Mr. Waffles Posted December 8, 2004 Posted December 8, 2004 When I log on to http://www.mysite.com/oscommerce/admin I get the following error on my OScommerce Admin page in the bottom left corner. "You are not protected by a secure SSL connection." When I log in with https://mysite.com/oscommerce/admin it says I am "protected by an unknown secure connection" What is the application of this?? When I log into Admin, to be secrure do I simply need to login through https://mysite.com/oscommerce/admin, or do I need to take further steps to protect my site? Also, is the 'unknown' SSL connection a problem? Thanks! Lincoln
♥Vger Posted December 8, 2004 Posted December 8, 2004 It makes no diffference if you have a full ssl installed, osCommerce will still tell you it's 'unknown'. To make all of your admin folder run under https, with no entry via http, change all of the http://www.yourdomain.com entries in admin/includes/configure.php to https://www.yourdomain.com You also try putting this code into the .htaccess file in your 'admin' folder, though whether it will work will depend upon how modern your system is. If it doesn't work, just remove it. Please note - this file pathway is for a full ssl cert. SSLRequireSSL ErrorDocument 403 https://www.yourdomain.com/admin/ Vger
Mr. Waffles Posted December 8, 2004 Author Posted December 8, 2004 It makes no diffference if you have a full ssl installed, osCommerce will still tell you it's 'unknown'. To make all of your admin folder run under https, with no entry via http, change all of the http://www.yourdomain.com entries in admin/includes/configure.php to https://www.yourdomain.com You also try putting this code into the .htaccess file in your 'admin' folder, though whether it will work will depend upon how modern your system is. If it doesn't work, just remove it. Please note - this file pathway is for a full ssl cert. SSLRequireSSL ErrorDocument 403 https://www.yourdomain.com/admin/ Vger <{POST_SNAPBACK}> Thanks! Does the whole admin folder need to run on SSL to be secure, or can I leave it as is?
ozcsys Posted December 8, 2004 Posted December 8, 2004 When talking about securing your admin you do not mention having it password protected. You probably already have but if not you need to do that to keep people out. You can also change the name of your admin to make it harder for others to find it and try to access it. The Knowledge Base is a wonderful thing. Do you have a problem? Have you checked out Common Problems? There are many very useful osC Contributions Are you having trouble with a installed contribution? Have you checked out the support thread found Here BACKUP BACKUP BACKUP!!! You did backup, right??
bglkk Posted December 8, 2004 Posted December 8, 2004 Thanks!Does the whole admin folder need to run on SSL to be secure, or can I leave it as is? <{POST_SNAPBACK}> "EZ" Secure Order & Customer Viewing http://www.oscommerce.com/community/contributions,2274/ "This contribution addresses an issue with the store admin to allow secure viewing and editing of order and customer details while allowing the rest of the admin to remain in standard mode -- alleviating unneccessary strain on the SSL server and allowing generally quicker operation of nonSSL admin functions." "Buy the ticket, take the ride..." -HST
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.