Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

GeoTrust, 1 and 1, and SSL


Guest

Recommended Posts

I know this is a dead horse, and I have racked through posts all night and tried various configurations to no avail. Frustrating as all get out!

Here's what we have

 

* GeoTrust Premium SSL

* 1 and 1 hosting

 

 

We are trying to get the following to work

 

* Store is non-SSL

* Store goes to SSL upon login or checkout

* Padlock must appear

* Admin side all SSL

* Add the GeoTrust SSL seal to the site homepage

 

We have changed config.php so many times it's getting threadbare :blink:. Is there a definitive solution to make this work - just a point to a posting would be of great help.

 

THANKS!

Link to comment
Share on other sites

I know this is a dead horse, and I have racked through posts all night and tried various configurations to no avail. Frustrating as all get out!

Here's what we have

 

* GeoTrust Premium SSL

* 1 and 1 hosting

We are trying to get the following to work

 

* Store is non-SSL

* Store goes to SSL upon login or checkout

* Padlock must appear

* Admin side all SSL

* Add the GeoTrust SSL seal to the site homepage

 

We have changed config.php so many times it's getting threadbare  :blink:.  Is there a definitive solution to make this work - just a point to a posting would be of great help.

 

THANKS!

 

Replying to myself - how unique! OK - for 1 and hosting, I fixed the first three problems: (Store is non-SSL, Store goes to SSL upon login or checkout, Padlock must appear) with the info in this post:

 

http://www.oscommerce.com/forums/index.php?sho...ndpost&p=283800

 

Now to get the seal problems hammered....

 

Thanks to ALL in the brainrtust here!

Link to comment
Share on other sites

Replying to myself - how unique! OK - for 1 and hosting, I fixed the first three problems: (Store is non-SSL, Store goes to SSL upon login or checkout, Padlock must appear) with the info in this post:

 

http://www.oscommerce.com/forums/index.php?sho...ndpost&p=283800

 

Now to get the seal problems hammered....

 

Thanks to ALL in the brainrtust here!

 

That post/solution does not fix your problem if you have a dedicated ssl.

 

If you check your

 

<base href="http://www.yourdomain.com/catalog/">

 

line near the top of every page you'll find it's always

 

<base href="https://www.yourdomain.com/catalog/">

 

It's always reading files via the ssl link.

 

The correct solution for dedicated ssl with 1&1 is

 

Line 41, application_top.php

 

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

 

Note the '1' instead of the 'on'. It's that simple.

 

Here's a little script you can use to check for yourself.

 

Just name it something like myenv.php and drop it in a folder then run it, say

 

https://www.mydomain.com/myenv.php

 

<?php
  echo 'HTTP HOST: ' . "$HTTP_HOST";
  echo '<br>Server Port: ' . getenv('SERVER_PORT');
  echo '<br>SSL Status: ' . getenv('HTTPS');
  echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER');
  echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST');
?>

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

That post/solution does not fix your problem if you have a dedicated ssl.

 

If you check your

 

<base href="http://www.yourdomain.com/catalog/">

 

line near the top of every page you'll find it's always

 

<base href="https://www.yourdomain.com/catalog/">

 

It's always reading files via the ssl link.

 

The correct solution for dedicated ssl with 1&1 is

 

Line 41, application_top.php

 

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

 

Note the '1' instead of the 'on'. It's that simple.

 

Here's a little script you can use to check for yourself.

 

Just name it something like myenv.php and drop it in a folder then run it, say

 

https://www.mydomain.com/myenv.php

 

<?php
? echo 'HTTP HOST: ' . "$HTTP_HOST";
? echo '<br>Server Port: ' . getenv('SERVER_PORT');
? echo '<br>SSL Status: ' . getenv('HTTPS');
? echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER');
? echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST');
?>

 

 

Hey it worked

 

I had tried it before and it didn't work. I must have completely spaced on that line as I saw it commented out (//).

 

Works like a charm

Link to comment
Share on other sites

Hey it worked

 

I had tried it before and it didn't work. I must have completely spaced on that line as I saw it commented out (//).

 

Works like a charm

 

 

The fix you quoted in your second post is a bad (negative even) solution for dedicated ssl on 1&1. It will make the system appear to work when in reality it's roughly the same as permanently setting this:

 

define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG);

 

Since the test will always resolve true.

 

That eregi solution is a poor fix for shared ssl as well since there's too many ways to mess it up.

 

I posted a much more solid solution here:

 

http://www.oscommerce.com/forums/index.php?sho...ndpost&p=664360

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...