Jump to content
ahjeff

Oscommerce setting to SSL Certificates from http to https

Recommended Posts

Posted (edited)

Conclusion to setting SSL Certificates in oscommerce v2.3.3.1

Most copy from others and I keep on try and error to test. Feel free to correct .

 

1.    You need to set a Certificates some hosting provide free cert. ( in cPanel , icon “SSL Certificates”, one need to make sure to check if there is "Force SSL with https redirect” is checked. )

 

2.    change in "includes/configuration.php", ( and remember to set the permission back to 444 after modify )

  define('HTTP_SERVER', 'https://www.domain.com'); // eg, http://localhost - should not be empty for productive servers

  define('HTTPS_SERVER', 'https://www.domain.com'); // eg, https://localhost - should not be empty for productive servers

  define('ENABLE_SSL', true); 

  define('HTTP_COOKIE_DOMAIN', 'www.domain.com');

  define('HTTPS_COOKIE_DOMAIN', 'www.domain.com');

 

3.    change in “admin/includes/configuration.php” to :

  define('HTTP_SERVER', 'https://www.domain.com'); // eg, http://localhost - should not be empty for productive servers
  define('HTTP_CATALOG_SERVER', 'https://www.domain.com');
  define('HTTPS_CATALOG_SERVER', 'https://www.domain.com');
  define('ENABLE_SSL_CATALOG', 'true'); 

 

4.    Change inside of the store admin panel go to Configuration ->> Sessions: and change to theses values:

 

Force Cookie Use      True  

Check SSL Session ID  True  

Check User Agent      True  

Check IP Address      True  

Prevent Spider Sessions      True  

Recreate Session      True  

5.    Change .htaccess:

 

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

 

<IfModule mod_headers.c>

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

Header unset X-Powered-By

Header unset Server

Header set X-Content-Type-Options "nosniff"

Header set X-XSS-Protection "1; mode=block"

<FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$">

    Header unset X-XSS-Protection

</FilesMatch>

</ifModule>

 

 

=============================================

 

 

Remark :

A.      Here is the what many people find problem

 

 

When you go to https site, but the browser will show your site is not secure.

 

ssl_error.jpg

 

Funny is Microsoft Edge will show secure but NOT for Chrome or Opera.

 

Most sites do not mention changing in "includes/configuration.php"

define('HTTP_SERVER', 'http://www.domain.com')  “ to  define('HTTP_SERVER', 'https://www.domain.com') 

 

Some because the site have external insecure http link . (  e.g.  image link to http://xx )

But what I working on is a simply shop. No such error but still have the above ‘your site is not secure.’

This is because inside your page those link still link to insecure http ( e.g. your products link ).  Funny is when you click this product, it will go to a secure https site. But when you copy the link , it shows insecure http.

Thus just simply make all to https .

 

B.      Or losing the CSS, images and layout ( copy from user gassko )

 

ssl_error-2.png

 

 

clear the browser cache.

 

=============================================

 

 

Edited by ahjeff

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×