Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Switching from No SSL to SSL


bherbert

Recommended Posts

Hello. This may have already been answered elsewhere on the website but I looked for a bit and couldn't seem to find anything.

 

We have an OSCommerce site set up that doesn't use SSL Certificates. We are going to be purchasing one and when the website goes live, we would like to have it use the certificate.

 

Is this a painful process? How would I go about enabling the site to use the SSL certificate?

 

I don't want to lose any settings or data that has already been entered into the site.

 

Thanks in advance for the help!!!

-Brian Herbert

Link to comment
Share on other sites

After your Hosting provider will have install the ssl certificate, you will just have Change the setting in both your catalog and admin/includes/configure.php to reflect your ssl url and change the "enable ssl" to true

 

The_Bear

Link to comment
Share on other sites

Thanks that helped a lot for me. Works perfect.

 

Just to clarify for anyone else the paths are catalog/includes/configure.php

and admin/includes/configure.php

 

Make sure to add that / in https cookie path etc

Link to comment
Share on other sites

OK, almost perfect. I have no problem for users, but links in admin do not point to https:// only http://. I changed the lines in admin/includes/configure.php. Where else might I need to make a change? Thanks

 

Nevermind, I changed this line even though didn't see right since it said http server and not https server but it works and most importantly it didn't force https on customer pages not needing https

 

define('HTTP_SERVER', 'https://mydomain.com'); // eg, http://localhost - should not be empty for productive servers

Link to comment
Share on other sites

Somewhat along these lines...

 

I changed hosts and now my https: pages (create account.php, etc. and I do have a SSL cert) are coming up with the dreaded pop-up security box that reads:

 

<<Security Information

 

This page contains both secure and nonsecure items.

 

Do you want to display the nonsecure items?>>

 

It's coming up on every single page that is supposed to be secure. How can I get rid of this box?

 

If I say, "No" then I get the lock box, if I say, "Yes" I don't have a lock box.

 

Is it a cookie thing?

Link to comment
Share on other sites

Ok, I am having an issue where I can view my webpage perfectly without SSL. However, once a customer clicks on the log in section, all of the images turn to the dreadful red "X". I can log into my admin section using SSL and view the same pictures (logos) without any issues?

 

Any ideas what the heck is going on?

 

Thanks!

Link to comment
Share on other sites

EX:

 

define('HTTP_SERVER', 'http://mydomain.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://mydomain.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'mydomain.com');
 define('HTTPS_COOKIE_DOMAIN', 'mydomain.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');

Link to comment
Share on other sites

Can someone help me with this?

I really know nothing about how SSL works, but I believe I have it all set up right - yet it is not working. All pages of my site load as the "unsecure" versions.

I edited the two config files, but I'm not sure if I have them set up right as I don't really understand SSL, so there's no logic in my editing if you know what I mean.....

I have shared SSL, so maybe that's the problem?

Here is the code for my two config files:

(admin)

define('HTTP_SERVER', 'http://sunshineshop.us'); // eg, http://localhost or - https://localhost should not be NULL for productive servers
 define('HTTP_CATALOG_SERVER', 'http://sunshineshop.us');
 define('HTTPS_CATALOG_SERVER', 'https://sunshineshop.infinology.com');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)
 define('DIR_WS_ADMIN', '/admin/');
 define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);
 define('DIR_WS_CATALOG', '/catalog/');
 define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

// define our database connection
 define('DB_SERVER', '');
 define('DB_SERVER_USERNAME', 'mysql');
 define('DB_SERVER_PASSWORD', '');
 define('DB_DATABASE', 'osCommerce');
 define('USE_PCONNECT', 'false');
 define('STORE_SESSIONS', '');

 

catalog:

define('HTTP_SERVER', 'http://sunshineshop.us'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://sunshineshop.infinology.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'sunshineshop.us');
 define('HTTPS_COOKIE_DOMAIN', 'sunshineshop.us');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']));
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
 define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', '');
 define('DB_SERVER_PASSWORD', '');
 define('DB_DATABASE', 'osCommerce');
 define('USE_PCONNECT', 'false'); // use persistent connections?
 define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

 

do those look right?

Link to comment
Share on other sites

Heather, can you confirm that the configuration files exist in

 

catalog/includes/configure.php

admin/includes/configure.php

 

and that there is no configure.php files in these directories:

 

catalog/includes/local/

admin/includes/local/

 

The configuration files you posted above look correct, and all HTTPS related links should point to the HTTPS domain.

 

There is one problem though with the secure cookie domain, it should be 'sunshineshop.infinology.com', though that's not the solution to why the HTTPS address is not being used.

:heart:, osCommerce

Link to comment
Share on other sites

Ok I just deleted the configure files in the local directories, and it broke my site. Got an error about something done wrong in database.php.

So I put them back.

 

So should I be editing those instead? Why are they there? I'm not sure if this matters, but my web hosting account came with OSC. All you do is click a button in my hosting control panel, and OSC is installed. Maybe it's some wierd thing because of that situation that my web host needs them to be there?

The are identical, and look like this:

<?
 define('HTTP_SERVER', 'http://sunshineshop.us');
 
 define('DIR_FS_DOCUMENT_ROOT', '/hsphere/local/home/sapphire/sunshineshop.us/');
 define('DIR_FS_LOGS', '/hsphere/local/home/sapphire/logs/sunshineshop.us');
 
 define('ENABLE_SSL', 0);
// define our database connection
 define('DB_SERVER', 'sql1.infinology.com');
 define('DB_SERVER_USERNAME', 'mydbusername');
 define('DB_SERVER_PASSWORD', 'mydbpass');
 define('DB_DATABASE', 'sapphir_sunshineshopstore');
 define('CONFIGURE_STATUS_COMPLETED', 1);
 define('USE_PCONNECT', 'false');
 define('STORE_SESSIONS', 'mysql');
?>

Link to comment
Share on other sites

Check and see if there's another configure.php in the includes/local directory.

 

If there is, rename it or delete it.

 

Oops, should have read backwards.

 

Make sure the configure.php file in the includes directory is correct. Open the local one and make sure that all the data in there is reflected in the main (includes/configure.php) one.

 

Usually if there's a difference it's in the db settings and the primary one is incorrect.

 

Or you can just set the local one up with the ssl settings but it's confusing to have two configure.php files.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

It's 'true'

 

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

It's usuful to understand why there is an extra one in /local (there's not always one there, some installations end up with it and others not).

 

It's a developer tool so that someone can play around without changing the main file. It's tested for in application_top.php and if it exists it overrides the main one since it's included later.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

With a normal OSC installation are those local directories there?

Nope.

 

Read my last post above.

 

I have never figured out why some installations end up with it and others not.

 

What I would do is to compare the two files side by side, make sure the primary one is correct, then rename the local one and test the site. It doesn't hurt anything but it's confusing to have two.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

I have another question.

The SSL is working now, but whenever a secure page loads, that annoying do you want to display the non-secure items pop up comes up when using IE. Is that normal?

Shouldn't happen, let me have a look.

 

Be right back.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...