Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Admin HTTPS

billfwi

By billfwi
in General Support

Recommended Posts

billfwi

billfwi

Posted
Posted

My problem has now grown to include no SSL for the Admin section. When I access http://mysite.com/admin, it doesn't swith to the https server. I have checked every config file I could find in the /admin folder and changed all http and https entries to https://mysite.com I have double checked that my server has SSL enabled and it is working.

 

Here is the code from admin/includes/configure.php

 

define('HTTP_SERVER', 'https://mysite.com/'); // eg, http://localhost or - https://localhost should not be NULL for productive servers

define('HTTP_CATALOG_SERVER', 'https://mysite.com/');

define('HTTPS_CATALOG_SERVER', 'https://mysite.com/');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

Thanks in advance for any assistance.

Vger

♥Vger

Posted
Posted

Those settings will only work if you have a full ssl certificate installed on your domain. Simply enabling ssl in osCommerce configure.php files does not mean that you have a full ssl certificate.

 

Even if you do have a full ssl certificate and use those settings in your post it does not prevent someone from accessing your 'admin' landing page via https - only the page links that go from that landing page. To enforce ssl for the whole of admin you would need to use a Force SSL directive in a .htaccess file in your 'admin' folder. .htaccess only works on Apache servers (not Windows), and the force SSL directive does not work on all server configurations - but you can give it a try:

 

SSLRequireSSL
ErrorDocument 403 https://www.yourdomain.com/admin/

 

Vger

billfwi

billfwi

Posted
  • Author
Posted
Those settings will only work if you have a full ssl certificate installed on your domain. Simply enabling ssl in osCommerce configure.php files does not mean that you have a full ssl certificate.

 

Even if you do have a full ssl certificate and use those settings in your post it does not prevent someone from accessing your 'admin' landing page via https - only the page links that go from that landing page. To enforce ssl for the whole of admin you would need to use a Force SSL directive in a .htaccess file in your 'admin' folder. .htaccess only works on Apache servers (not Windows), and the force SSL directive does not work on all server configurations - but you can give it a try:

 

SSLRequireSSL
ErrorDocument 403 https://www.yourdomain.com/admin/

 

Vger

 

I thank you for the information. I can now access /admin under SSL however the other problem I have is that when you place your cursor on a link inside the /admin, it refers to http rather than https for each link. I believe I'm missing something is a configuration file that sets the https rather than http as the link.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...