SSL

[cmjeter]

I have read tons of post on this forum about the Lock issues and such with SSL. I have verified that the certifacte is working using IE and if you double click the box that supposed to show the lock you will see the certificate. So I know it is working. I also see https:// on my address bar. Here in is the problem. There are unsecure links I suppose on the pages when you click checkout. On the base install the images in your images directory are showing http:// when your on the checkout screen causing the SSL to say there are non-secure items on the page and will not display the lock. This is a problem to customers and myself actually I want to see the lock. I have a dedicated SSL certifacte and I use Oscommerce in my root of my website. They say you need to hard code the https:// to the image links which makes no sense to me cause the images are in the images directory which is secured by the SSL Certificate. I need the lock to show up. Any help on this would be appreciated. BTW it's a big deal not to see the lock. When I shop if I don't see the lock I don't buy. Thats the bottom line. The other question is to if your usin USPS to ship and it goes out too the US Postal site for information is that unsecure? If so any way to fix? I need the LOCK help please

 

Please help on this issue

 

Thanks

[♥Vger]

Well, it would have helped people to help you if you had posted a link. Otherwise we'd just be guessing.

 

Vger

[cmjeter]

Forgive me. Here is the site.

 

http://www.dljet.com

 

Thanks

[♥Vger]

Your problem is here:

<base href="http://www.dljet.com/">

 

This shows that your configure.php file is not set up correctly, because there should not be a trailing slash on the end of your domain.

 

Also, you may be hosted with someone like 1and1, in which case you need to edit a few files in order to get the ssl lock.

 

This was posted by AlanR (all credit to him for his post):

 

I guess I better add this tip here, it's the logical place after all.

 

This is for people who are having trouble getting ssl to work, especially shared ssl. The way I've written it is oriented towards a 1&1 server but its use is general and applies to all servers.

 

It's all about setting line 41 in application_top.php for those cases where the standard query does not work.

 

This is line 41:

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

Now that's a very narrow test and lots of servers won't respond with on (or at all) to that. So the trick is to find out how the server does respond.

 

Create a little file, I named it myenv.php, with these lines:

 

CODE

<?php

echo 'HTTP HOST: ' . "$HTTP_HOST";

echo '<br>Server Port: ' . getenv('SERVER_PORT');

echo '<br>SSL Status: ' . getenv('HTTPS');

echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER');

echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST');

echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY');

?>

 

If you put that somewhere on the server, probably root and run it like so:

 

https://ssl.shared.com/mydomain.com/myenv.php you'll be able to see how the server responds to these queries. You'll need to change this to fit your situation but you get the idea.

 

Some dedicated ssls respond with a 1 instead of on to No. 3 for example.

 

Shared servers may respond differently to 4 & 5 but 1&1 gives the same response to both.

 

Once you know how the server answers these queries you can figure out the best solution for line 41 in application_top.php.

 

If, for example, you have a dedicated ssl and query 3 returns a 1 then you simply change line 41 to:

 

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

 

Frequently on shared servers you'll get no response at all to getenv('HTTPS'). This is where the other responses are useful (and most people have problems).

 

For example shared 1&1 returns ssl.perfora.net to queries 4 and 5. So setting line 41 line as below does the trick (I'm commenting out the original line for reference).

 

// $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

$request_type = (getenv('HTTP_X_FORWARDED_HOST') == 'ssl.perfora.net') ? 'SSL' : 'NONSSL';

 

Here's another case:

 

The standard ssl port for dedicated ssl is 443 (the standard http port is 80). I've seen dedicated ssl which returns no response for getenv('HTTPS') but does return a 443. In this case you can set line 41, testing for port 443, like so:

 

$request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

 

The best way to use the script is to run it in both http and https environments and look at the differences in the responses. You want to pick a response which is unique to ssl (your https connection), it's no use to pick something which stays the same in both modes, you want to pick something to make a switch.

 

How do you know if your ssl is switching on and off as it should? Simple, in source view, near the top of every page you'll see in your browser you'll find this line:

 

In http (no ssl engaged, regular pages)

 

<base href="http://www.somedomain.com/catalog/"> (assuming you're using the catalog folder)

 

In https (ssl engaged - my account, checkout, etc.)

 

<base href="https://www.somedomain.com/catalog/">

 

or for shared ssl something like this:

 

<base href="https://ssl.myhost.com/somedomain/catalog/">

 

That's it. That's what line 41 is all about, it sets that line. So when you find a broken padlock or the images aren't loading that's the first place you need to look. The goal is to get that switching back and forth as you change from http to https and back.

 

Vger

[cmjeter]

Your problem is here:

<base href="http://www.dljet.com/">

 

This shows that your configure.php file is not set up correctly, because there should not be a trailing slash on the end of your domain.

 

Also, you may be hosted with someone like 1and1, in which case you need to edit a few files in order to get the ssl lock.

 

This was posted by AlanR (all credit to him for his post):

 

I did put a / after the domain name in the configure file. But all that did was put a http://www.dlet.com//index.php double slash after the name.

 

Also where is the <base href="http://www.dljet.com/"> at?

 

Here is my config file.

 

<?php

/*

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright ? 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.dljet.com/'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.dljet.com/'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.dljet.com/');

define('HTTPS_COOKIE_DOMAIN', 'www.dljet.com/');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/home/content/d/l/j/dljeter/html/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

Hope this sheds more light on the subject.

 

I am hosting with godaddy.

 

Thanks

Chris