cottonmiller Posted August 2, 2007 Posted August 2, 2007 SSL - A question or two ... Scenario Dedicated Windows Server 2003 (pro package with 1and1) iis v6 (configured to use .php files with php5isapi.dll) dedicated ssl cert from thawte osCommerce Online Merchant v2.2 RC1 PHP Version 5.2.3 (php5isapi.dll) Configuring the config parameters as per the docs ... define('HTTP_SERVER', 'http://www.allweathercovers.co.uk'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.allweathercovers.co.uk'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.allweathercovers.co.uk'); define('HTTPS_COOKIE_DOMAIN', 'allweathercovers.co.uk'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); Other bits defined as usual ... Browsing to https://www.allweathercovers.co.uk returns a blank page no matter what I change. Can Oscommerce use https with php isapi on iis or is it not possible? In addition I have tried various fixes found through the forum but without success including changing all instances of 'getenv' to 'tep_getenv' and using the compatability function in compatability.php function tep_getenv($index) { if (isset($_SERVER[$index])) return $_SERVER[$index]; elseif (isset($_ENV[$index])) return $_ENV[$index]; else return false; } Any ideas ??? James
eitai2001 Posted August 6, 2007 Posted August 6, 2007 Hi. I have a heavily modified osCommerce installation. I have just obtained FreeSSL to test the SSL capabilities of osCommerce and am just waiting for my hosting company to install it. When it is installed, what will be the next step. I know how to configure the configure.php files, but on my server I have two folders ... Public_Html and Public_SSL. Currently all my folders are in public_html, but if I go to the https:// version of my site, it opens up the test index.html file currently in Public_ssl. Will I have to copy all or some of my files to the public_ssl directory, or is there an easier way of going about this. Also, I only want the osCommerce installation to connect to the secure server when a customer is either creating an account, logged in or going through the checkout procedure ... I don't want SSL when just anyone is browsing the site, as I have counters and stuff for statistics that will be disabled when SSL activates. How would I go about this. Regards Itai Etzman. P.s. You can see my site at www.digitaladdiction.co.za and type https:// to see the test file however, you will get a security warning because the certificate isn't installed yet.
eitai2001 Posted August 9, 2007 Posted August 9, 2007 How do i install a verisign ssl cert in osc. You must get your host to give you the CSR with the 100% correct domain name ... if you want to use the www ... then tell them. Then you must go to the verisign website and submit all the correct information along with the CSR they give you (its a bunch of jumbled letters). Then they will verify that its you. Once thats done, they will send you the certificate ... more jumbled info ... which you give back to your host to install. Your host will then either secure the current "Public_HTML" or "httpdocs" or whatever they use in your ftp server ... then just follow the steps in this form to adjust the configure.php. If your host creates a second folder i.e. "Public_SSL" or "httpsdocs" or whatever they call it ... tell them you want to use only 1 folder and that they must make the folder with your current oscommerce data the secured folder ... oscommerce does the rest. On a side note ... I have secured www.digitaladdiction.co.za ... please can anyone go through it and if you get any security warnings or problems ... please e-mail me on [email protected] ... if you want to create an account ... please e-mail me with the name used and I can delete it afterwords. Regards Itai Etzman
Guest Posted September 2, 2007 Posted September 2, 2007 Hi. I have a heavily modified osCommerce installation. I have just obtained FreeSSL to test the SSL capabilities of osCommerce and am just waiting for my hosting company to install it. When it is installed, what will be the next step. I know how to configure the configure.php files, but on my server I have two folders ... Public_Html and Public_SSL. Currently all my folders are in public_html, but if I go to the https:// version of my site, it opens up the test index.html file currently in Public_ssl. Will I have to copy all or some of my files to the public_ssl directory, or is there an easier way of going about this. Also, I only want the osCommerce installation to connect to the secure server when a customer is either creating an account, logged in or going through the checkout procedure ... I don't want SSL when just anyone is browsing the site, as I have counters and stuff for statistics that will be disabled when SSL activates. How would I go about this. Regards Itai Etzman. P.s. You can see my site at www.digitaladdiction.co.za and type https:// to see the test file however, you will get a security warning because the certificate isn't installed yet. You will need to establish a symbolic link between your public_html and Public_SSL folders so that you can use one set of files. Ask you web host to do this for you. Otherwise, you will have to maintain two copies of your files.
loboestepario Posted September 6, 2007 Posted September 6, 2007 PLease where can I find this file? catalog/includes/configure.php I do not know how to access it please respond
pardesi Posted September 24, 2007 Posted September 24, 2007 I am hosted at bluehost and they give a share SSL is this alright ? or do i have to buy extra thing ? Here is what they say about the path can you tell me what exactly i have to put in my Oscommernce config please ? What is the Path to my shared SSL certificate? Solution To use your SSL certificate you would point your hyperlinks that you want to be secure to https://secure.bluehost.com/~yourunixusername Or you can purchase a dedicated ip address from us, for 30.00 per year and install your own SSL certificate that you have purchased. If my transaction pass through paypal I still need to SLL my site ? Thanks for your help :)
Jack_mcs Posted September 25, 2007 Posted September 25, 2007 I am hosted at bluehost and they give a share SSL is this alright ? or do i have to buy extra thing ? Here is what they say about the path can you tell me what exactly i have to put in my Oscommernce config please ? If my transaction pass through paypal I still need to SLL my site ? Thanks for your help :) It isn't whether you need it for paypal but that you need it to not lose customers. They will see that your site is not protected and some will leave. How many can you afford to lose? Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
acemcfly Posted October 9, 2007 Posted October 9, 2007 Hi I've been reading threads on ssl in trying to resolve my issues. made modifications listed but still don't know why my flash header or backround images aren't showing when ssl pages are viewed in Explorer. I've changed all the http links to https in header file and tryed all the methods detailed. My site is www.weaponsdrop.com/catalog catalog/includes configure.php: define('HTTP_SERVER', 'http://www.weaponsdrop.com'); // eg, http://localhost - ... define('HTTPS_SERVER', 'https://www.weaponsdrop.com'); // eg, https://localhost .... define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.weaponsdrop.com'); define('HTTPS_COOKIE_DOMAIN', '.weaponsdrop.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); admin/includes configure.php: define('HTTP_SERVER', 'https://www.weaponsdrop.com'); // eg, http://localhost - ... define('HTTP_CATALOG_SERVER', 'https://www.weaponsdrop.com/catalog'); define('HTTPS_CATALOG_SERVER', 'https://www.weaponsdrop.com/catalog'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module Let me know what you think as this has me prety stumped. Thanks Chris
Jack_mcs Posted October 9, 2007 Posted October 9, 2007 This define('HTTPS_COOKIE_DOMAIN', '.weaponsdrop.com'); should be define('HTTPS_COOKIE_DOMAIN', '.www.weaponsdrop.com'); Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
acemcfly Posted October 10, 2007 Posted October 10, 2007 This define('HTTPS_COOKIE_DOMAIN', '.weaponsdrop.com'); should be define('HTTPS_COOKIE_DOMAIN', '.www.weaponsdrop.com'); Jack Hi Jack I tried that change with and without the . infront of the www.domain.com but the flash header still fails to load. Do you have any other ideas? Thanks Chris
dogtails Posted October 10, 2007 Posted October 10, 2007 Do you have to install all this (which I'm lost with all that talk) when you use paypal only?
dogtails Posted October 10, 2007 Posted October 10, 2007 Do you have to install all this (which I'm lost with all that talk) when you use paypal only? Oh, I just found that same question. I just don't understand how to install it. That seems so complicated and I can't afford any errors to deal with. Can you make it simple stupid :'(
tecno Posted October 12, 2007 Posted October 12, 2007 I bought SSL from Godaddy.com and I host on Godaddy.com. I changed the codes to read like this and nothing happens when i go to SleeveKing.com, so I added www. to https servers in both.... which crashes msSQL database instantly! (my database crashes for minor changes to my site unknowingly) i had to reinstall databases twice I dont want to do it again. Why doesnt sleeveking.com get the lock or ssl?! the only place i see i have SSL is if i go to "https://sleeveking.com/admin]https://sleeveking.com/admin" it shows a lock! includes/configure.php define('HTTP_SERVER', 'http://www.sleeveking.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://sleeveking.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.sleeveking.com'); define('HTTPS_COOKIE_DOMAIN', 'sleeveking.com'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); admin/includes/configure.php define('HTTP_SERVER', 'http://www.sleeveking.com'); // eg, http://localhost - should not be empty for productive servers define('HTTP_CATALOG_SERVER', 'http://www.sleeveking.com'); define('HTTPS_CATALOG_SERVER', 'https://sleeveking.com'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
tecno Posted October 13, 2007 Posted October 13, 2007 i also did the myenv.php trick if you can decipher this for me?! https://sleeveking.com/myenv.php http://sleeveking.com/myenv.php
tecno Posted October 13, 2007 Posted October 13, 2007 1) SSL, https, and lock image ONLY turn on in checkout and my account!!! I thought it wasnt working and reinstalled like 3 times before i went past my index :sweating: 2) "You have unsecure items" ..... click dont show items and you'll see what your exact problems are because they wont show then go fix each of them my problem was the credit card image in my header. you have to change everything to your LOCAL domain http://www.sleeveking.com/images/creditcards.gif /images/creditcards.gif hope this helps some of the newbie stuff you guys passed over quickly, i love figuring things out before someone answers
nikko50 Posted October 24, 2007 Posted October 24, 2007 Does the below look correct assuming if I'm using a shared SSL? define('HTTP_SERVER', 'http://www.mysite.com'); define('HTTPS_SERVER', 'https://ssl.perfora.net/mysite.com'); define('HTTP_SERVER_BREADCRUMB', 'http://www.mysite.com/catalog/index.php'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'www.mysite.com'); define('HTTPS_COOKIE_DOMAIN', 'https://ssl.perfora.net/www.mysite.com'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
nikko50 Posted October 24, 2007 Posted October 24, 2007 Why is the session id being passed in the url like below in my SSL pages?? create_account.php?osCsid=4d6464028d9919aee88485dae8044557
PatForde Posted October 27, 2007 Posted October 27, 2007 I am on the verge of shooting myself with frustration here ! Is there anywhere else other than the 2 config files that could be stopping SSL from working ??? define('HTTP_SERVER', 'http://www.gamesnash.ie'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://gamesnash.ie'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL',true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'http://www.gamesnash.ie'); define('HTTPS_COOKIE_DOMAIN', 'https://gamesnash.ie'); define('HTTP_COOKIE_PATH', '/catalog'); define('HTTPS_COOKIE_PATH', '/catalog'); define('DIR_WS_HTTP_CATALOG', '/catalog'); define('DIR_WS_HTTPS_CATALOG', '/catalog'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); My SSL cert was issued without the www so this is fine and is working fine. I just can't get OSC to use it. Would appreciate any thoughts.
PatForde Posted October 27, 2007 Posted October 27, 2007 Here's a quirky one for you which may help others along the way. Turns out that my host has a slightly modded version of OSC which installs literally with a click of button when you are doing it. However they have their own local configure files referenced around the code which override the configure files that come as standard - and I had to play around with those as well to get it working.
winekeen Posted November 20, 2007 Posted November 20, 2007 Here's a quirky one for you which may help others along the way. Turns out that my host has a slightly modded version of OSC which installs literally with a click of button when you are doing it. However they have their own local configure files referenced around the code which override the configure files that come as standard - and I had to play around with those as well to get it working. Who is your host and what files did you change?
paramaniac Posted November 21, 2007 Posted November 21, 2007 I have created an SSL certificate using cpanel. It is found in: /home/energysa/ssl/certs/ I am using an account set up on a webhosting server. I have editted both configure files as instructed in the beginning of this post. But it's not working. Using firefox, my login, create account and checkout links come back with an error code: -12263 However I can still login to admin and it does not show https in the address bar. My config files are as follows: shop/includes/configure.php define('HTTP_SERVER', 'http://www.energysavedirect.com'); define('HTTPS_SERVER', 'https://energysavedirect.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'www.energysavedirect.com'); define('HTTPS_COOKIE_DOMAIN', 'energysavedirect.com'); define('HTTP_COOKIE_PATH', '/shop/'); define('HTTPS_COOKIE_PATH', '/shop/'); define('DIR_WS_HTTP_CATALOG', '/shop/'); define('DIR_WS_HTTPS_CATALOG', '/shop/'); shop/admin/includes/configure.php define('HTTP_SERVER', 'http://www.energysavedirect.com'); define('HTTP_CATALOG_SERVER', 'http://www.energysavedirect.com'); define('HTTPS_CATALOG_SERVER', 'https://energysavedirect.com'); define('ENABLE_SSL_CATALOG', 'true'); define('DIR_FS_DOCUMENT_ROOT', '/home/energysa/public_html/shop/'); define('DIR_WS_ADMIN', '/shop/admin/'); define('DIR_FS_ADMIN', '/home/energysa/public_html/shop/admin/'); define('DIR_WS_CATALOG', '/shop/'); define('DIR_FS_CATALOG', '/home/energysa/public_html/shop/'); Can anyone tell me what I'm doing wrong or what I need to do to get it working? Cheers, Alex.
jbastow Posted November 25, 2007 Posted November 25, 2007 Hi all, I've installed a certificate from GoDaddy, but I think I've managed to mess up the site big-time. 1. For some reason, my products page is secure, but the shopping cart isn't. Does that make sense? It means that every time some one adds an item from a secure page (products listing) to an unsecure page (shopping cart), they get a warning message saying they are doing so. I'm trying to avoid any and all error messages about my SSL. 2. One you've filled up the shopping cart, clicking on "Checkout" brings you to the log in page, which is secure. I can't log in however - If I use an existing customer log in, it appears to complete the action, but simply refreshes the page - I can't actually get to my checkout pages now! 3. If I then try to create a new account, the page is secure, but when I submit the information, I find myself back in the index page (not the checkout page as I would expect), and find that my shopping cart's been emptied. And then I can't get to the checkout point once I fill my cart because I'm asked to log in. (see problem #2). Fortunately, my admin side seems fine, but the above problems have rendered my site useless! Any help would be greatly appreciated. :blush: Janna
Guest Posted January 7, 2008 Posted January 7, 2008 Hi, when I go on SSL secured pages on my website, the URL in pictures show "http/..." and not "https//..." Example : If I go on https://www.myweb.fr/login.php When I put the mouse on the banner, the URL I see is "http://www.myweb.fr/index.php" But in SSL mode, I should see "https://www.myweb.fr/index.php" , no? if in my configure.php if I put https in the first line: define('HTTP_SERVER', 'https://www.myweb.fr'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.myweb.fr'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? it work perfeclty in https pages. ( but http don't work anymore) and If I write http in 'HTTP_SERVER', I have a secutity alert in https pages (secured and non secured...) Thanks for your help!
Jack_mcs Posted January 8, 2008 Posted January 8, 2008 The 'HTTP_SERVER' shouldn't be set to https so change that. The non-secure warning is because there is some link on the page that is to a unsecure site. You will have to locate that and remove it or change it so it works with ssl pages. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
Recommended Posts
Archived
This topic is now archived and is closed to further replies.