Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL Cert Help


Corshas

Recommended Posts

Posted

Greetings all,

 

This is my settings on admin/configure file

 

('HTTP_SERVER', 'http://jerlynnseikowatches.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers
 define('HTTP_CATALOG_SERVER', 'http://jerlynnseikowatches.com');
 define('HTTPS_CATALOG_SERVER', 'https://jerlynnseikowatches.com');
 define('ENABLE_SSL_CATALOG', true); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT
); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)
 define('DIR_WS_ADMIN', '/admin/');
 define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);
 define('DIR_WS_CATALOG', '/catalog/');
 define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');

 

 

catalog/configure

 

('HTTP_SERVER', 'http://jerlynnseikowatches.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://jerlynnseikowatches.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL',true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'jerlynnseikowatches.com');
 define('HTTPS_COOKIE_DOMAIN', 'jerlynnseikowatches.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES',

 

Admin Settings

Session Directory /tmp   
Force Cookie Use True   
Check SSL Session ID True   
Check User Agent True   
Check IP Address False   
Prevent Spider Sessions True   
Recreate Session True  

 

My problem is that I can't secure the checkout procces.

 

I have an SSl cert installed and I can open the site in https

 

My Webpage

 

 

My secure Webpage

 

Could I get somebody to look where my problem could be.

 

Thank you for your time.

Scott

Posted

When you say that you "can't secure the checkout", do you mean that you can't get the yellow padlock to show? If so then I've got the same problem with a GeoTrust certificate which requires all url links on the page to be https.

Posted
Greetings all,

 

This is my settings on admin/configure file

 

('HTTP_SERVER', 'http://jerlynnseikowatches.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers
 define('HTTP_CATALOG_SERVER', 'http://jerlynnseikowatches.com');
 define('HTTPS_CATALOG_SERVER', 'https://jerlynnseikowatches.com');
 define('ENABLE_SSL_CATALOG', true); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT
); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)
 define('DIR_WS_ADMIN', '/admin/');
 define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);
 define('DIR_WS_CATALOG', '/catalog/');
 define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');

catalog/configure

 

('HTTP_SERVER', 'http://jerlynnseikowatches.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://jerlynnseikowatches.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL',true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'jerlynnseikowatches.com');
 define('HTTPS_COOKIE_DOMAIN', 'jerlynnseikowatches.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES',

 

Admin Settings

Session Directory /tmp   
Force Cookie Use True   
Check SSL Session ID True   
Check User Agent True   
Check IP Address False   
Prevent Spider Sessions True   
Recreate Session True  

 

My problem is that I can't secure the checkout procces.

 

I have an SSl cert installed and I can open the site in https

 

My Webpage

My secure Webpage

 

Could I get somebody to look where my problem could be.

 

Thank you for your time.

Scott

 

try setting where you have jerlynnseikowatches.com to

www.jerlynnseikowatches.com in your configure files

Treasurer MFC

Posted

Yes, SSL certs are almost always issued to www.yourdomain.com (unless you specify otherwise), so Amanda's advice is sound.

 

Also, you don't need 'Force Cookie Use' and 'Prevent Spider Sessions' at the same time, and 'Check SSL Session ID' can cause problems. I recommend

 

Session Directory /tmp

Force Cookie Use True

Check SSL Session ID False

Check User Agent False

Check IP Address False

Prevent Spider Sessions False

Recreate Session True

 

Vger

Posted

Hope I'm not hijacking your question Corshas! I think my problem is that there are insecure links on the pages that I call with an https url. In application_top around line 41 there is the following code:

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

I included the following line in my main page to check the value of $request_type:

<?php echo "request type = " . $request_type; ?>

and I'm finding that it always returns NONSSL, so I assume that's why all my relative image links on https pages are http instead of https, which is probably the cause of my padlock not displaying.

Posted

Don't tell me - let me guess. You have one of those setups where you have an httpdocs folder and an httpsdocs folder for ssl?

 

Vger

Hope I'm not hijacking your question Corshas! I think my problem is that there are insecure links on the pages that I call with an https url. In application_top around line 41 there is the following code:

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

I included the following line in my main page to check the value of $request_type:

<?php echo "request type = " . $request_type; ?>

and I'm finding that it always returns NONSSL, so I assume that's why all my relative image links on https pages are http instead of https, which is probably the cause of my padlock not displaying.

Posted

Okay, my previous post about ssl certs ALMOST always being issued to www.yourdomain.com stands true - but this is the exception. Your certificate is issued to jerlynnseikowatches.com.

 

The https url you sent me was to https://www.jerlynnseikowatches.com, and this generated a warning pop-up about your ssl cert. If this cert is newly issued and they offer re-issuance for free then I'd get it reissued to www.jerlynnseikowatches.com.

 

There also seems to be a problem with the installation of the cert, under Key Usage and Basic Restraints, but this may be the result of the certificate being issued the way it was.

 

Vger

Greetings all,

 

This is my settings on admin/configure file

 

('HTTP_SERVER', 'http://jerlynnseikowatches.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers
?define('HTTP_CATALOG_SERVER', 'http://jerlynnseikowatches.com');
?define('HTTPS_CATALOG_SERVER', 'https://jerlynnseikowatches.com');
?define('ENABLE_SSL_CATALOG', true); // secure webserver for catalog module
?define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT
); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)
?define('DIR_WS_ADMIN', '/admin/');
?define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);
?define('DIR_WS_CATALOG', '/catalog/');
?define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);
?define('DIR_WS_IMAGES', 'images/');
?define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
?define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
?define('DIR_WS_INCLUDES', 'includes/');

catalog/configure

 

('HTTP_SERVER', 'http://jerlynnseikowatches.com'); // eg, http://localhost - should not be empty for productive servers
?define('HTTPS_SERVER', 'https://jerlynnseikowatches.com'); // eg, https://localhost - should not be empty for productive servers
?define('ENABLE_SSL',true); // secure webserver for checkout procedure?
?define('HTTP_COOKIE_DOMAIN', 'jerlynnseikowatches.com');
?define('HTTPS_COOKIE_DOMAIN', 'jerlynnseikowatches.com');
?define('HTTP_COOKIE_PATH', '/');
?define('HTTPS_COOKIE_PATH', '/');
?define('DIR_WS_HTTP_CATALOG', '/catalog/');
?define('DIR_WS_HTTPS_CATALOG', '/catalog/');
?define('DIR_WS_IMAGES', 'images/');
?define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
?define('DIR_WS_INCLUDES', 'includes/');
?define('DIR_WS_BOXES',

 

Admin Settings

Session Directory /tmp ? 
Force Cookie Use True ? 
Check SSL Session ID True ? 
Check User Agent True ? 
Check IP Address False ? 
Prevent Spider Sessions True ? 
Recreate Session True ?

 

My problem is that I can't secure the checkout procces.

 

I have an SSl cert installed and I can open the site in https

 

My Webpage

My secure Webpage

 

Could I get somebody to look where my problem could be.

 

Thank you for your time.

Scott

Posted

Thank to all who replyed.

 

rhubarb,

 

I changed the application top according the the topic that you recommended....No luck.

 

 

Vger,

I changed the settings in my admin as well...no luck.

 

I can check with our host to see if they can reissue the cert. Why would that matter though.

 

 

My secure Webpage

 

Any other ideas

 

Scott

Posted
When you say that you "can't secure the checkout", do you mean that you can't get the yellow padlock to show? If so then I've got the same problem with a GeoTrust certificate which requires all url links on the page to be https.

 

Yeah, this is driving me crazy... like there's no point in having it at all really...

Posted

Sorry, didn't pick this up before:

 

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

 

change to:

 

define('HTTP_COOKIE_PATH', '/catalog');

define('HTTPS_COOKIE_PATH', '/catalog');

 

The images are showing with https pathways when on an https page, so that's not the problem.

 

You asked why change it to www.yourdomain.com? Simply that at the moment if you go to https://www.yourdomain.com you get a security warning, because that pathway is not covered by your cert. And returning customers may well just type in www.youdomain.com/login.php into their browser, and they'll end up at https://www.yourdomain.com with the security warning. If you have the cert with www. in front of your domain it won't matter if they go to https://www.yourdomain.com or https://yourdomain.com they won't get the error.

 

Vger

Posted

Vger,

 

Still no luck...

 

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

 

change to:

 

define('HTTP_COOKIE_PATH', '/catalog');

define('HTTPS_COOKIE_PATH', '/catalog');

 

 

The images do show up with https.

 

Any other ideas??

 

Scott

Posted

There's nothing wrong with your cert, and I don't think there's anything wrong any more with your config files. That only leaves your hosting company!

 

If you are hosted with the same company as Rhubarb - change hosts - life is too short!

 

Vger

Posted
I've just changed

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

to

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

as per http://www.oscommerce.com/forums/index.php?showtopic=72486 and I've got my padlock!!

 

(GeoTrust certificate on a hosting package with oneandone.co.uk)

 

 

I did this change as well (also have Geotrust Cert) and now images are secure regardless of page, any ideas, and changing cert companies isn't an option.

 

(real problem- the secure unsecure message) :huh:

Posted

fishbone2, I see what you mean. I've revisited this and my solution is actually very simple, I changed the 'on' in the original line of code to 1.

 

$request_type = (getenv('HTTPS') == 1) ? 'SSL' : 'NONSSL';

Try putting the following code in a test page or within the html of a php file

 

<?php
echo 'getenv(HTTPS)=' . getenv('HTTPS');
?>

Check the output for the file's https url and compare to it's http url.

Posted
fishbone2, I see what you mean. I've revisited this and my solution is actually very simple, I changed the 'on' in the original line of code to 1.

 

$request_type = (getenv('HTTPS') == 1) ? 'SSL' : 'NONSSL';

Try putting the following code in a test page or within the html of a php file

 

<?php
echo 'getenv(HTTPS)=' . getenv('HTTPS');
?>

Check the output for the file's https url and compare to it's http url.

 

NICE!!! Thanks so much!! :thumbsup:

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...