BrioMusic Posted April 11, 2005 Posted April 11, 2005 Hi! I have a few questions about SSL & securing my site. I'm totally new to all of this. I am using a host that is a windows server. In my Admin panel it says "You are not protected by a secure SSL connection." I do have an SSL secured link that the host provided. Where do I need to add that info? It looks like it is not set up right in the includes/configure.php. define('HTTPS_SERVER', 'https://ssl6.cartmedia.com'); // eg, https://localhost - should not be empty for productive servers That's not the rights https address. So, do I change that? Do I need to make changes to any other files? Also, my admin. panel was set up by the host w/ a password. Is that all I need to secure the adminstration of the site? Thanks! ~Melissa
Guest Posted April 12, 2005 Posted April 12, 2005 You can secure you admin better by setting the HTTP_SERVER define (admin only) to your SSL URL. The sevrver administered password as you have it is the best option for admin login. Matti
BrioMusic Posted April 12, 2005 Author Posted April 12, 2005 Hi! Thanks for the answer! Where do I make the Admin only server define change?
Guest Posted April 13, 2005 Posted April 13, 2005 where http_server (top line definition) and you have it as http://www.domain.com to https://www.domain.com
H2B2 Posted April 13, 2005 Posted April 13, 2005 where http_server (top line definition) and you have it as http://www.domain.com to https://www.domain.com <{POST_SNAPBACK}> I suppose that is the top line definition in catalog/admin/includes/configure.php and NOT the topline definition in catalog/includes/configure.php. Cheers, Al
Guest Posted April 13, 2005 Posted April 13, 2005 I suppose that is the top line definition in catalog/admin/includes/configure.php and NOT the topline definition in catalog/includes/configure.php. Cheers, Al <{POST_SNAPBACK}> That is correct :D Matti
BrioMusic Posted April 14, 2005 Author Posted April 14, 2005 That is correct :D Matti <{POST_SNAPBACK}> I still have a few more questions about this. If I make this change is it securing my whole site? It seems like many people in the forums say you don't need to have your whole site secure just the pages for purchasing and transferring personal info. So, is it OK that is says You are not protected by a secure SSL connection on my admin screen? I haven't gotten as far as setting up the payment options so perhaps this is something I just set up at that point? Also, if I for sure need to change it I would just change the http link to the https link for the SSL provided by my host? Correct? You said to change it to https//domain.com but the https provided by the host doesn't have my domain name in it. It says that the link points to my root folder and any web site file viewed in that browser will be encrypted. Thanks for helping this extreme novice! ~Melissa
Guest Posted April 14, 2005 Posted April 14, 2005 It will secure your entire admin, not your whole site. The https URL your webhost provides is correct. The HTTPS_SERVER settings on the catalog side secure the checkout procedure and customer's account pages - the remainder of the catalog will run as normal. Matti
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.