Corshas Posted December 13, 2004 Posted December 13, 2004 Greetings all, This is my settings on admin/configure file ('HTTP_SERVER', 'http://jerlynnseikowatches.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers define('HTTP_CATALOG_SERVER', 'http://jerlynnseikowatches.com'); define('HTTPS_CATALOG_SERVER', 'https://jerlynnseikowatches.com'); define('ENABLE_SSL_CATALOG', true); // secure webserver for catalog module define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT ); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs) define('DIR_WS_ADMIN', '/admin/'); define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN); define('DIR_WS_CATALOG', '/catalog/'); define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); catalog/configure ('HTTP_SERVER', 'http://jerlynnseikowatches.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://jerlynnseikowatches.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL',true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'jerlynnseikowatches.com'); define('HTTPS_COOKIE_DOMAIN', 'jerlynnseikowatches.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', Admin Settings Session Directory /tmp Force Cookie Use True Check SSL Session ID True Check User Agent True Check IP Address False Prevent Spider Sessions True Recreate Session True My problem is that I can't secure the checkout procces. I have an SSl cert installed and I can open the site in https My Webpage My secure Webpage Could I get somebody to look where my problem could be. Thank you for your time. Scott
rhubarb Posted December 13, 2004 Posted December 13, 2004 When you say that you "can't secure the checkout", do you mean that you can't get the yellow padlock to show? If so then I've got the same problem with a GeoTrust certificate which requires all url links on the page to be https.
boxtel Posted December 13, 2004 Posted December 13, 2004 Greetings all, This is my settings on admin/configure file ('HTTP_SERVER', 'http://jerlynnseikowatches.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers define('HTTP_CATALOG_SERVER', 'http://jerlynnseikowatches.com'); define('HTTPS_CATALOG_SERVER', 'https://jerlynnseikowatches.com'); define('ENABLE_SSL_CATALOG', true); // secure webserver for catalog module define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT ); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs) define('DIR_WS_ADMIN', '/admin/'); define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN); define('DIR_WS_CATALOG', '/catalog/'); define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); catalog/configure ('HTTP_SERVER', 'http://jerlynnseikowatches.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://jerlynnseikowatches.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL',true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'jerlynnseikowatches.com'); define('HTTPS_COOKIE_DOMAIN', 'jerlynnseikowatches.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', Admin Settings Session Directory /tmp Force Cookie Use True Check SSL Session ID True Check User Agent True Check IP Address False Prevent Spider Sessions True Recreate Session True My problem is that I can't secure the checkout procces. I have an SSl cert installed and I can open the site in https My Webpage My secure Webpage Could I get somebody to look where my problem could be. Thank you for your time. Scott <{POST_SNAPBACK}> try setting where you have jerlynnseikowatches.com to www.jerlynnseikowatches.com in your configure files Treasurer MFC
♥Vger Posted December 13, 2004 Posted December 13, 2004 Yes, SSL certs are almost always issued to www.yourdomain.com (unless you specify otherwise), so Amanda's advice is sound. Also, you don't need 'Force Cookie Use' and 'Prevent Spider Sessions' at the same time, and 'Check SSL Session ID' can cause problems. I recommend Session Directory /tmp Force Cookie Use True Check SSL Session ID False Check User Agent False Check IP Address False Prevent Spider Sessions False Recreate Session True Vger
rhubarb Posted December 13, 2004 Posted December 13, 2004 Hope I'm not hijacking your question Corshas! I think my problem is that there are insecure links on the pages that I call with an https url. In application_top around line 41 there is the following code: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; I included the following line in my main page to check the value of $request_type: <?php echo "request type = " . $request_type; ?> and I'm finding that it always returns NONSSL, so I assume that's why all my relative image links on https pages are http instead of https, which is probably the cause of my padlock not displaying.
♥Vger Posted December 14, 2004 Posted December 14, 2004 Don't tell me - let me guess. You have one of those setups where you have an httpdocs folder and an httpsdocs folder for ssl? Vger Hope I'm not hijacking your question Corshas! I think my problem is that there are insecure links on the pages that I call with an https url. In application_top around line 41 there is the following code: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; I included the following line in my main page to check the value of $request_type: <?php echo "request type = " . $request_type; ?> and I'm finding that it always returns NONSSL, so I assume that's why all my relative image links on https pages are http instead of https, which is probably the cause of my padlock not displaying. <{POST_SNAPBACK}>
rhubarb Posted December 14, 2004 Posted December 14, 2004 I've just changed $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; to $request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL'; as per http://www.oscommerce.com/forums/index.php?showtopic=72486 and I've got my padlock!! (GeoTrust certificate on a hosting package with oneandone.co.uk)
♥Vger Posted December 14, 2004 Posted December 14, 2004 Okay, my previous post about ssl certs ALMOST always being issued to www.yourdomain.com stands true - but this is the exception. Your certificate is issued to jerlynnseikowatches.com. The https url you sent me was to https://www.jerlynnseikowatches.com, and this generated a warning pop-up about your ssl cert. If this cert is newly issued and they offer re-issuance for free then I'd get it reissued to www.jerlynnseikowatches.com. There also seems to be a problem with the installation of the cert, under Key Usage and Basic Restraints, but this may be the result of the certificate being issued the way it was. Vger Greetings all, This is my settings on admin/configure file ('HTTP_SERVER', 'http://jerlynnseikowatches.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers ?define('HTTP_CATALOG_SERVER', 'http://jerlynnseikowatches.com'); ?define('HTTPS_CATALOG_SERVER', 'https://jerlynnseikowatches.com'); ?define('ENABLE_SSL_CATALOG', true); // secure webserver for catalog module ?define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT ); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs) ?define('DIR_WS_ADMIN', '/admin/'); ?define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN); ?define('DIR_WS_CATALOG', '/catalog/'); ?define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG); ?define('DIR_WS_IMAGES', 'images/'); ?define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); ?define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); ?define('DIR_WS_INCLUDES', 'includes/'); catalog/configure ('HTTP_SERVER', 'http://jerlynnseikowatches.com'); // eg, http://localhost - should not be empty for productive servers ?define('HTTPS_SERVER', 'https://jerlynnseikowatches.com'); // eg, https://localhost - should not be empty for productive servers ?define('ENABLE_SSL',true); // secure webserver for checkout procedure? ?define('HTTP_COOKIE_DOMAIN', 'jerlynnseikowatches.com'); ?define('HTTPS_COOKIE_DOMAIN', 'jerlynnseikowatches.com'); ?define('HTTP_COOKIE_PATH', '/'); ?define('HTTPS_COOKIE_PATH', '/'); ?define('DIR_WS_HTTP_CATALOG', '/catalog/'); ?define('DIR_WS_HTTPS_CATALOG', '/catalog/'); ?define('DIR_WS_IMAGES', 'images/'); ?define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); ?define('DIR_WS_INCLUDES', 'includes/'); ?define('DIR_WS_BOXES', Admin Settings Session Directory /tmp ? Force Cookie Use True ? Check SSL Session ID True ? Check User Agent True ? Check IP Address False ? Prevent Spider Sessions True ? Recreate Session True ? My problem is that I can't secure the checkout procces. I have an SSl cert installed and I can open the site in https My Webpage My secure Webpage Could I get somebody to look where my problem could be. Thank you for your time. Scott <{POST_SNAPBACK}>
Corshas Posted December 14, 2004 Author Posted December 14, 2004 Thank to all who replyed. rhubarb, I changed the application top according the the topic that you recommended....No luck. Vger, I changed the settings in my admin as well...no luck. I can check with our host to see if they can reissue the cert. Why would that matter though. My secure Webpage Any other ideas Scott
rhubarb Posted December 14, 2004 Posted December 14, 2004 If you right click your images and select properties does the url to the image include https?
remixstore Posted December 15, 2004 Posted December 15, 2004 When you say that you "can't secure the checkout", do you mean that you can't get the yellow padlock to show? If so then I've got the same problem with a GeoTrust certificate which requires all url links on the page to be https. <{POST_SNAPBACK}> Yeah, this is driving me crazy... like there's no point in having it at all really...
♥Vger Posted December 15, 2004 Posted December 15, 2004 Sorry, didn't pick this up before: define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); change to: define('HTTP_COOKIE_PATH', '/catalog'); define('HTTPS_COOKIE_PATH', '/catalog'); The images are showing with https pathways when on an https page, so that's not the problem. You asked why change it to www.yourdomain.com? Simply that at the moment if you go to https://www.yourdomain.com you get a security warning, because that pathway is not covered by your cert. And returning customers may well just type in www.youdomain.com/login.php into their browser, and they'll end up at https://www.yourdomain.com with the security warning. If you have the cert with www. in front of your domain it won't matter if they go to https://www.yourdomain.com or https://yourdomain.com they won't get the error. Vger
Corshas Posted December 15, 2004 Author Posted December 15, 2004 Vger, Still no luck... define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); change to: define('HTTP_COOKIE_PATH', '/catalog'); define('HTTPS_COOKIE_PATH', '/catalog'); The images do show up with https. Any other ideas?? Scott
♥Vger Posted December 15, 2004 Posted December 15, 2004 There's nothing wrong with your cert, and I don't think there's anything wrong any more with your config files. That only leaves your hosting company! If you are hosted with the same company as Rhubarb - change hosts - life is too short! Vger
Guest Posted December 15, 2004 Posted December 15, 2004 I've just changed $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; to $request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL'; as per http://www.oscommerce.com/forums/index.php?showtopic=72486 and I've got my padlock!! (GeoTrust certificate on a hosting package with oneandone.co.uk) <{POST_SNAPBACK}> I did this change as well (also have Geotrust Cert) and now images are secure regardless of page, any ideas, and changing cert companies isn't an option. (real problem- the secure unsecure message) :huh:
rhubarb Posted December 15, 2004 Posted December 15, 2004 fishbone2, I see what you mean. I've revisited this and my solution is actually very simple, I changed the 'on' in the original line of code to 1. $request_type = (getenv('HTTPS') == 1) ? 'SSL' : 'NONSSL'; Try putting the following code in a test page or within the html of a php file <?php echo 'getenv(HTTPS)=' . getenv('HTTPS'); ?> Check the output for the file's https url and compare to it's http url.
Guest Posted December 17, 2004 Posted December 17, 2004 fishbone2, I see what you mean. I've revisited this and my solution is actually very simple, I changed the 'on' in the original line of code to 1. $request_type = (getenv('HTTPS') == 1) ? 'SSL' : 'NONSSL'; Try putting the following code in a test page or within the html of a php file <?php echo 'getenv(HTTPS)=' . getenv('HTTPS'); ?> Check the output for the file's https url and compare to it's http url. <{POST_SNAPBACK}> NICE!!! Thanks so much!! :thumbsup:
Recommended Posts
Archived
This topic is now archived and is closed to further replies.