How to install SSL on OSC: A Simple 1-2-3 Instruction

[srphotos]

/ext/jquery/ui/redmond/jquery-ui-1.8.9.custom.css isn't in the SSL part of the site.

 

 

I know, totally just realised that after I posted the question :)

 

Forgot that there were quite a few things I had changed and not backed up on my local copy that I copied to the secure part of my hosting.

 

I'm glad to say that EVERYTHING is now working (with the sll part anyway) so thank you to all the guide in this thread. Now I can tick that off the list of things to sort for my store.

Still got a BIG list, but it IS getting smaller thanks to peeps on this forum. :)

[UB_Peter]

Hi

 

I use aplus.net for my webhosting. I have registered a rapid SSL and they dedicated only one folder in the root called "/secure" for any SSL request. My catalog is setup in the root in "/public/catalog". What would be the best way to setup the SSL?

 

Thank you all for your help.

Peter

[UB_Peter]

Hi

 

I use aplus.net for my webhosting. I have registered a rapid SSL and they dedicated only one folder in the root called "/secure" for any SSL request. My catalog is setup in the root in "/public/catalog". What would be the best way to setup the SSL?

 

Thank you all for your help.

Peter

 

I think I found the answer on this post. I have to copy everything to the "/secure" folder. If yes, can I just copy only the php pages that use the SSL request with the config files?

[Guest]

Hi! This looks great, but for some reason, it's not working for me. I have changed the configure files as per the first post of this thread. I can see my SSL "in action" when I click to log in, BUT I cannot log in!!! No error message, nothing, it just refreshes the page.

I'm sure it's something minor, but I can't figure out what.

 

Help is appreciated.

[ShawnBeardmore]

Hi there, could really do with some help ! I'm new to OSC and I've never dealt with SSL before.

 

I have the SSL certificate installed on the server, im really having trouble getting OSC to pick it up !

 

Excuse my stupidity but here goes any way :)

 

(6) In includes/configure.php, set the SSL to "true"; it should look something like this near the top, if you assigned the SSL to www.yoursite.com:

define('HTTP_SERVER', 'http://www.yoursite.com');

define('HTTPS_SERVER', 'https://www.yoursite.com');

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', '.yoursite.com');

define('HTTPS_COOKIE_DOMAIN', '.yoursite.com');

 

(7) In admin/includes/configure.php, set the SSL to "true" and add an "s" after all the http's. So it'll look something like this, if assigned to www.yoursite.com:

define('HTTP_SERVER', 'https://www.yoursite.com/');

define('HTTP_CATALOG_SERVER', 'https://www.yoursite.com/');

define('HTTPS_CATALOG_SERVER', 'https://www.yoursite.com/');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

What do I actually put in the bits highlighted above ?

 

I have a http & https file on my server and I've copied the store to the https file thinking I have to have the secure pages in there ??

 

I'm totally confused now and im fast running out of ideas !

 

Any help would be hugely appreciated, i'm even getting to the stage where im thinking i may have to pay someone to do it for me, reluctant to as i've almost done it I think, just can't get anything to happen !!

 

Many thanks in advance

 

Shawn

[germ]

Sometimes you need to change more than the config file.

 

SSL Help

 

SSL Help support thread

[BryceJr]

Based on your first post to the forum and using ssl checker(your ssl cert indicated no www), make these changes to your config files.

includes/configure.php

define('HTTP_SERVER', 'http://cheshirereefaquatics.co.uk');
define('HTTPS_SERVER', 'https://cheshirereefaquatics.co.uk');
define('ENABLE_SSL', 'true');
define('HTTP_COOKIE_DOMAIN', '.cheshirereefaquatics.co.uk');
define('HTTPS_COOKIE_DOMAIN', '.cheshirereefaquatics.co.uk');

admin/includes/configure.php

define('HTTP_SERVER', 'https://cheshirereefaquatics.co.uk');
define('HTTP_CATALOG_SERVER', 'https://cheshirereefaquatics.co.uk');
define('HTTPS_CATALOG_SERVER', 'https://cheshirereefaquatics.co.uk');
define('ENABLE_SSL_CATALOG', 'true');

 

I have a http & https file on my server and I've copied the store to the https file thinking I have to have the secure pages in there

I don't now about a file but the old way of doing it is that there is an https folder where you can place ALL your files. You have to be certain about this. Contact your web host or look for an FAQ regarding this.

 

Don't create an https folder, if you don't have to.

[ShawnBeardmore]

Thanks for the help got it working fine now :)

[cdemo]

Help Please.

I just followed your instructions which were great but now the site keeps logging me out when I navigate away from the checkout page and I keep having to log back in continuously. While I'm shopping my site it is not secure but once I go to checkout it is. My apologies if this has been reviewed before but I looked through the thread and couldn't find anything. I have since reverted back to "false" in includes/configure.php so my current customers do not have this issue.

 

Cdemo

[germ]

The cookie settings in the config file are probably wrong.

[cdemo]

The cookie settings in the config file are probably wrong.

 

 

I should mention I'm a newbee. I can follow instructions but I don't know what's right or wrong to look at it. Could you give me more details? Which config php? What should it look like?

 

Thanks

cdemo

[cdemo]

.

[germ]

/catalog/includes/configure.php

 

If you're talking about your "scrap" site things seemed to work for me.

 

I made an account and put something in the cart and started the checkout process.

 

Of course I had to manually change the URL to be https, but things stayed in the cart and I was never logged off going back and forth from http to https and in/out of the checkout process.

 

I tried with IE7 and FF3.0 and it all worked flawlessly for me.

[cdemo]

/catalog/includes/configure.php

 

If you're talking about your "scrap" site things seemed to work for me.

 

I made an account and put something in the cart and started the checkout process.

 

Of course I had to manually change the URL to be https, but things stayed in the cart and I was never logged off going back and forth from http to https and in/out of the checkout process.

 

I tried with IE7 and FF3.0 and it all worked flawlessly for me.

 

I have changed the code from false to true. Could you give it a try now and see what happens?

Thanks

[germ]

It dumps the cart now.

 

It looks like the config file is setup for shared SSL, but the site works for dedicated SSL as well.

 

Did you recently install a dedicated SSL cert?

:unsure:

[cdemo]

It dumps the cart now.

 

It looks like the config file is setup for shared SSL, but the site works for dedicated SSL as well.

 

Did you recently install a dedicated SSL cert?

:unsure:

 

A certificate was installed some time ago by my host but I only just found out about making these changes so that the "s" shows up in the address and I wanted to place the badge on the site. It's through Geotrust.

Can you advise me what I need to do?

[germ]

If you switched from shared SSL to dedicated SSL you need to look at and maybe change 3 lines in your /catalog/includes/configure.php file.

 

---

 

Take the text from this line:

 

  define('HTTP_COOKIE_DOMAIN', 'TAKE_WHAT_YOU_HAVE_HERE');

And put it the same text on this line:

 

  define('HTTPS_COOKIE_DOMAIN', 'PUT_THAT SAME_TEXT_HERE');

 

---

 

Take the text from this line:

 

  define('HTTP_COOKIE_PATH', 'TAKE_THIS_TEXT');

Put that same text on this line:

 

  define('HTTPS_COOKIE_PATH', 'COPY_THAT_SAME_TEXT_HERE');

 

---

 

Take the text from this line:

 

  define('DIR_WS_HTTP_CATALOG', 'WHATEVER_TEXT_IS_HERE');

 

And copy it here

 

  define('DIR_WS_HTTPS_CATALOG', 'COPY_THAT_TEXT_HERE');

 

---

 

If you aren't sure you can PM me these 6 lines in the config file and I'll change them and PM it back to you.

[cdemo]

If you switched from shared SSL to dedicated SSL you need to look at and maybe change 3 lines in your /catalog/includes/configure.php file.

 

---

 

Take the text from this line:

 

  define('HTTP_COOKIE_DOMAIN', 'TAKE_WHAT_YOU_HAVE_HERE');

And put it the same text on this line:

 

  define('HTTPS_COOKIE_DOMAIN', 'PUT_THAT SAME_TEXT_HERE');

 

---

 

Take the text from this line:

 

  define('HTTP_COOKIE_PATH', 'TAKE_THIS_TEXT');

Put that same text on this line:

 

  define('HTTPS_COOKIE_PATH', 'COPY_THAT_SAME_TEXT_HERE');

 

---

 

Take the text from this line:

 

  define('DIR_WS_HTTP_CATALOG', 'WHATEVER_TEXT_IS_HERE');

 

And copy it here

 

  define('DIR_WS_HTTPS_CATALOG', 'COPY_THAT_TEXT_HERE');

 

---

 

If you aren't sure you can PM me these 6 lines in the config file and I'll change them and PM it back to you.

 

Thanks germ. I'll be back to try this out in a few hours.

cdemo

[germ]

And I forgot one...

:blush:

 

Take the text from here:

 

  define('HTTP_SERVER', 'http://THIS_TEXT_HERE');

And copy it here:

 

  define('HTTPS_SERVER', 'https://COPY_IT_HERE');

[jpweber]

I'm using Digicert on one of my sites now: http://www.digicert.com ...

And an apology to those of you I never had a chance to respond to, as I kinda fell off the face of the Earth for awhile there ... wasn't able to use a computer much, travelling, always on the road. But I'll be able to post more often now.

[m.ather]

Special note to shared SSL users, in particular bluehost users. Now I don't really recommend Shared SSL, although it's worked for many. I'd prefer the real thing. Anyway, with bluehost, your config files would look like this (note: "username" refers to the username given to you by Bluehost):

 

Includes/Configure.php:

define('HTTP_SERVER', 'http://www.yoursite.com');

define('HTTPS_SERVER', 'https://secure.bluehost.com/~username');

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', '.yoursite.com');

define('HTTPS_COOKIE_DOMAIN', 'secure.bluehost.com/~username');

 

Admin/Includes/Configure.php:

define('HTTP_SERVER', 'https://www.yoursite.com');

define('HTTP_CATALOG_SERVER', 'https://www.yoursite.com');

define('HTTPS_CATALOG_SERVER', 'https://secure.bluehost.com/~username');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

As is any case with Shared SSL, you'll have to contact your host for the proper configure files, but a simple google search will help, seeing as that many users using the same Shared SSL have already installed OSC beforehand, and have posted about it. So search the web, or call your host -- but if you're going through Bluehost, you already know now. Good luck!

 

 

Hi dude,

Thanks for SSL tutorial, I am surprised how clear your suggestions are from 2003. WOW.

Now i am stuck with two small things in include/configure.php file.

What will be the value of the following 2 lines as i am using public_html folder on my server to put all files. I believe it has to be absolute path required. So,

which one is correct.

 

1. define('DIR_WS_HTTP_CATALOG', '/');

1.1 define('DIR_WS_HTTP_CATALOG', '/public_html');

2. define('DIR_FS_CATALOG', '/');

2. define('DIR_FS_CATALOG', '/public_html');

 

Infact what will be the value of these lines for my project.

define('HTTP_COOKIE_PATH', '???');

define('HTTPS_COOKIE_PATH', '???');

define('DIR_WS_HTTP_CATALOG', '???');

define('DIR_WS_HTTPS_CATALOG', '???');

 

Secondly,

in admin/include/configure.php, what will be the value of following lines,

.

..

define('DIR_FS_DOCUMENT_ROOT', '???');

define('DIR_WS_ADMIN', 'admin/'); //its ok i guess

define('DIR_FS_ADMIN', '/admin/'); //its ok i guess

define('DIR_WS_CATALOG', '???');

define('DIR_FS_CATALOG', '???');

By the way, i am using following for my localhost. dont be confuse with project1. I will copy all inner files in project1 folder to "public_html" folder on server.

C:\server\www\myserver.dev\public_html\project1\

AND

http://localhost/project1

important: I am using shared SSL with server.hostname.com/~username

Pls help Jason.

[m.ather]

How can i send an email in case if need to??? thanks jason

[jpweber]

Hi dude,

Thanks for SSL tutorial, I am surprised how clear your suggestions are from 2003. WOW.

Now i am stuck with two small things in include/configure.php file.

What will be the value of the following 2 lines as i am using public_html folder on my server to put all files. I believe it has to be absolute path required. So,

which one is correct.

 

1. define('DIR_WS_HTTP_CATALOG', '/');

 

1.1 define('DIR_WS_HTTP_CATALOG', '/public_html');

2. define('DIR_FS_CATALOG', '/');

2. define('DIR_FS_CATALOG', '/public_html');

 

Infact what will be the value of these lines for my project.

define('HTTP_COOKIE_PATH', '???');

define('HTTPS_COOKIE_PATH', '???');

define('DIR_WS_HTTP_CATALOG', '???');

define('DIR_WS_HTTPS_CATALOG', '???');

 

Secondly,

in admin/include/configure.php, what will be the value of following lines,

 

define('DIR_FS_DOCUMENT_ROOT', '???');

define('DIR_WS_ADMIN', 'admin/'); //its ok i guess

define('DIR_FS_ADMIN', '/admin/'); //its ok i guess

define('DIR_WS_CATALOG', '???');

define('DIR_FS_CATALOG', '???');

By the way, i am using following for my localhost. dont be confuse with project1. I will copy all inner files in project1 folder to "public_html" folder on server.

C:\server\www\myserver.dev\public_html\project1\

AND

http://localhost/project1

important: I am using shared SSL with server.hostname.com/~username

Pls help Jason.

 

Hello Mather. Let's try this:

 

 

define('HTTP_SERVER', 'http://www.domain.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://secure.bluehost.com/~username'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.domain.com');
define('HTTPS_COOKIE_DOMAIN', 'secure.bluehost.com'); // leave ~username out this time

 

You want to make sure that the HTTP_SERVER and HTTPS_SERVER domain names are equal to the HTTP_COOKIE_DOMAIN and HTTPS_COOKIE_DOMAIN setting as well. I think things have changed slightly, and now you will notice you do not include the "https" or the "~username" or any other folders at all, just the domain name.

 

 

 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');

 

And

 

  define('DIR_FS_CATALOG', '/home/[b]YOUR FOLDER NAME[/b]/public_html/'); // absolute path required

 

Admin:

 define('DIR_FS_DOCUMENT_ROOT', '/home/[b]YOUR FOLDER NAME[/b]/public_html/'); // where the pages are located on the server

 define('DIR_WS_ADMIN', '/admin/'); // absolute path required
 define('DIR_FS_ADMIN', '/home/[b]YOUR FOLDER NAME[/b]/public_html/admin/'); // absolute pate required

 define('DIR_WS_CATALOG', '/[b]YOUR FOLDER NAME[/b]/'); // absolute path required
 define('DIR_FS_CATALOG', '/home/[b]YOUR FOLDER NAME[/b]/public_html/'); // absolute path required

 

 

 

Let me know if you have any further questions. Hope this helps.

[m.ather]

 define('DIR_FS_CATALOG', '/home/[b]YOUR FOLDER NAME[/b]/public_html/'); // absolute path required

Admin:

 define('DIR_FS_DOCUMENT_ROOT', '/home/[b]YOUR FOLDER NAME[/b]/public_html/'); // where the pages are located on the server
define('DIR_WS_ADMIN', '/admin/'); // absolute path required
define('DIR_FS_ADMIN', '/home/[b]YOUR FOLDER NAME[/b]/public_html/admin/'); // absolute pate required
define('DIR_WS_CATALOG', '/[b]YOUR FOLDER NAME[/b]/'); // absolute path required
define('DIR_FS_CATALOG', '/home/[b]YOUR FOLDER NAME[/b]/public_html/'); // absolute path required

 

Let me know if you have any further questions. Hope this helps.

 

Thanks for your reply Jason,

 

1. See the "folder name" you're referring to in this field,('/home/YOUR FOLDER NAME/public_html/') has to do something with local folder on localhost or the is it webserver folder? Because when i go to server via ws_ftp,it shows few folders including "public_html". I don't understand what folder name is that. but.....i found my HOMEDIRECTORY on server i.e. 'home/eb***n1/public_html/'

 

Are you referring to the "eb***n1"?

 

2. IF YES, ..then I have changed all the fields require absolute path with '/home/eb***n1/public_html/', assuming to referring to this server folder. but now when i am trying to go to my server admin panel. by typing. www.mysitename.com/admin. I am getting this error.

 

404 Not Found

The server can not find the requested page:

Please forward this error screen to www.eb***.com's

 

2. Secondly, I am still getting message-box asking for "do you want to view only the webpage content that was delivered securely"?.

This message i am getting on "myaccount", login, and forgot_password links.

I read your previous post where you have suggested that there should be some links without S, along http? but i can't find it.

Do i have to find each .php file, like "myaccount", "login", and "forgot_password" to add "S" with "http", OR is it something to do with index.php?

 

Thanks so much for your reply. Happy Christmas and New year!! if you celebrate.

[germ]

You might check out the "SSL Implementation Help" link in my signature.

 

If you are getting the "Do you want to view only the webpage content that was delivered securely" message it might be because the store isn't recognizing that SSL is "on". This happens quite often with shared SSL. Or there might be "unsecure content" (scripts, images, or iframes from http sources) on the page. I can't say without looking myself.

 

In the thread I am referring to there are things to check and try (in the first post).

 

In the second post of the thread a link to a contribution I wrote to help identify and fix SSL problems. Although the reults of the output usually need interpretation. The code wasn't designed as a "Here is the problem..." type solution.