LindaBee Posted February 5, 2005 Posted February 5, 2005 Sorry, this is the second time I've posted, but I think it's a valid question. I've installed a temporary certificate and according to the installation documentation with my hosting company, I'm done. I know all I have to do is point to the https:// part but not sure how. This is what I'm getting when I click on my page. What file do I alter to change all my settings to https:// instead of http://? Even the admin link gives me this error. I only want the transactions pages protected. So do I have to specify certain pages? Sorry for posting again, but thanks so much! Linda The page must be viewed over a secure channel The page you are trying to view requires the use of "https" in the address. -------------------------------------------------------------------------------- Please try the following: Try again by typing https:// at the beginning of the address you are attempting to reach. HTTP 403.4 - Forbidden: SSL required Internet Information Services -------------------------------------------------------------------------------- Technical Information (for support personnel) Background: This error indicates that the page you are trying to access is secured with Secure Sockets Layer (SSL). More information: Microsoft Support
LindaBee Posted February 5, 2005 Author Posted February 5, 2005 I figured it out after hours. It's a shame that the documentation says enable the ssl then you're secure. For the poor newbies like me that need more guidance, all it had to say was, Then redirect those pages in the control panel to https:// that you want secure. Very sad. Linda
TCwho Posted February 5, 2005 Posted February 5, 2005 sadly that is not the proper way to do it. it is very simple, problay only editing a total of two lines in catalog/includes/configure.php ...... the information is widely available, even a good search will answer most questions.... :::Edited::: and I just saw your previous post about your ssl issue, and your question was answered by ozcsys: http://www.oscommerce.com/forums/index.php?sho...ndpost&p=542682 If you have a shared ssl certificate, your https address is not going to be what you put in the configure.php file..... Drop_Shadow How Did You Hear About Us Email HTML Order Link ---- GMT -5:00
LindaBee Posted February 6, 2005 Author Posted February 6, 2005 tCwho, you're exactly right, it was answered in my previous post. I apologize, honestly. I did however change the config file, and I think I'm confused becasue when I click my shopping cart, I don't get the security. It is enabled shared ssl in my control panel and this is my config file. For some reason, this just isn't sinking in for me :'( define('HTTP_SERVER', 'http://coastalmermaid.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://coastalmermaid.hostexellence.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure?
♥Vger Posted February 6, 2005 Posted February 6, 2005 Your website is not based in the root of your domain but in a folder called 'catalog'. You must make sure that you use these settings in your includes/configure.php file. define('HTTP_COOKIE_DOMAIN', 'www.coastalmermaid.com'); define('HTTPS_COOKIE_DOMAIN', ''); define('HTTP_COOKIE_PATH', '/catalog'); define('HTTPS_COOKIE_PATH', '/catalog'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); I recommend leaving the https cookie domain blank, but if that does throw up a warning box when you switch to https then you can change it to: define('HTTPS_COOKIE_DOMAIN', 'coastalmermaid.hostexellence.com'); Vger
LindaBee Posted February 6, 2005 Author Posted February 6, 2005 Vger, thanks for helping. I still don't get the security lock when I check out. I haven't completed a transaction, but get to the payment method to enter the credit card number and stop there because I don't see the lock. define('HTTP_SERVER', 'http://coastalmermaid.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://coastalmermaid.hostexellence.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.coastalmermaid.com'); define('HTTPS_COOKIE_DOMAIN', ''); define('HTTP_COOKIE_PATH', '/catalog'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/');
♥Vger Posted February 6, 2005 Posted February 6, 2005 Just a thought! Take a look in the 'includes' folder to see if there is a 'local' folder in there with an alternative configure.php file in there. If there is then this file has precedence over your includes/configure.php file. Other than that it is obvious that your editing of includes/configure.php is not actually being applied. Are you altering the file permissions to allow you to upload the edited file and overwrite the existing one, then resetting the permission again? Vger
Guest Posted February 6, 2005 Posted February 6, 2005 going to: https://coastalmermaid.hostexellence.com/ does not even get anything displayed, thus i believe you have a wrong path for your 'aliasl given by your host. what do you have for your document_root path? (admin/tools/server info and search for document_root) post that here
LindaBee Posted February 6, 2005 Author Posted February 6, 2005 Hey, Mibble, my mistake, I transposed the https server info it's hostexellence.coastalmermaid.com so when I hit https://hostexellence.coastalmermaid.com I get in Vger, I do have a configure.php in the local file but it's different? I have fixed the configure file to the correct path but still when I check out I don't see the lock. Linda
Guest Posted February 6, 2005 Posted February 6, 2005 delete the configure.php files in the loc al directories, both catalog and admin
TCwho Posted February 6, 2005 Posted February 6, 2005 Try: define('HTTP_SERVER', 'http://coastalmermaid.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://hostexellence.coastalmermaid.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', '.coastalmermaid.com'); define('HTTPS_COOKIE_DOMAIN', ''); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); Now as of Feb 6 05 1:42 EST it doesnt seem as though you even have ssl configured at all. When I click on My Account, It doesnt not send me to secure page... Another thing I noticed, you have no errors here and SSL Padlock shows up for me in Firefox at: https://hostexellence.coastalmermaid.com/catalog/ Drop_Shadow How Did You Hear About Us Email HTML Order Link ---- GMT -5:00
Guest Posted February 6, 2005 Posted February 6, 2005 your images are not being displayed properly, are you using direct links or are they dynamic?
TCwho Posted February 6, 2005 Posted February 6, 2005 Another thing I noticed, you have no errors here and SSL Padlock shows up for me in Firefox at:https://hostexellence.coastalmermaid.com/catalog/ Using IE I get warning about your ssl certificate and warning about non-secure images.... site will load but no images, however padlock does show up... Drop_Shadow How Did You Hear About Us Email HTML Order Link ---- GMT -5:00
LindaBee Posted February 6, 2005 Author Posted February 6, 2005 First, THANK YOU ALL for helping and being patient with me IT'S FIXED!!!! Mibble, I'll change the image links. Thanks for reminding me. I think this is what fixed it. Vger I looked in the catalog/local/configuration file and it had define('ENABLE_SSL', 0); When I changed it to 1 it worked! I'm not even going to ask why I had to do that. Thanks everyone :thumbsup: Linda
LindaBee Posted February 16, 2005 Author Posted February 16, 2005 Mibble, TCWho, I thought this was simple and I swear I've read every SSL secure/non secure thread. I'm still getting that secure/non secure error when you go to checkout. The images are spacer images and my catalog images. I honestly don't see why Im getting that error. my image paths are relative. Can anyone shed light on that. My configure.php references catalog/images and I don't see any reference to http:// in anything. Any help would be greatly appreciated. Linda
♥Vger Posted February 16, 2005 Posted February 16, 2005 Your shared ssl cert is issued as a wild card ssl e.g. *.hostexellence.com - so your https domain would be https://coastalmermaid.hostexellence.com - and not https://hostexellence.coastalmermaid.com Vger
♥Vger Posted February 16, 2005 Posted February 16, 2005 Weird - just took a look at your hosting companies website in hopes of learning something. All I learned was that their 'testimonial' websites all look the same as their own, none of them have addresses or phone numbers, one of them sells beauty products with no prices, listings or any way of buying them, another is a charity which doesn't want you to send any money to it, another is a building contractor who doesn't say what they have done, what they are doing (well, don't really say anything really) etc. Took a look at their 'money-back' guarantees and found where it said to read their Terms Of Service if you didn't believe them - but couldn't find a link to terms of service anywhere. I know what I think! Vger
LindaBee Posted February 16, 2005 Author Posted February 16, 2005 Vger, what do you mean? I don't plan on using their shared certificate when I go live (is that it?). Would getting my own certificate resolve the issue? I don't have any information in mine simply becasue I'm in the process of creating and testing. Please enlighten me. I really want to understand what you mean. Linda
♥Vger Posted February 16, 2005 Posted February 16, 2005 Please enlighten me. I really want to understand what you mean. It's just my view that people should be a little more suspicious when they sign up for web hosting with a company. Their testimonials appear to be very 'fishy' to me, that's all. Their shared cert is definitely issued as a wildcard, and says *.hostexellence.com - and so should work with any subdomain used for ssl connections. In your case that should make the shared ssl https://costalmermaid.hostexellence.com - instead of which it only appears to work with https://hostexellence.costalmermaid.com (which is completely wrong for the certificate that has been issued to them). I don't see how you can get the shared cert to work with this company without getting errors. I have tested the links using iE 6, Mozilla, Opera and Firebird browsers and they all throw up the same warnings. Before investing in a full cert with this company I would find out if you'd have to use two seperate folders on their setup, one for httpdocs and one for httpsdocs - and if they do use the two folder setup I'd look elsewhere. Vger
LindaBee Posted February 16, 2005 Author Posted February 16, 2005 Before investing in a full cert with this company I would find out if you'd have to use two seperate folders on their setup, one for httpdocs and one for httpsdocs - and if they do use the two folder setup I'd look elsewhere. Vger <{POST_SNAPBACK}> I get ya. Thanks for your hontestly. Believe it or not, I picked them from a top 10 list :( The help I'm getting has been terrible (from them). Honestly, you wouldn't believe some of the things they've told me. When I called them about this, the beginning of my thread, they're the ones that told me to redirect those pages. That's where I got that from. I have talked to them about this, you wouldn't believe it. I'm disappointed, that's for sure. Thank you so much. Hopefully I can resolve this. Linda
LindaBee Posted February 16, 2005 Author Posted February 16, 2005 Vger, I just got off the phone with my hosting company. They told me (as you said) it should be https://coastalmermaid.hostexcellence.com which I've changed those settings in configure.php. After that he said it was somewhere in OsCommerce he couldn't help me. The images are still nonsecure, but they don't reference the http, just the image. Can you answer, when I upload thru admin my images, shouldn't that be relative? Like the link to my catalog image is non secure which is suprising. those are links in my Oscmmerce files and they should not be hard coded anywhere, right? I have a thumbnail contribution on there. Thanks Linda
Guest Posted February 16, 2005 Posted February 16, 2005 I'm having the same problem. My image links "Continue button" etc. are not going through SSL but the page urls are. so, browsers are getting a "broken lock" when they go through the checkout process, because the images are not being accessed through SSL. can any one help??
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.