Zuncan Posted June 30, 2004 Posted June 30, 2004 Hi! Im totally new to this. My site is almost finished but in the admin it says that im not ssl protected. What do I need to do? Dont have a clue. Can someone please help me out or post a link to a good page/topic that explains it all? /Zuncan So what?! Who care in a hundred years anyway?
kmacc Posted June 30, 2004 Posted June 30, 2004 Hi, you need to go to your configuration file at \catalog\includes\configue.php Make sure you back it up. Find the line: define('HTTPS_SERVER', 'https://yourwebsite.com'); // eg, https://localhost - should not be empty for productive servers (which is at the top define codes) and make it as a http://yourwebsite.com. found at http://www.oscommerce.com/forums/index.php?sho...=0entry300520
Zuncan Posted June 30, 2004 Author Posted June 30, 2004 Thanks! That sounds easy So what?! Who care in a hundred years anyway?
tygrr Posted June 30, 2004 Posted June 30, 2004 i don't know much about php coding, but doesn't that make it non ssl? I have the same question, how do i navigate to my admin and stay in https? even if i typed it in https, when i link to other pages, it goes back to http. any help would be great
Jack_mcs Posted July 1, 2004 Posted July 1, 2004 In order to use ssl you have to have an ssl certificate installed (you have to buy this) or, if your host offers it, you can use their certificate. The latter is called shared ssl. Once you have either of these, you need to edit your includes/configure.php file. There are two places (IIRC) to add the url for the certificate and you will need to set the ENABLE_SSL option to true. This will make it work for your shop. If you want it to work for admin, you will need to change the configure.php file in admin/includes. However, this isn't a very good idea, IMO. It is a waste of bandwidth and doesn't accomplish anything that I can think of. HTH, Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
tygrr Posted July 1, 2004 Posted July 1, 2004 Hi Jack, Thanks for your help! I have a shared ssl webhost since I currently use it for the catalog. My friend is trying to do the same thing (make admin secure) and he has an SSL certificate I was wondering, what fields need to be edited in admin/includes/configure.php? Are these the fields, and do I have them correct? define('HTTPS_CATALOG_SERVER', 'https://host186.ipowerweb.com'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module These are the current settings I have, and the admin is still under http rather than https. And if it does work, why does it not accomplish anything? Does that mean that information transferred in admin is still vulnerable to hacking? I'm thinking right now about the cc username and transaction keys, as well as entering customer info, etc.
Jack_mcs Posted July 1, 2004 Posted July 1, 2004 I think for admin you also have to set the define('HTTP_SERVER' to use the ssl so it should be define('HTTP_SERVER', 'https://host186.ipowerweb.com'); Are you collecting the buyer's credit card number yourself? If not, you are pretty much wasting your time, IMO. If you are concerned about someone getting into admin, there is a contribution that adds a password before you can access it. What customer info do you enter? That should all be done on the catalog side unless you are taking phone orders. But even then, you can install the master password contribution and enter everything from the catalog side without bothering with admin. SSL only protect data that is being trasmitted so the lack of security in admin seems triial to me. But maybe someone more knowledgeable has a different opinion. You may want to try searching the forums with the words secure and admin. I'm sure this has come up before. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
ChrisKassa Posted July 13, 2004 Posted July 13, 2004 I have the same problem with admin reverting to a non-ssl connection. I would argue that when viewing customer orders (which contain credit card info), I would think the admin section SHOULD be connected to via SSL. Please advise on the matter. Also what about the SQL database itself? Is that secure? Thanks, Chris
wootang Posted July 13, 2004 Posted July 13, 2004 I've done everything you said in configure PHP for both admin and catalog. The site still reverts back to non-ssl protected connection for both signup and login processes, and admin control panel. Changing these parameters in the configure.php is having little to no effect on my site. If I try to navigate from https://mysite.com/catalog it goes back to http:// and the lock disappears. There has to be an easier way to set this all up.
AlanR Posted July 13, 2004 Posted July 13, 2004 I've done everything you said in configure PHP for both admin and catalog. The site still reverts back to non-ssl protected connection for both signup and login processes, and admin control panel. Changing these parameters in the configure.php is having little to no effect on my site. You may have an extra configure.php file in the includes/local directory. http://www.oscommerce.com/forums/index.php?sho...ic=101262&st=10 (wickeddivine's post) and follow on. She had this problem. Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)
tec Posted July 14, 2004 Posted July 14, 2004 wow,looks busy in here... have a question client bought an SSl, not installed in the cart yet though but.. when i go from the base site which is http and click on 'new account' , 'my account' or 'check out' it gos to https and i get a 404 any ideas?
nate_02631 Posted July 18, 2004 Posted July 18, 2004 Yup, means you either didn't specify the SSL address correctly in the config.php or the SSL cert hasn't been correctly setup to point to your web space... P.S. For those of you that want the customer and order portions of the admin to always access via secure mode, try my simple mod below... (Rest of admin in standard mode to streamline catalog admin use)... http://www.oscommerce.com/community/contributions,2274 ** Please do not PM with personal support requests (even if offering "payment"). Thank you.
d4m4g3 Posted August 9, 2004 Posted August 9, 2004 Your site must also have an SSL certificate. Not all servers provide them most because they can be very expensive require you to purchase one, which can run about 100.00 per year. Some servers do have shared ssl certificates that they use for all thier customers.
tec Posted August 10, 2004 Posted August 10, 2004 i have the SSl set up on the server now but am a little lost as to what i do with the config. this is mine now. define('HTTP_SERVER', 'http://www.rejexusa.com'); // eg, http://localhost - should not be empty for productive servers define('HTTP_CATALOG_SERVER', 'http://www.rejexusa.com'); define('HTTPS_CATALOG_SERVER', 'https://www.rejexusa.com'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module define('DIR_FS_DOCUMENT_ROOT', '/home/rejexus/public_html/cart/'); // where the pages are located on the server define('DIR_WS_ADMIN', '/cart/admin/'); // absolute path required define('DIR_FS_ADMIN', '/home/rejexus/public_html/cart/admin/'); // absolute pate required
Recommended Posts
Archived
This topic is now archived and is closed to further replies.