Jump to content

Archived

This topic is now archived and is closed to further replies.

tim_ver

Add SSL to site - Next Steps?

Recommended Posts

I just installed the SSL certificate on my domain, and wanted to know what files I need to update/change/modify now. I am using Oscommerce version 2.3.3.3.

Share this post


Link to post
Share on other sites

You need to modify both the includes/configure.php and admin/includes/configure.php files. You should also look at this thread.

Share this post


Link to post
Share on other sites

Ok, thanks. I looked at the thread and I have done some of these already. Have few questions though.

 

 

1.) Move the .htpasswd file: So I move the .htpasswd_oscommerce file from the default location Catalog/Admin/ to Catalog/ ?

 

2.) Move the complete admin - Do you have a step by step on how to do this please?

 

3.) Install one of the trap programs - Are these in the addon's area? I checked and could not find any of them for my version (searching for version 2.3).

Share this post


Link to post
Share on other sites

The htpasswd file should be above the web directory. If you are using 2.3, I'm not sure you can do that without editing the code, though I've not looked at it. But if you are using the .htaccess method with 2.3, you should be using the servers option of password protection so that you can change the username and password. And, in that case, you can place that file where you like.

 

The admin is just a directory that you access through the domain name. If your shop is already in the root of the shop, then you can't move the admin, unless you have another server, which would be overkill, I think. But if your shop is in a sub-directory already, like ...com/shop, your admin would be something like ...com/shop/admin. In that case, it could be moved so that it is at ...com/admin.

 

I haven't checked on all of the addons but they are there. View Counter is here (it's mine so I know its location). You can search for the others but they are there.

Share this post


Link to post
Share on other sites

Ok, I updated both configure.php files for the first few lines of code as seen below.

 

 

Catalog:

 

<?php

define('HTTP_SERVER', 'http://www.domain.com');

define('HTTPS_SERVER', 'https://www.domain.com');

define('ENABLE_SSL', true);

 

 

Admin:

 

<?php

define('HTTP_SERVER', 'http://www.domain.com');

define('HTTP_CATALOG_SERVER', 'http://www.domain.com');

define('HTTPS_CATALOG_SERVER', 'https://www.domain.com');

define('ENABLE_SSL_CATALOG', 'true');

 

 

 

But I get a triangle next to the domain address now (not the padlock symbol) with an explenation point in it - when I click it it says the following: This website does not supply identity information

 

The connection to this website is not fully secure because it contains unencrypted elements (such as images)

 

 

What am I missing here, how do I fix this issue and get the padlock displayed (full encryption) instead of the triagle with the explenation point?

Share this post


Link to post
Share on other sites

For the shop side, it might be that you are trying to view a page that isn't meant to be secure. Try clicking on the my account or login link on the site. It should switch to ssl mode with no errors. It could also mean that you have non-secure links on a secure page. For the admin, read this post.

Share this post


Link to post
Share on other sites

I went to the acount page and it still shows the triangle with the exclamation point on it. I have attached a screen shot also - post-10653-0-74392000-1401818059_thumb.jpg

 

 

How do I fix this issue?

Share this post


Link to post
Share on other sites

It appears to be saying two things:

  1. It doesn't like something about your SSL certificate. This is independent of osC. You'll have to consult with whoever sold you (or installed) the certificate.
     
  2. You have some http: items (images, javascript, css, etc.) embedded on your page. Are you trying to apply SSL https: to pages that are not normally SSL?

Share this post


Link to post
Share on other sites

That error means that you have insecure content on a secure page. You need to find the insecure content and make it secure.

 

Instead of letting guys like @@Jack_mcs and @@MrPhil use their cystal ball to try to guess your sites problems and then try to guess a solution, why not just post a link to a problematic page at your site. If you don't want to write your URL in this forum, tinyurl it. Help us to help you.


Help shape the future of Phoenix; join the Phoenix Club

Share this post


Link to post
Share on other sites

Hi - run an https page through www.whynopadlock.com and you'll get the results - on the page I'm looking at it's saying just one insecure item:

 

Insecure URL: /images/STORE2.png

 

Somewhere in your site template there's a link to that image - try changing it to use the tep_href_link with SSL option or simply to relative link

Share this post


Link to post
Share on other sites

ok, I though by default in the config file image folder was ssl protected? Can you provide more info on how to do this fix?

Share this post


Link to post
Share on other sites

Folders (directories) are not SSL "protected". You can add .htaccess protection and various other things to keep people out of folders. SSL only encrypts traffic between the browser and the server, so that someone tapping the line in-between and listening in won't easily be able to view the plain text.

Share this post


Link to post
Share on other sites

×