Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

https


jschoaf

Recommended Posts

My site runs now in mydomain.com/shop but when checkout comes up to 2checkout it says the data was not secure, so i bought a cert and installed it so now my https is secure, butthe site doesnt go tthe HTPPS folder and if it did, nothing is in my HTTPSDOCS folder only the httpdocs folder,

Do I copy the ENTIRE site over to the https? and then change some config?

 

 

Please help

Link to comment
Share on other sites

My site runs now in mydomain.com/shop but when checkout comes up to 2checkout it says the data was not secure, so i bought a cert and installed it so now my https is secure, butthe site doesnt go tthe HTPPS folder and if it did, nothing is in my HTTPSDOCS folder only the httpdocs folder,

Do I copy the ENTIRE site over to the https? and then change some config?

Please help

 

I've encountered a number of posts with this question. I also have the same problem. You have two root directories one secure and one insecure. I couldn't get any good feedback so I'm hacking apart the php files right now. I'll let you know what the new file structure is after testing.

Link to comment
Share on other sites

I've encountered a number of posts with this question. I also have the same problem. You have two root directories one secure and one insecure. I couldn't get any good feedback so I'm hacking apart the php files right now. I'll let you know what the new file structure is after testing.

 

 

 

I couldnt find an answer either...

 

it cant be that hard

Link to comment
Share on other sites

I'm working on https also, for testing I changed the includes/configure.php so http and https match.

 

define('HTTP_SERVER', 'http://www.mywebsite.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'http://www.mywebsite.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL',true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', www.mywebsite.com');

define('HTTPS_COOKIE_DOMAIN', 'www.mywebsite.com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

That works but it's unsecure.

 

my https://secure.440music.com isn't working yet but the certificate is installed. Once I get that working I believe the rest will follow. Have you confirmed that the https is working? to test add a simple index.html file to the secure directory.

 

Got it working as I responded to this post, here is what I did.

 

In the catalog directory I added an index.html file with a 0 refresh and that points to index.php. (don't ask it's the server) I had to point the httpd.conf file so the https path was not the same as the http path. the results in the include/configure.conf file is:

 

define('HTTP_SERVER', 'http://www.mywebsite.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://secure.mywebsite.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL',true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.mywebsite.com');

define('HTTPS_COOKIE_DOMAIN', 'secure.mywebsite.com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/');

 

notice that the path for HTTP_COOKIE_DOMAIN and HTTPS_COOKIE_DOMAIN are not the same. et DIR_WS_HTTP_CATALOG and DIR_WS_HTTPS_CATALOG.

 

Hope this helps,

Tom

B)

Link to comment
Share on other sites

The reason you get 2 directories is that your host is using Plesk to set your site up, that's the default configuration Plesk gives you. I think Cpanel gives you 2 dirs like this too.

 

 

If you have a cert, then you need to use the httpsdocs directory. According to my Plesk-installed http.conf, all port 443-traffic (SSL) goes to the httpsdocs directory. To secure your checkout, you just need to copy the relevant files across to that directory (I recommend copying everything across, oscommerce doesn't take up much disk space until you start adding product images)

 

 

If you have a certificate, and you don't want to move the secure oscommerce pages into the httpsdocs directory, then you can create a symbolic link from the httpsdocs to the httpdoc directory.

ln -s httpdocs httpsdocs
chown usr grp httpsdocs

is how you do it, but you'll need to be root to delete the old httpsdocs dir. Don't forget to chown the symlink to the user the dir used to be. If you cannot become root, then I would create the link inside the httpsdocs directory called catalog that points to your httpdocs/catalog directory. eg.

cd httpsdocs
ln -s ../httpdocs/catalog catalog

naturally, if you move your admin dir out of the catalog directory, then you'll have to link that too.. though, thinking about it, you only need the admin dir in the httpsdocs directory.

 

 

Also, be careful what your certificate url is, if you get it wrong (you need to set the url in your configure.php to be the same as that in your certificate otherwise checkout links will not appear secured - a common mistake is having your site as mydomain.com, but your cert secures www.mydomain.com)

Link to comment
Share on other sites

I have the syumlink wokring and owned, but when viewing those pages i am getting an internet explorer box warning me that not all content is secure...

and ask me if i want to show insecure content.. if i click

NO then it shows everything fine... any clue how to stop this pop up

?

 

The reason you get 2 directories is that your host is using Plesk to set your site up, that's the default configuration Plesk gives you. I think Cpanel gives you 2 dirs like this too.

If you have a cert, then you need to use the httpsdocs directory. According to my Plesk-installed http.conf, all port 443-traffic (SSL) goes to the httpsdocs directory. To secure your checkout, you just need to copy the relevant files across to that directory (I recommend copying everything across, oscommerce doesn't take up much disk space until you start adding product images)

If you have a certificate, and you don't want to move the secure oscommerce pages into the httpsdocs directory, then you can create a symbolic link from the httpsdocs to the httpdoc directory.

ln -s httpdocs httpsdocs
chown usr grp httpsdocs

is how you do it, but you'll need to be root to delete the old httpsdocs dir. Don't forget to chown the symlink to the user the dir used to be. If you cannot become root, then I would create the link inside the httpsdocs directory called catalog that points to your httpdocs/catalog directory. eg.

cd httpsdocs
ln -s ../httpdocs/catalog catalog

naturally, if you move your admin dir out of the catalog directory, then you'll have to link that too.. though, thinking about it, you only need the admin dir in the httpsdocs directory.

Also, be careful what your certificate url is, if you get it wrong (you need to set the url in your configure.php to be the same as that in your certificate otherwise checkout links will not appear secured - a common mistake is having your site as mydomain.com, but your cert secures www.mydomain.com)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...