Jump to content

Archived

This topic is now archived and is closed to further replies.

LumberJack5500

SSL Certificate problems ""Contains secure and unsecure information"

Recommended Posts

Hello,

 

My friend and I are trying to implement SSL on this website...

 

www.ajwperformanceproducts.com

 

We are having some issues, for instance I get this error "This web site does not supply identity information."

 

Anyone have some ideas on where to start? Thanks!!!!

 

-Douglas

Share this post


Link to post
Share on other sites

The store isn't recognizing the cue from the server that SSL is on.

 

Some things you can try: click me


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hi

 

Theres also some information in the Knowlege Base, Under General Information, Common Problems. I've added the link below

 

Hope this helps

 

http://www.oscommerce.info/kb/osCommerce/G...mon_Problems/75


From Data to Wisdom, Without Data we have No Information, Without Information we have No Knowledge and Without Knowledge we have No Wisdom. I believe all kinds of data should be managed and preserved. Heavy Man.

Share this post


Link to post
Share on other sites
The store isn't recognizing the cue from the server that SSL is on.

 

Some things you can try: click me

 

Thanks Germ, we actually found your post after some searching and had already tried that but unfortunately none of the configurations for /includes/application_top.php worked. Any other suggestions?

 

Hi

 

Theres also some information in the Knowlege Base, Under General Information, Common Problems. I've added the link below

 

Hope this helps

 

http://www.oscommerce.info/kb/osCommerce/G...mon_Problems/75

 

Thanks storageman, we've also read through that and still haven't been able to track down the issue.

Share this post


Link to post
Share on other sites

Copy the text in the CODE box below into a text editor (Notepad) on your PC:

 

<?php
echo 'HTTP HOST: ' . "$HTTP_HOST";
echo '<br>Server Port: ' . getenv('SERVER_PORT');
echo '<br>SSL Status: ' . getenv('HTTPS');
echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER');
echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST');
echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY');
?>

Save it as myenv.php

 

Upload it into your /catalog folder on your site.

 

When you're done post again.

 

It's a harmless script, it just displays values of a few server variables.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites
Copy the text in the CODE box below into a text editor (Notepad) on your PC:

 

<?php
echo 'HTTP HOST: ' . "$HTTP_HOST";
echo '<br>Server Port: ' . getenv('SERVER_PORT');
echo '<br>SSL Status: ' . getenv('HTTPS');
echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER');
echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST');
echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY');
?>

Save it as myenv.php

 

Upload it into your /catalog folder on your site.

 

When you're done post again.

 

It's a harmless script, it just displays values of a few server variables.

 

Done!

 

I appreciate your help!

Share this post


Link to post
Share on other sites

Let's give this a shot.

 

BACKUP /catalog/includes/application_top.php

 

Then find these lines in /catalog/includes/application_top.php:

 

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

Change that code to this:

 

// set the type of request (secure or not)
//  $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

// include the list of project filenames
 require(DIR_WS_INCLUDES . 'filenames.php');

 switch ( basename($PHP_SELF) ) {

case FILENAME_ACCOUNT:
case FILENAME_ACCOUNT_EDIT:
case FILENAME_ACCOUNT_HISTORY:
case FILENAME_ACCOUNT_HISTORY_INFO:
case FILENAME_ACCOUNT_NEWSLETTERS:
case FILENAME_ACCOUNT_NOTIFICATIONS:
case FILENAME_ACCOUNT_PASSWORD:
case FILENAME_ADDRESS_BOOK:
case FILENAME_ADDRESS_BOOK_PROCESS:
case FILENAME_CHECKOUT_CONFIRMATION:
case FILENAME_CHECKOUT_PAYMENT:
case FILENAME_CHECKOUT_PAYMENT_ADDRESS:
case FILENAME_CHECKOUT_PROCESS:
case FILENAME_CHECKOUT_SHIPPING:
case FILENAME_CHECKOUT_SHIPPING_ADDRESS:
case FILENAME_CHECKOUT_SUCCESS:
case FILENAME_CREATE_ACCOUNT:
case FILENAME_CREATE_ACCOUNT_SUCCESS:
case FILENAME_LOGIN:
case FILENAME_LOGOFF:
case FILENAME_PASSWORD_FORGOTTEN: $request_type = 'SSL';
	break;
default: $request_type = 'NONSSL';
 }

What this does is change the variable $request_type by page name rather than a server variable.

 

I've tested this on my site and it seems to work.

 

I know this isn't "according to Hoyle", but in your situation where the server isn't going to supply a setting the store can "key" off of, I don't know what else to try.

:blush:

 

Let me know how it goes.

:)


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Great!

:lol:

 

I looked thru /catalog/includes/filenames.php and I think I got all the ones that need to be SSL.

 

If I missed any just add them to the list.

 

Post again if you need help.

:)

 

TO ANYONE READING THIS:

 

THE ONLY REASON WE DID IT THIS WAY WAS BECAUSE THERE WERE NO SERVER VARIABLES THAT CHANGED WHEN SWITCHING FROM HTTP TO HTTPS

 

I DON'T RECOMMEND THIS EXCEPT AS A LAST RESORT.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hi,

 

I have several OSC sites - some running RC1 and some on MS2, some with STS running, others without. Some I had working with SSL but now seem to be running this error and it is really frustrating. I was wondering if someone could help. I tried most of the 'fixes' above but non make any difference. I know the page say Base URL - http:// but I cannot get that to change. I even forced (by hard code) all my images in STS through https:// but then the 'osc images' were not secure! !ARRGGHH.. I am happy to post urls , test thingees or anything you need if you can help

 

Thanks Muchly

A very frustrated , Denz

Share this post


Link to post
Share on other sites

Just need a URL Ma'am

 

If you don't want this post to show in searches for your site post it like:

 

mysite

 

DOT

 

com

 

/catalog


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hi Jim,

 

I just went through my old messages and you had helped me with this problem before on rubens.co.nz - you gave me a code to change in my application_top.php to

 

$request_type = (getenv('SERVER_NAME') == 'www2.iserve.co.nz') ? 'SSL' : 'NONSSL';.

 

 

And it was working sweet, but now has got that dang message back (I am using ie6, have not tested in other browsers yet).

 

Anyhow, I have things working fine on one of my sites, so I copied the code from there

 

$request_type = (getenv('HTTP_X_FORWARDED_HOST') == 'www.iserve.co.nz') ? 'SSL' : 'NONSSL';

 

and now on the Rubens site works sweet too! Plus all my others.

 

Not sure what the difference was, but there you go.

 

So, your past help helped again... but this time you had to do nothing. :)

 

Thanks,

Denz

Share this post


Link to post
Share on other sites
Hello,

 

My friend and I are trying to implement SSL on this website...

 

www.ajwperformanceproducts.com

 

We are having some issues, for instance I get this error "This web site does not supply identity information."

 

Anyone have some ideas on where to start? Thanks!!!!

 

-Douglas

 

did you manage to fix this problem??? What was the cause???

 

simplyteaching

Share this post


Link to post
Share on other sites

This can be caused by three things:

  • 1. Your config file isn't setup properly.
  • 2. You have scripts or images loading from HTTP sources on the page or in the stylesheet.
  • 3. osC isn't getting the cue from the server that SSL is on (or the sever just isn't giving one).

Without a URL it's impossible to tell which one may be your problem.

:blush:


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hello,

 

I have a problem with "•2. You have scripts or images loading from HTTP sources on the page or in the stylesheet", any way of fixing this, and i have checked that my config files are set up correctly.

 

In IE it comes with an yes or no question, which i understand why, but how do i move the to be https? but in firefix it works, but explaination mark on the padlock.

 

If anyone can help please.

 

Thank you

Share this post


Link to post
Share on other sites

Hello,

 

I have a problem with "•2. You have scripts or images loading from HTTP sources on the page or in the stylesheet", any way of fixing this, and i have checked that my config files are set up correctly.

 

In IE it comes with an yes or no question, which i understand why, but how do i move the to be https? but in firefix it works, but explaination mark on the padlock.

 

If anyone can help please.

 

Thank you

Image paths in the stylesheet should be "relative", like this:

 

      background:url("images/tableftJ.gif");


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Image paths in the stylesheet should be "relative", like this:

 

      background:url("images/tableftJ.gif");

 

If it's a link but not an image i.e. <a href="http://thesite.com> would that cause the page to be insecure?


"Be who you are and say what you feel, because those who matter don't mind, and those that mind, don't matter." (Theodor Seuss Geisel)

Share this post


Link to post
Share on other sites

If it's a link but not an image i.e. <a href="http://thesite.com> would that cause the page to be insecure?

NO.

 

HTTP text links do not cause the insecure items popup in IE.

 

Loading images or scripts from HTTP sources on HTTPS pages DOES cause the insecure items popup in IE.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Then find these lines in /catalog/includes/application_top.php:

 

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

Note that on some servers, rather than 'on', it will be '1'. This might be a simpler fix:

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on' || getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get (stable) Frozenpatches or (unstable) Edge. See also the naming convention and the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites

×