Guest Posted September 19, 2008 Share Posted September 19, 2008 To get rid of the red warning flash you have to navigate to the catalog/admin/includes/configure.php file in your ftp program (cuteftp etc) and change its CHMOD properties to 644 which allows you to read and write the file but only read for everyone else. Let me know if you need help with this but usually you just highlight the file, rightclick and select from the context menu. Good luck Carbon Thanks, it worked. I asked about the "sslpowered" and they said once I get my own certificate I can take that out. Link to comment Share on other sites More sharing options...
Carbon Posted September 19, 2008 Share Posted September 19, 2008 Thanks, it worked. I asked about the "sslpowered" and they said once I get my own certificate I can take that out. Cool, looks like you're on your way :) Carbon Link to comment Share on other sites More sharing options...
lindsayanng Posted September 20, 2008 Share Posted September 20, 2008 ya know whats weird.. I have a shared SSL too, and when you go from my website to an SSL page, the url changed from furryfamilysupplies.com to hostmonstersecure~furryfam (orsomething liek that) so it is CLEARLY not my own ssl.. HOWEVER, even so, i do NOT get the certificate error that i get on your site.. You should call them and see why.. I have no idea what would cause that on yours and not on mine, but i have basically the same setup as you. A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!! Link to comment Share on other sites More sharing options...
Guest Posted September 20, 2008 Share Posted September 20, 2008 Cool, looks like you're on your way :) Carbon I'm not sure. I've had the most disgusting day. When I tried to verify myself to the people at the SSL place, my email kept on turning all the files to "0k" instead of 161k or whatever, and they would just get a red x to open instead of my lovely validating document, but not always, sometimes it would work (netfirms... Webmail... is it me?) . Not very impressive, although I checked them before I sent them, then later they would be gone. Whambulance! So it finally worked when I sent them from my hotmail account and I think all is well... They sent me a certificate and seem to have forgiven me. Anyway, I have a dedicated IP and an SSL certificate now, (only installed it about 5 minutes ago so I don't know if it works yet). When I just went in through the https link, it still said the address doesn't match the certificate, which I believe was the whole purpose of this exercise, but maybe I'm jumping the gun... Argh? Nicole Link to comment Share on other sites More sharing options...
Guest Posted September 20, 2008 Share Posted September 20, 2008 ya know whats weird.. I have a shared SSL too, and when you go from my website to an SSL page, the url changed from furryfamilysupplies.com to hostmonstersecure~furryfam (orsomething liek that) so it is CLEARLY not my own ssl.. HOWEVER, even so, i do NOT get the certificate error that i get on your site.. You should call them and see why.. I have no idea what would cause that on yours and not on mine, but i have basically the same setup as you. I dunno... I called them but I just ended up getting a dedicated IP and SSL instead. I would rather pay $140 a year than have it tell ANYONE that I might be trying to fool them! Criminy, what a nasty message. Clearly I do not have the technology to be fooling people... hehe So did you get a chance to check the speed of my page from home the other day? I was wondering if it was the US/Canada server problem that made it load slowly... Thanks, Nicole Link to comment Share on other sites More sharing options...
lindsayanng Posted September 20, 2008 Share Posted September 20, 2008 yes, i did clikc around a little.. it was definitely my PC at work acting up.. funny ya know..i have a 5 month old PC that is slower than our 10 year old Mac G4. A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!! Link to comment Share on other sites More sharing options...
Guest Posted September 20, 2008 Share Posted September 20, 2008 yes, i did clikc around a little.. it was definitely my PC at work acting up.. funny ya know..i have a 5 month old PC that is slower than our 10 year old Mac G4. Good to know... about my site. About the PC, not so much. Work must be a hassle with a slow computer! I'm looking at getting a mac, are they as fun as they say? Link to comment Share on other sites More sharing options...
lindsayanng Posted September 20, 2008 Share Posted September 20, 2008 yes.. once you go mac, you never go back :) i never had a mac, but my hubby being in video editing and photography ONLY had macs. When it came time to buy a new laptop, i was not given a choice,. i was actually SCARED i wasnt going to be able to use it.. but that was a STUPID fear.. they are 100000000000 times more easy to figure out than PC. it MIGHT take you a day at the msot. GET ONE A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!! Link to comment Share on other sites More sharing options...
Guest Posted September 21, 2008 Share Posted September 21, 2008 yes.. once you go mac, you never go back :) i never had a mac, but my hubby being in video editing and photography ONLY had macs. When it came time to buy a new laptop, i was not given a choice,. i was actually SCARED i wasnt going to be able to use it.. but that was a STUPID fear.. they are 100000000000 times more easy to figure out than PC. it MIGHT take you a day at the msot. GET ONE I should. My brain hurts from learning right now though, so maybe I'll wait a month or two. My hubby wants one for music because he's a drummer, so maybe I'll let him get one and keep my PC until my head stops aching. ;o) On another note, my entire site looks like it's being run by criminals now! I put on my dedicated SSL and IP and all that, and none of it's working! It's worse. I have the guy at Netfirms looking at it, but does anyone know what the problem might be? I think I have the configure files the way Carbon/Slav told me, and I added the CRT for the main and intermediate certificates, and the Control Panel in Netfirms says the certificate is active but it still tells you to run for the hills when you go to log in. Link to comment Share on other sites More sharing options...
lindsayanng Posted September 21, 2008 Share Posted September 21, 2008 what EXACTLY is it telling you?/ the same certificate issue?? A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!! Link to comment Share on other sites More sharing options...
Guest Posted September 21, 2008 Share Posted September 21, 2008 what EXACTLY is it telling you?/ the same certificate issue?? No, it doesn't look like it... If I go through Firefox, it lets me look at the certificate and has the Digicert (where I bought it from), my domain name, etc. but it says under Security Info: "the website does not supply identity info" and "connection partially encrypted". When I go through IE, it says "you are about to be directed to a connection that is not secure and that the information could be transmitted to a nonsecure site" Link to comment Share on other sites More sharing options...
lindsayanng Posted September 21, 2008 Share Posted September 21, 2008 that is SOOO odd.. I would definitely stress to your host that is it their certificate that is causing the issue. the ONLY time i have ever had to VIEW CERTIFICATE was when a site had to access my local computer system.. so if i saw your site do that, i would run the heck outta there. The ONLY time i have seen that is when using the photobucket mass uploader, running an install file on my oscommerce.. BOTH of those access certain files that i otherwise would never want a site to access... DEFINITELY ask your host what in the world the actual certificate is doing.. that is SOO weird. A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!! Link to comment Share on other sites More sharing options...
lindsayanng Posted September 21, 2008 Share Posted September 21, 2008 ya know what.. i also was just clicking throgh your site, and even though the url says HTTPS the bar does not turn yellow or green, and there is a cross through the padlock on my screen.. your ssl is definitely not working properly.. i went through the ENTIRE check out and create account (except the checkout confirm) and there never wasa padlock in my browser.. but i also did not get the warning you are talking about.. I am on firefox by the way A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!! Link to comment Share on other sites More sharing options...
Guest Posted September 21, 2008 Share Posted September 21, 2008 ya know what.. i also was just clicking throgh your site, and even though the url says HTTPS the bar does not turn yellow or green, and there is a cross through the padlock on my screen.. your ssl is definitely not working properly.. i went through the ENTIRE check out and create account (except the checkout confirm) and there never wasa padlock in my browser.. but i also did not get the warning you are talking about.. I am on firefox by the way yeah, I think that's how I got to view the certificate was by clicking on the padlock with the red line through it. But the first time I tried to go through Firefox this morning, it wouldn't even let me open the site. So that was when I added the intermediate certificate (the thing said it was optional - apparently not). So there's probably one more bleeping step that I don't know about. Wah.. Link to comment Share on other sites More sharing options...
germ Posted September 21, 2008 Share Posted September 21, 2008 osC isn't picking up the cue from the sever that SSL is active. In your /catalog/includes/application_top.php find this line (about line 41): $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; Change it to: $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; That works most of the time on dedicated SSL. Nothing is a "sure bet" in this case. It's always a good idea to backup any file before making any edits. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Carbon Posted September 21, 2008 Share Posted September 21, 2008 Hi Nicole, Ref probs with SSL, I checked back with my orig post to see what caused the error just to see how to reproduce it (try to check out). So I did a quick add to order and checkout and the error seems to have gone, in other words to browser generated scary page. But... (there allways is one) the next issue you have to overcome is the fact that you have secure and non-secure code in the pages that you are trying to use with SSL. This causes the browser to generate a warning popup requester asking the user if they want to display the non-secure items. If they say yes then your site looks normal as everything gets displayed but it turns off the SSL (the padlock disappears). If they click no then your site looks odd (looks like the erroneous code is in the stylesheet) so they might click the back button although this is the correct choice as it keeps the SSL. To solve this issue you will have to replace the absolute urls which start with "http://" with either relative links (eg ../images/pic.gif) or "https://". Just have a look at the page source code that throws up the warning and search for the phrase "http://" and use that to track down what part of the php source code is generating that url. Hope this helps Carbon Link to comment Share on other sites More sharing options...
germ Posted September 21, 2008 Share Posted September 21, 2008 The URL's are not the problem. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Guest Posted September 21, 2008 Share Posted September 21, 2008 osC isn't picking up the cue from the sever that SSL is active. In your /catalog/includes/application_top.php find this line (about line 41): $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; Change it to: $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; That works most of the time on dedicated SSL. Nothing is a "sure bet" in this case. It's always a good idea to backup any file before making any edits. Hi Jim, I can't find that exact line in the file. Some look close... Should I post it? Link to comment Share on other sites More sharing options...
germ Posted September 21, 2008 Share Posted September 21, 2008 Just what you have for that line, where it initializes the variable $request_type If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Guest Posted September 21, 2008 Share Posted September 21, 2008 Hi Nicole, Ref probs with SSL, I checked back with my orig post to see what caused the error just to see how to reproduce it (try to check out). So I did a quick add to order and checkout and the error seems to have gone, in other words to browser generated scary page. But... (there allways is one) the next issue you have to overcome is the fact that you have secure and non-secure code in the pages that you are trying to use with SSL. This causes the browser to generate a warning popup requester asking the user if they want to display the non-secure items. If they say yes then your site looks normal as everything gets displayed but it turns off the SSL (the padlock disappears). If they click no then your site looks odd (looks like the erroneous code is in the stylesheet) so they might click the back button although this is the correct choice as it keeps the SSL. To solve this issue you will have to replace the absolute urls which start with "http://" with either relative links (eg ../images/pic.gif) or "https://". Just have a look at the page source code that throws up the warning and search for the phrase "http://" and use that to track down what part of the php source code is generating that url. Hope this helps Carbon Well I've been monkeying around in there and it's not quite as horrible as before, but still not good. I did read that I have to change those url's, and I did some of them. It said that the reason for the shorter url's was more so they could view the pics on a secure connection. I thought that was the least of my worries for the time being, but I guess I better go change them and see. Oh, and when I go into "My Account" and say no to going on to the insecure info, it connects me anyway, but I can still see all the pictures. In IE, anyway. Haven't looked at Firefox lately. Nicole Link to comment Share on other sites More sharing options...
Guest Posted September 21, 2008 Share Posted September 21, 2008 Just what you have for that line, where it initializes the variable $request_type There's this: // set the type of request (secure or not) $request_type = (stristr(getenv('HTTP_X_FORWARDED_HOST'), ".sslpowered.com")) ? 'SSL' : 'NONSSL'; And this: if ($request_type == 'NONSSL') { define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG); } else { define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG); } And one under the cookies. Link to comment Share on other sites More sharing options...
germ Posted September 21, 2008 Share Posted September 21, 2008 Let me reiterate. The URL's are NOT the problem. Change this line: $request_type = (stristr(getenv('HTTP_X_FORWARDED_HOST'), ".sslpowered.com")) ? 'SSL' : 'NONSSL'; to $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; If that doesn't work, try other code I posted. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
lindsayanng Posted September 21, 2008 Share Posted September 21, 2008 Yea, i would ignore the secure and insecure items for now.. thats not REALLY a big issue, and if the pop ups still come up after you get all that changed, then you can go back.. right now you biggest issue is the one at hand... htat your SSL is not actually showing as secure. A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!! Link to comment Share on other sites More sharing options...
germ Posted September 21, 2008 Share Posted September 21, 2008 But Lindsay, the insecure items popup is the reason the SSL is not actually showing as secure... :blush: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Guest Posted September 21, 2008 Share Posted September 21, 2008 Let me reiterate. The URL's are NOT the problem. Change this line: $request_type = (stristr(getenv('HTTP_X_FORWARDED_HOST'), ".sslpowered.com")) ? 'SSL' : 'NONSSL'; to $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; If that doesn't work, try other code I posted. OK, I tried both and it still gives me the security warning when I log in. By "the other code" you meant the one with the SERVER_PORT instead of HTTPS, right? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.