Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Trouble Getting SSL


awisdoms

Recommended Posts

I was wondering if someone could help me with a little something. As far as installing the SSL certificates, how do you go about doing that? I mean, I (finally!!) found my way into the includes/configure.php file, but DON'T know exactly WHAT to change. And, as far as changing goes, is there *another* page I should be editing? Where do I even begin?

 

What I'm trying to do is get my site secured. I'm not sure if what I need to be doing here is securing my checkout page (though, I've seen twelve of those in variation in my files -- not sure which one!), or securing my -entire- site. I realize everything I've said here is jumbled, but like I said, I'm learning. Could you offer any advice, or help, as far as where or how to start, thanks....

Link to comment
Share on other sites

Firstly, find out if your hosting company provides a shared ssl certificate included as part of your package. If they do, then ask them what the pathway is to use this shared ssl with your website.

 

Other than to set Use SSL to true and inserting the https pathways into your two configure.php files you don't have to do anything else. osCommerce decided which pages in your catalog need to be protected and which don't.

 

You should however change the name of your osCommerce 'admin' folder, insert the new name in your admin/includes/configure.php file in place of 'admin', and then Password Protect that folder in your web hosting control panel.

 

If your hosting company doesn't provide a shared ssl, and wants to charge the earth to install a full ssl for you, then check in your hosting control panel if you have the ability to install a full ssl certificate yourself. In this case, repost for further advice.

 

Vger

Link to comment
Share on other sites

Vger,

 

I want to first tell you that I am so greatful to you for helping me. Now for the rest:

 

My host provides a shared ssl certificate at no extra charge to me. I do have the pathway (https://globalsecureservers.com/~esarnia7/ <--- I think this is it???) here. If this is the pathway, what do I do next?

 

"Other than to set Use SSL to true and inserting the https pathways into your two configure.php files you don't have to do anything else. "

 

The only configure.php file I found was here: public html > admin > includes > configure.php Where might I find the other? Should I even be editing the ones in the admin folder? Are there two completely different ones somewhere else?

 

"You should however change the name of your osCommerce 'admin' folder, insert the new name in your admin/includes/configure.php file in place of 'admin', and then Password Protect that folder in your web hosting control panel."

 

Hmm.... I'm not sure I understand. Is this very important to do, and is there a way to do it in Dreamweaver?

Link to comment
Share on other sites

this is what you should use for your ssl path:

 

https://globalsecureservers.com/~esarnia7

 

dont use the ending slash, if your other catalog listing has a beginning slash.

 

dreamweaver works well. it does not create the password for the admin area. use htaccess for that, your host cpanel (if you have it) should have a 'button' to click on for password protecting a directory. use it.

 

dreamweaver, use the site dropdown menu. create the local, the remote server (this is where you can ftp to/from the site) and the testing server.

Link to comment
Share on other sites

What do I do with the path? What is password protecting a directory? I don't see any button for it to protect the dir.....

 

this is what you should use for your ssl path:

 

https://globalsecureservers.com/~esarnia7

 

dont use the ending slash, if your other catalog listing has a beginning slash.

 

dreamweaver works well. it does not create the password for the admin area.  use htaccess for that, your host cpanel (if you have it) should have a 'button' to click on for password protecting a directory.  use it.

 

dreamweaver, use the site dropdown menu.  create the local, the remote server (this is where you can ftp to/from the site) and the testing server.

Link to comment
Share on other sites

this is what you should use for your ssl path:

 

https://globalsecureservers.com/~esarnia7

 

 

This is incorrect - it is not a domain.

 

You should have something like this in catalog/includes/configure.php:

 

 ?define('HTTP_SERVER', ''); 
?define('HTTPS_SERVER', 'https://globalsecureservers.com'); 
?define('ENABLE_SSL', TRUE);
?define('HTTP_COOKIE_DOMAIN', 'globalsecureservers.com');
?define('HTTPS_COOKIE_DOMAIN', '');
?define('HTTP_COOKIE_PATH', '');
?define('HTTPS_COOKIE_PATH', '/~esarnia7/catalog/');
?define('DIR_WS_HTTP_CATALOG', '');
?define('DIR_WS_HTTPS_CATALOG', '/~esarnia7/catalog/');

 

I have left blank the ones you need not touch - admin/includes/configure.php is similar.

 

Password protect directories through your webhost control panel - it may be under something like 'security'

 

Matti

Link to comment
Share on other sites

Hi,

 

I have found this file in the OS admin/includes/configure.php but I can't seem to locate "catalog/includes/configure.php"..

Is this also in the OS and if so can you tell me where to locate it in this stuff.

Thanks,

Dia

Link to comment
Share on other sites

"Other than to set Use SSL to true"

 

Is this in one of my two configure.php files, or is this something I do somewhere else?

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.ancient-wisdoms.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

 

As you can see, in the configure.php I could find which was in the includes folder (where is the other?), in the last line, I set it to true (define('ENABLE_SSL', true); // secure webserver for checkout procedure?

) It was at false. Am I making progress, is this what you meant?

 

Thank you for helping.

Firstly, find out if your hosting company provides a shared ssl certificate included as part of your package.  If they do, then ask them what the pathway is to use this shared ssl with your website.

 

Other than to set Use SSL to true and inserting the https pathways into your two configure.php files you don't have to do anything else.  osCommerce decided which pages in your catalog need to be protected and which don't.

 

You should however change the name of your osCommerce 'admin' folder, insert the new name in your admin/includes/configure.php file in place of 'admin', and then Password Protect that folder in your web hosting control panel.

 

If your hosting company doesn't provide a shared ssl, and wants to charge the earth to install a full ssl for you, then check in your hosting control panel if you have the ability to install a full ssl certificate yourself.  In this case, repost for further advice.

 

Vger

Link to comment
Share on other sites

So // Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.ancient-wisdoms.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.ancient-wisdoms.com');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/home/esarnia7/public_html/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

needs to be like this?:

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.ancient-wisdoms.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://globalsecureservers.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'globalsecureservers.com');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/~esarnia7/catalog/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/~esarnia7/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/home/esarnia7/public_html/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

So this is it, and I'm all set -- everything is secure, just by this? And you're incredible also for helping.

 

This is incorrect - it is not a domain.

 

You should have something like this in catalog/includes/configure.php:

 

 ?define('HTTP_SERVER', ''); 
?define('HTTPS_SERVER', 'https://globalsecureservers.com'); 
?define('ENABLE_SSL', TRUE);
?define('HTTP_COOKIE_DOMAIN', 'globalsecureservers.com');
?define('HTTPS_COOKIE_DOMAIN', '');
?define('HTTP_COOKIE_PATH', '');
?define('HTTPS_COOKIE_PATH', '/~esarnia7/catalog/');
?define('DIR_WS_HTTP_CATALOG', '');
?define('DIR_WS_HTTPS_CATALOG', '/~esarnia7/catalog/');

 

I have left blank the ones you need not touch - admin/includes/configure.php is similar.

 

Password protect directories through your webhost control panel - it may be under something like 'security'

 

Matti

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...