Latest News: (loading..)

Archived

This topic is now archived and is closed to further replies.

germ

SSL Implementation Help

415 posts in this topic

I'm having issues with my SSL staying locked, When I go to login, or Cart Checkout, etc. where SSL should be locked. The page starts out locked but then is unlocked even though the address still show https Why is this doing this and what can I do to correct.

Share this post


Link to post
Share on other sites

You probably have "unsecure content" (i.e. scripts or images loaded from http sources on the https pages)

 

My guess is your main browser is probably Firefox.

 

Try using Internet Explorer. My guess is you'll get the infamous "unsecure content" warning.

Share this post


Link to post
Share on other sites

I'm not getting any Unseruce Content warnings, and I don't remember modifying my checkout pages. I've tried this on pretty much all browsers with the same results.

Share this post


Link to post
Share on other sites

In Catalog/includes/configure.php I changed

define('HTTP_SERVER', 'http://mydomain.com');

 

to

 

define('HTTP_SERVER', 'https://mydomain.com');

 

Now everypage is locked but at least the login and checkout stay locked this way.

Share this post


Link to post
Share on other sites

Germ,

I am having problems with my site. everything was working to my knowledge and we were able to check out. my provider (Network Solutions) changed or upgraded their PHP and I started getting errors about eregi and have been fixing them with preg_match. at the same time I have been checked for PCI compliance. they say my cert is not correct. all my browsers say that there is a valid ssl cert in place but I the SSL checks in OsCom don't pass, but I get the Blue Bar and Locked Lock. I have installed your checker files can you check this for me.

 

David

I PMed my site address to you.

Share this post


Link to post
Share on other sites

if I check the $_SERVER['HTTPS'] environment variable it returns NULL . Does this indicate a not secure connection?

Share this post


Link to post
Share on other sites

Are you using IIS rather than Apache for a server? Different servers use different ways to deal with SSL. Some have getenv('HTTPS') returning 'on' or '1', while others require you to look at the port number (see previous page). You may have to do some snooping around your code to see where $_SERVER['HTTPS'] gets set, and possibly set it manually, or at least investigate (with your host) why it's NULL instead of some expected value. I don't even see $_SERVER['HTTPS'] used in the vanilla code -- is this used in an add-on? See http://us.php.net/manual/en/reserved.variables.server.php . Note that this listing warns that there is no guarantee that any of these $_SERVER elements will be defined!

Share this post


Link to post
Share on other sites
if I check the $_SERVER['HTTPS'] environment variable it returns NULL . Does this indicate a not secure connection?

 

Your config file is screwed up because the shop is SSL all the time. Read this.

 

It applies to you as well.

Share this post


Link to post
Share on other sites

I have enabled SSL in oscommerce installation. In our secure pages (eg )https://farma10.com/farmacia-online/login.php IE and Chrome warn about non secure content. I check that all image and link pathes are relative.

In IE I can see that it does not load the stylesheet (the page is displayed with the images but without styles). If I see the source code from IE, I see

 [/color]
<base href="http://farma10.com/farmacia-online/">
[color="#000000"]

when it should be with the 's'. After reading this threat I think the problem is in application_top.php but any change that you propose for

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

didn't work.

Could you please guide me to solve the problem?

My includes/configure.php:

 define('HTTP_SERVER', 'http://farma10.com');
 define('HTTPS_SERVER', 'https://farma10.com');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', '.farma10.com');
 define('HTTPS_COOKIE_DOMAIN', '.farma10.com');
 define('HTTP_COOKIE_PATH', '/farmacia-online/');
 define('HTTPS_COOKIE_PATH', '/farmacia-online/');
 define('DIR_WS_HTTP_CATALOG', '/farmacia-online/');
 define('DIR_WS_HTTPS_CATALOG', '/farmacia-online/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');[/color]
[color="#000000"]

 

My myenv.php:

Version 1.2[/b][/color]
[color="#000000"]SSL Variables[/color]
[color="#000000"]HTTP HOST: [][/color]
[color="#000000"]Server Port: [80][/color]
[color="#000000"]SSL Status: [undefined!][/color]
[color="#000000"]Fowarded Server: [farma10.com][/color]
[color="#000000"]Fowarded Host: [farma10.com][/color]
[color="#000000"]Fowarded By: [undefined!][/color]
[color="#000000"]$_SERVER['HTTPS']: [undefined!][/color]
[color="#000000"]Warning!!![/color]
[color="#000000"]The standard osC SSL detection code in /includes/application_top.php may NOT detect your SSL status correctly!!![/color]
[color="#000000"]

 

NONSSL Variables
HTTP HOST: []
Server Port: [80]
SSL Status: [undefined!]
Fowarded Server: [undefined!]
Fowarded Host: [undefined!]
Fowarded By: [undefined!]
$_SERVER['HTTPS']: [undefined!]
Load: 1

My cfgchk.php:

[b]File Permissions:[/b] [b]0444[/b]

Found HTTPS_SERVER:

[b]define('HTTPS_SERVER', 'https://farma10.com');[/b]

[b]HTTPS URL passed check![/b]

Found ENABLE_SSL.

[b]define('ENABLE_SSL', true);[/b]

[b]SSL enable passed check![/b]

Found HTTPS_COOKIE_DOMAIN:

[b]define('HTTPS_COOKIE_DOMAIN', '.farma10.com');[/b]

[b]HTTPS_COOKIE_DOMAIN line parsed![/b]



Parsing application_top.php for SSL detection key...

Found SSL detection key:

[b]$request_type = (getenv('HTTPS') == 'on') ? [/b][b]'SSL' : 'NONSSL';[/b]



Done!

 

 

Thank you,

Santi

Share this post


Link to post
Share on other sites

I contacted the server and they informed me that the variable used is HTTP_HTTPS. I placed in application_top:

$request_type = ($_SERVER['HTTP_HTTPS'] == 'on') ? 'SSL' : 'NONSSL';

and works perfectly.

Thank you very much, Jim.

Santi

Share this post


Link to post
Share on other sites

Hi Germ,

I have been having the same issue as above, where all browsers are giving a mixed content warning when entering the cart. The shop is still under development but it's release has been delayed due to this problem. I have installed all of your test files in the cataloge can you please have a look at what is causing this problem? I will pm you my site if you could please help.

Thanks,

Glenn

Share this post


Link to post
Share on other sites

You must be on one of those servers that have different folders for SSL and NONSSL.

 

You'll need to copy the contribution files to the SSL folders for them to work.

Share this post


Link to post
Share on other sites

Hi Yes you are correct. The hosting company set up a secure folder and copied all of my shop from the public folder to the secure folder. I just realized they copied the files before I modded the configure files, could this be the issue? I just uploades your test file to the secure folder could you please have a look?

Thanks for the help, I was really getting fustrated dealing with Bell Hosting (3 techs and 3 different answers).

Share this post


Link to post
Share on other sites

Looks like you've diagosed the problem correctly.

 

From what I can see if you copy the /shop/includes/configure.php file from the NONSSL folder to the SSL folder you'll probably be good to go

Share this post


Link to post
Share on other sites

Yes I was just coming back to tell you I copied the admin/includes/configure.php as well and now I am getting the Google green bar!

Thank you so much for pointing me in the correct direction!!!!

Glenn

Share this post


Link to post
Share on other sites