Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL on my osCommerce website


Swindon_Boy

Recommended Posts

Looks like you're not configured to go ssl in your configure.php. Try posting your configure.php without the database info and someone will help.

Link to comment
Share on other sites

my configure.php looks like this, any help gratefully accepted.

 

 

<?php

/*

$Id: configure.php,v 1.14 2003/07/09 01:15:48 hpdl Exp $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://black-thong.com');

define('HTTPS_SERVER', 'https://black-thong.com');

define('ENABLE_SSL', false); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'http://black-thong.com');

define('HTTPS_COOKIE_DOMAIN', 'https://black-thong.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/osCommerce/');

define('DIR_WS_HTTPS_CATALOG', '/osCommerce/');

define('DIR_WS_IMAGES', '/osCommerce/images/');

define('DIR_WS_ICONS', '/osCommerce/icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']));

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

Link to comment
Share on other sites

enable ssl is set to false!

your secure cookie path isn't defined

and your cookie domains don't look right. There's something I set up that works for me but someone like jack mcs knows a more accurate way to define them.

Link to comment
Share on other sites

he's a good helper here on the board. Here's mine, but he knows something a bit more universal or accepted (mine works fine)

  define('HTTP_SERVER', 'http://www.gardenvines.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.gardenvines.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.gardenvines.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.gardenvines.com');
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', 'www.gardenvines.com/catalog/');

Link to comment
Share on other sites

Your certificate is made out to www.yourdomain.com and not to yourdomain.com. Hence your settings should be:

 

define('HTTP_SERVER', 'http://ww.black-thong.com');

define('HTTPS_SERVER', 'https://www.black-thong.com');

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.black-thong.com');

define('HTTPS_COOKIE_DOMAIN', 'www.black-thong.com');

 

Vger

Link to comment
Share on other sites

Any more ideas anyone?

 

Yes, follow the advice in my post. I just went back to your site and the https pages are still set to https://yourdomain.com and not to https://www.yourdomain.com.

 

These settings are not optional.

 

Your certificate is made out to www.yourdomain.com, and that's the way the configure.php files must be set up.

 

Vger

Link to comment
Share on other sites

Look for page elements that are not secure like images hosted elsewhere. Did you take Rhea's advice about the www in your cert? You must refer to it properly. I get a warning when I try to go to your My Account page. You'll do your competition great favors if you don't fix this.

Link to comment
Share on other sites

Ok, I have set my configure.php to the following and the padlock still disapears. Sorry to seem thick, I have not done this before.

 

:'(

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.black-thong.com/');

define('HTTPS_SERVER', 'https://www.black-thong.com/');

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.black-thong.com/');

define('HTTPS_COOKIE_DOMAIN', 'www.black-thong.com/');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/osCommerce/');

define('DIR_WS_HTTPS_CATALOG', '/osCommerce/');

define('DIR_WS_IMAGES', '/osCommerce/images/');

define('DIR_WS_ICONS', '/osCommerce/icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

Link to comment
Share on other sites

The SSL cert is working fine now, exactly as it should do.

 

I think that maybe there's some confusion over how the ssl works. You don't have all of your store behind ssl, only parts of it, the parts that need to be secure.

 

So the Create Account and Login pages are https (because they send data), and the My Account area is under https (again it sends data when updating/editing), and most of the Checkout Process is under SSL, but not the Shopping Cart itself (not actually part of the checkout process).

 

Vger

 

p.s.

 

These are wrong:

 

define('DIR_WS_IMAGES', '/osCommerce/images/');

define('DIR_WS_ICONS', '/osCommerce/icons/');

 

take out the /osCommerce/ because that's already covered.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...