Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Get SSL to work


Zuncan

Recommended Posts

Posted

Hi!

 

Im totally new to this. My site is almost finished but in the admin it says that im not ssl protected.

 

What do I need to do? Dont have a clue.

Can someone please help me out or post a link to a good page/topic that explains it all?

 

/Zuncan

So what?! Who care in a hundred years anyway?

Posted

Hi,

 

you need to go to your configuration file at \catalog\includes\configue.php

Make sure you back it up.

 

Find the line:

define('HTTPS_SERVER', 'https://yourwebsite.com'); // eg, https://localhost - should not be empty for productive servers

(which is at the top define codes)

 

and make it as a http://yourwebsite.com.

 

found at http://www.oscommerce.com/forums/index.php?sho...=0entry300520

Posted

i don't know much about php coding, but doesn't that make it non ssl? I have the same question, how do i navigate to my admin and stay in https? even if i typed it in https, when i link to other pages, it goes back to http. any help would be great

Posted

In order to use ssl you have to have an ssl certificate installed (you have to buy this) or, if your host offers it, you can use their certificate. The latter is called shared ssl. Once you have either of these, you need to edit your includes/configure.php file. There are two places (IIRC) to add the url for the certificate and you will need to set the ENABLE_SSL option to true. This will make it work for your shop. If you want it to work for admin, you will need to change the configure.php file in admin/includes. However, this isn't a very good idea, IMO. It is a waste of bandwidth and doesn't accomplish anything that I can think of.

 

HTH,

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Posted

Hi Jack, Thanks for your help!

 

I have a shared ssl webhost since I currently use it for the catalog. My friend is trying to do the same thing (make admin secure) and he has an SSL certificate

 

I was wondering, what fields need to be edited in admin/includes/configure.php? Are these the fields, and do I have them correct?

 

define('HTTPS_CATALOG_SERVER', 'https://host186.ipowerweb.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

These are the current settings I have, and the admin is still under http rather than https. And if it does work, why does it not accomplish anything? Does that mean that information transferred in admin is still vulnerable to hacking? I'm thinking right now about the cc username and transaction keys, as well as entering customer info, etc.

Posted

I think for admin you also have to set the

define('HTTP_SERVER'

to use the ssl so it should be

define('HTTP_SERVER', 'https://host186.ipowerweb.com');

Are you collecting the buyer's credit card number yourself? If not, you are pretty much wasting your time, IMO. If you are concerned about someone getting into admin, there is a contribution that adds a password before you can access it. What customer info do you enter? That should all be done on the catalog side unless you are taking phone orders. But even then, you can install the master password contribution and enter everything from the catalog side without bothering with admin. SSL only protect data that is being trasmitted so the lack of security in admin seems triial to me. But maybe someone more knowledgeable has a different opinion. You may want to try searching the forums with the words secure and admin. I'm sure this has come up before.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

  • 2 weeks later...
Posted

I have the same problem with admin reverting to a non-ssl connection.

 

I would argue that when viewing customer orders (which contain credit card info), I would think the admin section SHOULD be connected to via SSL.

 

Please advise on the matter. Also what about the SQL database itself? Is that secure?

 

Thanks,

Chris

Posted

I've done everything you said in configure PHP for both admin and catalog.

The site still reverts back to non-ssl protected connection

for both signup and login processes, and admin control panel.

 

Changing these parameters in the configure.php is having little to no effect on my site.

 

If I try to navigate from https://mysite.com/catalog

 

it goes back to http:// and the lock disappears. There has to be an easier way to set this all up.

Posted
I've done everything you said in configure PHP for both admin and catalog.

 

The site still reverts back to non-ssl protected connection

for both signup and login processes, and admin control panel.

 

Changing these parameters in the configure.php is having little to no effect on my site.

You may have an extra configure.php file in the includes/local directory.

 

 

http://www.oscommerce.com/forums/index.php?sho...ic=101262&st=10

 

(wickeddivine's post) and follow on. She had this problem.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted

wow,looks busy in here...

have a question

client bought an SSl, not installed in the cart yet though but..

when i go from the base site which is http and click on 'new account' , 'my account' or 'check out' it gos to https and i get a 404

 

any ideas?

Posted

Yup, means you either didn't specify the SSL address correctly in the config.php or the SSL cert hasn't been correctly setup to point to your web space...

 

P.S. For those of you that want the customer and order portions of the admin to always access via secure mode, try my simple mod below... (Rest of admin in standard mode to streamline catalog admin use)...

 

http://www.oscommerce.com/community/contributions,2274

** Please do not PM with personal support requests (even if offering "payment"). Thank you.

  • 3 weeks later...
Posted

Your site must also have an SSL certificate. Not all servers provide them most because they can be very expensive require you to purchase one, which can run about 100.00 per year. Some servers do have shared ssl certificates that they use for all thier customers.

Posted

i have the SSl set up on the server now but am a little lost as to what i do with the config. this is mine now.

 

define('HTTP_SERVER', 'http://www.rejexusa.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTP_CATALOG_SERVER', 'http://www.rejexusa.com');
 define('HTTPS_CATALOG_SERVER', 'https://www.rejexusa.com');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', '/home/rejexus/public_html/cart/'); // where the pages are located on the server
 define('DIR_WS_ADMIN', '/cart/admin/'); // absolute path required
 define('DIR_FS_ADMIN', '/home/rejexus/public_html/cart/admin/'); // absolute pate required

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...