Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Serious SSL Help Needed


dailce

Recommended Posts

Please Help!

 

I think I got the admin fixed but...

 

 

Problem 1: SECURING ADMIN WITH SSL

 

I fixed my ADMIN/includes/configure.php file changed the following lines, basically I just added the HTTPS and enabled the SSL:

 

(note using "mysite" just as a name)

 

 ?define('HTTP_SERVER', 'https://www.mysite.ca'); 
?define('HTTP_CATALOG_SERVER', 'https://mysite.ca');
?define('HTTPS_CATALOG_SERVER', 'https://www.mysite.ca');
?define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

When I go to the admin page the address bar shows the https://www.mysite.ca/Admin and the padlock is at the bottom of the browser, and when I view other pages in the admin I get the same thing. BUT

 

"You are not protected by a secure SSL connection" and the padlock is unlocked at the left of the screen (left side of the main/welcome screen). What's wrong?

 

Also, I can still visit http://mysite.com/ADMIN and https://mysite.com/ADMIN. Is there a way to force the https if http is entered in the address bar?

 

 

PROBLEM 2: How do I apply SSL to the catolog of my site I tried to enable SSL and applied the HTTPS thing. But...

 

When I try to log in with my user account I get this message:

 

"You are about to be redirected to a connection that is not secure.

 

The information you are sending to the current site might be retransmitted to a nonsecure site. Do you wish to continue?"

 

When I continue I am brought to my account page, the address bar shows https//www.mysite.com, but NO padlock at the bottom of the browser.

 

 

Also, if I don't log-in and just go to check out like a normal customer would I get https in the address bar but no padlock at the bottom of the browser.

 

 

Is there a step by strp guide to setting up the SSL?

What can I do?

Link to comment
Share on other sites

Please Help! 

 

I think I got the admin fixed but...

Problem 1:  SECURING ADMIN WITH SSL

 

I fixed my ADMIN/includes/configure.php file changed the following lines, basically I just added the HTTPS and enabled the SSL:

 

(note using "mysite" just as a name)

 

 ?define('HTTP_SERVER', 'https://www.mysite.ca'); 
?define('HTTP_CATALOG_SERVER', 'https://mysite.ca');
?define('HTTPS_CATALOG_SERVER', 'https://www.mysite.ca');
?define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

When I go to the admin page the address bar shows the https://www.mysite.ca/Admin and the padlock is at the bottom of the browser, and when I view other pages in the admin I get the same thing.  BUT

 

"You are not protected by a secure SSL connection" and the padlock is unlocked at the left of the screen (left side of the main/welcome screen).  What's wrong?

 

Also, I can still visit http://mysite.com/ADMIN and https://mysite.com/ADMIN.  Is there a way to force the https if http is entered in the address bar?

PROBLEM 2:  How do I apply SSL to the catolog of my site I tried to enable SSL and applied the HTTPS thing.  But...

 

When I try to log in with my user account I get this message:

 

"You are about to be redirected to a connection that is not secure. 

 

The information you are sending to the current site might be retransmitted to a nonsecure site.  Do you wish to continue?"

 

When I continue I am brought to my account page, the address bar shows https//www.mysite.com, but NO padlock at the bottom of the browser.

Also, if I don't log-in and just go to check out like a normal customer would I get https in the address bar but no padlock at the bottom of the browser.

Is there a step by strp guide to setting up the SSL?

What can I do?

 

Lets start with basics so we are talking the same language

 

SSL does not protect your admin or anything else on your site :D

 

SSL encrypts data transfers between browsers and your server.

 

To protect admin you need to rename admin and then use .htaccess and .htpasswrd protection either directly or via your server mangement application (Cpanel, plesk etc)

 

To force http:// => https:// you might be able to do a 301 redirect (never tried it myself) or even a meta refresh

 

Step by step SSL set up (assuming you have no access to your server root)

 

1) Buy the SSL cert from your issuer - make sure the issuer has a trusted root certificate that is recognised by most browsers (IE) - The issuers faq will tell you.

2) Get your host to generate a CSR (certificate signing request) and a key - For this they will need info such as your domains authorised administrator and their e-mail

3) Once you have the CSR - send it to your issuer from whom you bought the SSL cert

4) They vet the details and write to the administrator requesting authorisation to deliver the SSL cert.

5) Once they deliver the cert to you (via e-mail) you send it to your host who instals it. Sometimes if the issuer is a minor player they may also send what is known as a chain cert - But your host will be able to instal these certs and the key they raised in 2 above.

6) You change your configure.php paths to reflect the name the cert was issued in in the https: paths, enable SSL, and then test to make sure install is correct.

 

Charles

A kite flies highest AGAINST the wind !

 

"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, a lover in one hand, martini in the other, body thoroughly used up, totally worn out and screaming ~ WOO HOO!! What a ride!"

Link to comment
Share on other sites

I GOT THE SSL INSTALLED. I Know what it is and how it works I'm just tyruing to configure it now.

 

I HAD TO SECURE MY ENTIRE CATOLOG TO GET IT TO WORK THERE. Otherwise I would see https in the address bat and no padlock at the bottom of the browser. Also, when signing in I would be at https at the login page, but when I clcik the sign-in button I would get the message popup you are being transferred to a noon secure site.

 

My site is small so I think securing the entire catolog will be ok. Unless you know of a fix?

 

Anonther problem I have is:

 

 

I'm working on securing my Admin section with SSL before moving on to the storefront. Here's what works:

 

The address bar shows https://mysite.ca/ADMIN/

 

The Browser shows the LOCKED Padlock at the bottom

 

My .htaccess file has SSLRequireSSL and it works, so I can only access the Admin with https in the address bar

 

My Admin/configure.php file has

"define('HTTP_SERVER', 'https://www.mysite.ca');"

 

Does the true in the Enable SLL need to have quotes around it i,e, 'true'???

 

When I click on any link in the Admin Area all pages have SSL

 

So why does the admin control panel show an UNLOCKED PADLOCK with the message "You are not protected by a secure SSL connection"?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...