Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Something wrong with my SSL


mbh-imports

Recommended Posts

I read lots of postings about problems with the SSL and I tried a lot of things, but I can?t make it work properly.

This is what happens: I go to https://mbh-imports.com/catalog and it is fine, but when I click on something, it changes to http://

 

This is what I did to the catalog/includes/configure.php file:

 

define('HTTP_SERVER', 'https://mbh-imports.com');

define('HTTPS_SERVER', 'https://mbh-imports.com');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'https://mbh-imports.com');

define('HTTPS_COOKIE_DOMAIN', 'https://mbh-imports.com');

define('HTTP_COOKIE_PATH', 'https://mbh-imports.com');

define('HTTPS_COOKIE_PATH', 'https://mbh-imports.com');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

Please let me know what I am doing wrong.

Thanks a million,

Martin

Link to comment
Share on other sites

Try the following:

 

define('HTTP_SERVER', 'http://mbh-imports.com'); 
define('HTTPS_SERVER', 'https://mbh-imports.com'); 
define('ENABLE_SSL', true); 
define('HTTP_COOKIE_DOMAIN', 'mbh-imports.com');
define('HTTPS_COOKIE_DOMAIN', 'mbh-imports.com');
define('HTTP_COOKIE_PATH', 'mbh-imports.com/catalog/');
define('HTTPS_COOKIE_PATH', 'mbh-imports.com/catalog/');
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

Matti

 

*edit* - I copy and pasted and didn't notice the first has https - sorry! :blush:

Link to comment
Share on other sites

I do not think that changing the configure.php file as below is

a good idea.

 

define('HTTP_SERVER', 'https://mbh-imports.com');

define('HTTPS_SERVER', 'https://mbh-imports.com');

 

I think that the function tep_href_link is inportant in the

way that SSL works.

 

I have been trying to get this working aswell.

When calling the tep_href_link you can specify

SSL or NONSSL which will set up the required link in the

HTML. I have assumed that it is not necessary to to go

via SSL when browsing the catalog for example ( the overhead

of SSL slows access times down - so only I asssume to

only use it where necessary). I

believe that OCS is set up to to use SSL only when necessary.

Link to comment
Share on other sites

Try:

define('HTTP_SERVER', 'http://www.mbh-imports.com');

define('HTTPS_SERVER', 'https://www.mbh-imports.com');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', '.mbh-imports.com');

define('HTTPS_COOKIE_DOMAIN', '.mbh-imports.com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

 

If you don't have a dedicated cert, you'll need to adjust the https paths as appropriate to make it work with a shared cert.

Link to comment
Share on other sites

Those settings are correct, but you don't need the dot before your domain in the cookie domain (as your cert is issued to mbh-imports.com).

 

define('HTTP_COOKIE_DOMAIN', 'mbh-imports.com');

define('HTTPS_COOKIE_DOMAIN', 'mbh-imports.com');

 

The reason you are getting errors is because this cert is issued by H-sphere (your web hosting control panel) and is not from a trusted provider of ssl certs. You cannot get rid of this error. You need to buy a proper ssl cert from a trusted provider, or use a shared ssl cert which does not throw up these warnings.

 

It is possible that you have purchased a full ssl cert - but that the server has not been rebooted to complete the install process - in which case get your host to reboot (but only if you actually bought a full ssl cert).

 

Vger

Link to comment
Share on other sites

The reason it's not working for you is because your includes/configure.php file does not have ssl enabled. Look for the entry which says enable_ssl and set to true.

 

If it is set to true, then your https_server entry is set to http://yourdomain.com and not https.

 

Vger

Link to comment
Share on other sites

this is how my include/configure.php file looks like:

 

define('HTTP_SERVER', 'http://mbh-imports.com');

define('HTTPS_SERVER', 'https://mbh-imports.com');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'mbh-imports.com');

define('HTTPS_COOKIE_DOMAIN', 'mbh-imports.com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', '/catalog/images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

this code doesn't work for me.

 

**Lowpriced (is my hosting company) however, they are resellers of vip-hosting.com.

 

Thanks,

Martin

Link to comment
Share on other sites

This is how my admin/includes/configure.php looks like:

 

define('HTTP_SERVER', '');

define('HTTP_CATALOG_SERVER', 'https://www.mbh-imports.com');

define('HTTPS_CATALOG_SERVER', 'https://www.mbh-imports.com');

define('ENABLE_SSL_CATALOG', true); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT);

define('DIR_WS_ADMIN', '/admin/');

define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);

define('DIR_WS_CATALOG', '/catalog/');

define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);

Link to comment
Share on other sites

Above you can see my admin/includes/configure.php and my catalog/includes/configure.php.

 

I still can't make the check out process to be secure.

Anyone has another suggestion?

 

Thanks for all your help,

Martin

Link to comment
Share on other sites

This code in header.php:

<?php echo tep_href_link(FILENAME_ACCOUNT, '', 'SSL'); ?>" class="headerNavigation"><?php echo HEADER_TITLE_MY_ACCOUNT; ?></a>

 

Creates the hyperlink to the account. As you can see (unless it has been modified), it passes the SSL parameter to the tep_href_link() function...

 

 

So let's look at this function in html_output.php:

 

  function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) {
   global $request_type, $session_started, $SID;

   if (!tep_not_null($page)) {
     die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine the page link!<br><br>');
   }

   if ($connection == 'NONSSL') {
     $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
   } elseif ($connection == 'SSL') {
     if (ENABLE_SSL == true) {
       $link = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG;
     } else {
       $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
     }
   } else {
     die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine connection method on a link!<br><br>Known methods: NONSSL SSL</b><br><br>');
   }

 

 

In particular, this:

 if ($connection == 'NONSSL') {
     $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
   } elseif ($connection == 'SSL') {
     if (ENABLE_SSL == true) {
       $link = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG;
     } else {
       $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
     }

 

So you can see that if the $connection parameter is being passed as SSL (and it is), and if ENABLE_SSL is true (which you say it is in your configure.php file)

then there is no reason why the link isn't https:// (i.e HTTPS_SERVER)

 

Please check the above files and make sure your code looks the same.

Link to comment
Share on other sites

Your configure.php files don't have much wrong with them, just this in includes/configure.php: define('DIR_WS_IMAGES', '/catalog/images/');

which should be: define('DIR_WS_IMAGES', 'images/'); and this in admin/includes/configure.php (which should not be left empty): define('HTTP_SERVER', '');

 

It may be that you are having the same problem suffered by people with some other hosting companies. Use the 'Search' function and search for all posts on "1and1" (enclose with the quotes).

 

Vger

Link to comment
Share on other sites

Try doing a bit of trouble-shooting - eg try <?php echo HTTPS_SERVER; ?> in one of your info pages

(for example), to make sure that this value is actually being retrieved correctly. I cannot see how any sort of host's configuration can make this not work...

 

maybe try the same in the tep_href_link() function, but be warned - this is called multiple times, so your pages will have a load of text next to all the links.

 

Try the same with the other variables and in other places. You need to be a bit more pro-active to hunt the problem down!

Link to comment
Share on other sites

I cannot see how any sort of host's configuration can make this not work

 

More than one host uses '1' instead of 'on' for SSL in includes/application_top.php, and there are various other fixes available for a variety of hosting setups.

 

Vger

Link to comment
Share on other sites

Yes, as I mentioned, this is the $request_type variable setting - but check the links (on "My Account" in the header for example) - they are not even https - this has nothing to do with the host or the setting of $request_type, as the code I posted demonstrates.

Link to comment
Share on other sites

Check that you do not have a configure.php file in the /includes/local/ directory as this will override the one in /includes/ :D

 

Matti

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...