Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL Problem: Secure to Non-Secure Warning, No Lock


Keg

Recommended Posts

Hey Everyone...

 

I'm still having problems, after a month of toying with this "Shared SSL Certificate" off and on, I'm sincerely thinking about not even using a SSL certificate...this is absolutely Rediculous! Actually...it's disgusting :x

 

Here's My problem Again in a Nutshell (when using my shared ssl certificate):

 

1. Window pops up when logging into account, window says it's going from a secure to non-secure page....what's that all about??!! I wouldn't buy smack from a store that said that razz ma' tazz !!!

 

2. My lock does not show up unless I secure EVERYTHING...I don't want to secure everything, just the vital info that needs to be secured.

 

3. Followed Every instruction know to man, but still can't get the above to work and cannot even get the admin side secured...

 

I almost give up... :'( But I can't give up because my shop is about complete (I think), the major issue is this SSL problem...believe me, I've read through countless posts and cannot get this resolved.

 

Anyone Anywhere Have ANY suggestions? >_<

 

P.S. Short Reminder...my certificate is a shared SSL, but that should not have anything to do with anything as far as I know...this is my shared ssl

 

https://ssl.perfora.net/mydomain.com

 

Anyone Anywhere and Everywhere....have any detailed suggestions on what to do, how to get there, and FINALLY resolve this buggard and get the above 3 sickening problems to finally get fixed after almost two months of wasted time :wacko: ...I'm going crazy here, seriously!

 

P.S.S. If anyone is also interested...here is my original post for a more in-depth analysis of this stupid problem I started having about almost a month ago or more, etc

 

http://www.oscommerce.com/forums/index.php?sho...ndpost&p=455037

 

P.SSS ...Would buying a Paid SSL make any difference?...I don't see why it would, should work the same...other people have gotten their "shared ssl" to work, why can't I?

"Beer is proof that God loves us and wants us to be happy." - Benjamin Franklin

Link to comment
Share on other sites

  • Replies 58
  • Created
  • Last Reply

please post your configure.php plus your alias from your host and who your host is. we cant get anywhere without that. your shared ssl is not https://ssl.perfora.net/mydomain.com we need the actual alias from the host to prove ssl is working or not. help us help you by you posting the info, else nothing will ever get resolved.

Link to comment
Share on other sites

I'm having similar trouble (item 1) and a happy resolution to another (item 2)

1) I have a dedicated ssl through my host with Geotrust. In the catalog side, it goes smoothly from secure to non-secure as needed to make sure the proper docs sent are encrypted but the non security docs don't eat up band. This is good. But there's something about the setup in osc I must be missing (or isn't built right) because I, too, must secure both the http and the https in config to keep the lock showing in IE. I use Opera which lets me see that there is an issue with something on the pages that isn't showing secure even though the page is considered secure. https shows in the url and the cert button from geotrust say it's secure but so many folks look for the lock icon and abandon the cart if they don't see it. Any thoughts?

2)Keg, I was frustrated, too. I can tell you I got the admin locked down tight, though. In catalog/admin/includes/config.php, line 14 define http server, set it to https. This worked beautifully for me. I get all locks on all pages. This works on the catalog side, too, but I know that supposed to be a bad idea for load on the server to serve up all secure pages all the time.

 

I've seen this post or similar ones before without resolutions. I'm going to look deeper into it and check back here to see if anyone can help us!

Link to comment
Share on other sites

did u do any modification of the code for changing ssl, other than the configure.php files?

 

what have you changed in application top?

i would backup your site, then start replacing with untouched source to find the error. start with application top

Link to comment
Share on other sites

yes, header tag controller. That's what made me think of it. They insert their comments in there with their url. But it is commented out. I cut up their url and loaded the page back up but no luck. It's the strangest thing. The lock appears at first but disappears as the page is loading. That's what makes me think there's something in there. I'll try loading application_top fresh and see.

Link to comment
Share on other sites

I'll get back to you Mibble, ASAP tonight...I just have to re-implement my SSL because I took it off my site due to the fact it was pestering me so much to death!!!

 

When you talk about "alias" what do you mean?

 

Thanks guys...be back soon...one hour or so. Hopefully it will not even be that long ;)

"Beer is proof that God loves us and wants us to be happy." - Benjamin Franklin

Link to comment
Share on other sites

hmm, both fresh from 2.2 ms2 but no luck. Messes with the look but the same thing happens. I'm thinking about doing a full fresh and see if it works. With all the contribs and look changes, it will be a bummer to have to go through doing each one again to see which one it was, if it is the case.

Link to comment
Share on other sites

mine is a dedicated, but I'm going to call my host in the morning and ask if they know what's up. I appreciate your help.

Hey, another thread mentioned changing the codebase to https http://www.oscommerce.com/forums/index.php?showtopic=118744

 

"codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0""

(the mention was in the reply below this snippet)

 

When I view source on my page, near the top it says:

<base href="http://www.gardenvines.com/catalog/">

 

could this be an issue?

Link to comment
Share on other sites

your host (if using an shared ssl) gives you an 'alias' to use in place for the https

 

 

Like I quoted at the very first post it is

 

https://ssl.perfora.net/mydomain.com

 

That is what my host gave me...BTW, my host is www.1and1.com

It is a free shared ssl certificate that they gave me. That is what they gave me,

 

https://ssl.perfora.net/mydomain.com

 

whereas, mydomain.com = my alias domain?

 

Ok...I'm off to re-implementing my SSL, and I will post both of my config.php files here...get ready :o --I'll be back

"Beer is proof that God loves us and wants us to be happy." - Benjamin Franklin

Link to comment
Share on other sites

curious. I'm also with 1and1. They've been really great so far. I'm on their developer package and using a dedicated ssl but maybe there's something in common here that we need to ask them. something about the way osc interact with their setup maybe. I loaded a regular html page right into the catalog directory and the page loaded securely, no trouble at all.

Link to comment
Share on other sites

curious. I'm also with 1and1. They've been really great so far...

 

...I loaded a regular html page right into the catalog directory and the page loaded securely, no trouble at all.

 

 

Yeah...I like 1and1, but have had a few issues with pop email, etc. I'm wondering the same thing with this ssl. Although, they aren't that quick on replies, for me at least.

 

You think my shared ssl should have the www in it or anything?

 

https://ssl.perfora.net/mydomain.com = what 1and1 Hosting gave me

https://ssl.perfora.net/www.mydomain.com = should it be this?

 

Also, quick note and off the subject: How did you load an HTML page in the catalog? Do you mean in the admin section for a product?

 

You think they goofed up on giving me a bogus url or something...Mibble thinks it's wrong...it just might be wrong, those hosting companies are not perfect you know :unsure:

"Beer is proof that God loves us and wants us to be happy." - Benjamin Franklin

Link to comment
Share on other sites

please post your configure.php plus your alias from your host and who your host is.  we cant get anywhere without that.  your shared ssl is not https://ssl.perfora.net/mydomain.com  we need the actual alias from the host to prove ssl is working or not.  help us help you by you posting the info, else nothing will ever get resolved.

 

Ok guys?here?s my info as Mibble requested :: fully complete :: I hope this helps me out OR anyone else having this problem :)

 

First?read the very first message in this actual thread (if any of you just joined us) before reading this posted message below?it will make more sense:

 

My website = www.discountjunky.com

My shared ssl cert = https://ssl.perfora.net/discountjunky.com (that's the only info I have, unless it's wrong) :huh:

Hosting Company = www.1and1.com

***** = sensitive data

 

As Mibble requested here are both of my configure.php files

 

One is on the admin side and the other is on the catalog side?I?ll list catalog first.

 

1. My 1st configure.php file layout directory is at the catalog side(.../includes/configure.php):

 

<?php
/*
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.discountjunky.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://ssl.perfora.net/discountjunky.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.discountjunky.com');
 define('HTTPS_COOKIE_DOMAIN', 'ssl.perfora.net');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/discountjunky.com/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/homepages/**/*********/htdocs/discountjunky/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
 define('DB_SERVER', '*****.perfora.net'); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', '*****');
 define('DB_SERVER_PASSWORD', '*****');
 define('DB_DATABASE', '*****');
 define('USE_PCONNECT', 'false'); // use persistent connections?
 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'
?>

 

2. My 2nd configure.php file layout directory is at the Admin Side (.../admin/includes/configure.php):

 

<?php
/*
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.discountjunky.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTP_CATALOG_SERVER', 'http://www.discountjunky.com');
 define('HTTPS_CATALOG_SERVER', 'https://ssl.perfora.net/discountjunky.com');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', '/homepages/**/*********/htdocs/discountjunky/'); // where the pages are located on the server
 define('DIR_WS_ADMIN', '/admin/'); // absolute path required
 define('DIR_FS_ADMIN', '/homepages/**/*********/htdocs/discountjunky/admin/'); // absolute pate required
 define('DIR_WS_CATALOG', '/'); // absolute path required
 define('DIR_FS_CATALOG', '/homepages/**/*********/htdocs/discountjunky/'); // absolute path required
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

// define our database connection
 define('DB_SERVER', '*****.perfora.net'); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', '*****');
 define('DB_SERVER_PASSWORD', '*****');
 define('DB_DATABASE', '*****');
 define('USE_PCONNECT', 'false'); // use persisstent connections?
 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'
?>

 

Ok?here?s the final part?

 

3. I went ahead and created a login for anyone to test this if you choose?go to my site and watch this silly stupid dumb pop-up occur when logging into your test account. <_< Plus, also keep a lookout for the lock at the bottom, there isn't one! >_<

 

While the site is in the https secure mode the certificate says it is valid if you look into it, but it does not show the lock, and that STUPID pop up error...arrrrrgggghh :angry:

 

Login Information for you to use = email: [email protected] password: ssltest

 

Thanks everyone/anyone for your very kind help with this matter !!!!! I can?t wait to get this fixed :D At least I hope so... :sweating:

"Beer is proof that God loves us and wants us to be happy." - Benjamin Franklin

Link to comment
Share on other sites

I gave you the answer to your problem in another post. When you registered your domain for an ssl you didn't register it as www.mydomain.com you registered it as http://www.mydomain.com - so your ssl cert is pointed to the http part of your site. Just click on your own GeoTrust link to get confirmation of that - it says http://www.yourdomain.com and not https://www.yourdomain.com. Asking the same question of other people isn't going to change this, just waste their time.

 

Vger

mine is a dedicated, but I'm going to call my host in the morning and ask if they know what's up. I appreciate your help.

Hey, another thread mentioned changing the codebase to https http://www.oscommerce.com/forums/index.php?showtopic=118744

 

"codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0""

(the mention was in the reply below this snippet)

 

When I view source on my page, near the top it says:

<base href="http://www.gardenvines.com/catalog/">

 

could this be an issue?

Link to comment
Share on other sites

it makes a good point, as vger had already answered the post in another thread, that if you have questions on the same thing, keep it in the same thread and not create another one. if i had seen his answer, i would have also pushed for looking at that instead of going round and round in circles chasing my tail. have better tails to chase!

Link to comment
Share on other sites

I gave you the answer to your problem in another post...

 

...Asking the same question of other people isn't going to change this, just waste their time.

 

Vger

 

Plus it just sidetracked the original intention of my posting this thread ...so let's get back to the main subject here...thanks Vger

 

Anyone have any suggestions to my original post for this problem of mine? (please read first post in this thread to refresh your memory)

"Beer is proof that God loves us and wants us to be happy." - Benjamin Franklin

Link to comment
Share on other sites

your original post talks about a shared certificate and then you get popups. to me that indicates the 'alias' the host gives you to access the ssl is incorrect in your configure.php you can not use https://mydomaon.com needs to be in a different format given to you only by your host.

Link to comment
Share on other sites

your original post talks about a shared certificate and then you get popups.  to me that indicates the 'alias' the host gives you to access the ssl is incorrect in your configure.php  you can not use https://mydomaon.com needs to be in a different format given to you only by your host.

 

Read Post #16 in this thread...that's EVERYTHING I have...i don't have anymore to give...believe me, that is what my host gave me...nothing more.

 

I still don't understand...but please read post #16 thouroughly and see what you think...I even provided a login for you to look and analyze the error. I did follow every document that I've read in this forum and it resulted in post #16

 

Do I need to change something specific in my configure.php files at post #16 ???

 

There is only one pop up I'm concerned about...when logging in...please just re-read post #16...I don't think I can be any more clear...can I ?

 

Am I just stupid or what...everything in my configure.php files are correct aren't they? My shared ssl is as I stated at POST #16 - click here to find out

"Beer is proof that God loves us and wants us to be happy." - Benjamin Franklin

Link to comment
Share on other sites

...the 'alias' the host gives you to access the ssl is incorrect in your configure.php  you can not use https://mydomaon.com needs to be in a different format given to you only by your host.

 

This is "as is" in my hosting administration page: please see picture below:

I cannot change or have my hosting company change what has been given to me, I think you'll get a better idea if you look at the screenshot I took below...

 

ssl-screenshot.JPG

"Beer is proof that God loves us and wants us to be happy." - Benjamin Franklin

Link to comment
Share on other sites

Keg, what's happening is that the base href tag is not changing to your ssl url.

It should do so automatically for those secured page. This is why you fill in the configure.php file.

 

open up account.php and post the base href tag.

 

One thing you can try doing is changing your base href tag to

<base href="https://ssl.perfora.net/discountjunky.com/">

then upload account.php and click My Account and see if that makes a difference

Link to comment
Share on other sites

Went to your site, signed up for an account (you may want to delete Eliza Dolittle now), no problems, no warnings. Reckon it's your browser settings in XP that are giving you the warning.

 

Vger

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...