

 

Can someone advise what I've either not done or have done incorrectly?

 

Cheers

[germ]

I'd copy the whole store.

 

You should have a backup on your local PC and it's only a click or two to copy the whole catalog folder (and all the sub folders) into the https part of the site.

[srphotos]

I'd copy the whole store.

 

You should have a backup on your local PC and it's only a click or two to copy the whole catalog folder (and all the sub folders) into the https part of the site.

 

Hi germ,

 

I've copied the whole store to the https dir but no luck still.

 

Howevering over my account button i get the following link which I'm sure is wrong.. https://windows1-whg.secure-wi.com/simonrussellphotography.com//catalog/account.php...etc

 

surely there's an extra '/' at before catalog? I know i'm being stupid but I can't locate this extra / anywhere.

I ran your cfgchk script from the other thread and everything seems to check out, however I couldn't access a simple test file through the https dir.

 

Any ideas what might be wrong?

[germ]

Seek support from your host.

 

They should have a fairly simple guide on how to use their shared SSL.

 

They should also tell you what your shared SSL URL should be.

 

Without seeing their instructions it's impossible to say where you've gone off the path...

:blush:

[srphotos]

Seek support from your host.

 

They should have a fairly simple guide on how to use their shared SSL.

 

They should also tell you what your shared SSL URL should be.

 

Without seeing their instructions it's impossible to say where you've gone off the path...

:blush:

 

 

Sorted! (sort of) I had written domainname[dot]com instead of [_]com

 

So, now I can connect to my secure site but when I log in my images in my header & cart buttons don't display (only the alt information) - looking at the page under fire bug the link associated with the store logo is http, but the actual src for the image is 'images/heager.gif'

 

How can I get this part sorted now?

[germ]

/ext/jquery/ui/redmond/jquery-ui-1.8.9.custom.css isn't in the SSL part of the site.