Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

SSL Certificate installed and enabled - strange behaviour

damianbunn

By damianbunn
in General Support

Recommended Posts

damianbunn

damianbunn

Posted
Posted

Hi,

 

Just had an SSL cert setup with Network solutions. I have amended the two configure files and am getting a problem/unusual result.

 

1. When using the URL to go to the admin page I am asked to login as normal. This is set in htaccess. The URL at the top is correct and showing http://. The login box then comes up again and I enter the same credentials and it goes through. The difference is however the www has been stripped out.

 

If I use https:// as part of the path I have to log in three times and the end result is the same, the www is stripped out. As you suspect the connection is not encrypted as the url is incorrect.

 

2. When using the catalog page I go to checkout. I am told that I am going to a secure connection. OK that is good. I enter my login name and password (notice no padlock at the bottom). I click on Sign In and I get a message that I am going into an unsecure connection. Seems fairly normal to me apart the lack of padlock on the previous screen.This then logs into my account.

 

When I checkout I again get the entering a secure connection message and it proceeds. No padlock again.

 

All done in ie6.

 

When I do the same in Firefox I at least see a padlock with a line through it. Firefox tells me that the page is partially unencrypted.

 

I have checked the page and cannot see any external references.

 

Am I doing something terribly wrong here.

 

Damian

 

ps.

 

To add to this what I think is happening is that when I view the source there are lots of http:// requests to items within the catalog. If I change the URL in configure.php to https:// this works. However everything is then encrypted on the page regardless of if I am logged in or not. Is that correct behaviour ?

damianbunn

damianbunn

Posted
  • Author
Posted
Posting a link to your site and your includes/configure.php file will help.

 

Oops.

 

The Catalog is at http://www.koi-waterlife-centre.com/eShop/catalog

 

The configure.php from eShop/catalog/includes is:-

 

define('HTTP_SERVER', 'http://www.koi-waterlife-centre.com');

define('HTTPS_SERVER', 'https://www.koi-waterlife-centre.com');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'www.koi-waterlife-centre.com');

define('HTTPS_COOKIE_DOMAIN', 'www.koi-waterlife-centre.com');

define('HTTP_COOKIE_PATH', '/eShop/catalog/');

define('HTTPS_COOKIE_PATH', '/eShop/catalog/');

define('DIR_WS_HTTP_CATALOG', '/eShop/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/eShop/catalog/');

define('DIR_WS_IMAGES', 'images/');

 

and from admin is:-

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.koi-waterlife-centre.com');

define('HTTP_CATALOG_SERVER', 'http://www.koi-waterlife-centre.com');

define('HTTPS_CATALOG_SERVER', 'https://www.koi-waterlife-centre.com');

define('ENABLE_SSL_CATALOG', 'true');

 

 

Damian

kgt

kgt

Posted
Posted

Your <base href> tage is http, which is making all your images non-secure, which is making the page non-secure. It sounds like you may have more than one problem going on, but it's best to solve them one at a time.

 

The code that determines whether your site should have a secure base href is in includes/application_top.php around line 40:

 

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

This code doesn't work on all servers. If you're on a windows server, then

 

$request_type = ($_SERVER['HTTPS']) == 'on') ? 'SSL' : 'NONSSL';

 

May work. If it does not, try

 

$request_type = ($_SERVER['SERVER_PORT'] == '443') ? 'SSL' : 'NONSSL';

 

That will hopefully solve the broken padlock issue.

Contributions

 

Discount Coupon Codes

Donations

damianbunn

damianbunn

Posted
  • Author
Posted
Your <base href> tage is http, which is making all your images non-secure, which is making the page non-secure. It sounds like you may have more than one problem going on, but it's best to solve them one at a time.

 

The code that determines whether your site should have a secure base href is in includes/application_top.php around line 40:

 

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

This code doesn't work on all servers. If you're on a windows server, then

 

$request_type = ($_SERVER['HTTPS']) == 'on') ? 'SSL' : 'NONSSL';

 

May work. If it does not, try

 

$request_type = ($_SERVER['SERVER_PORT'] == '443') ? 'SSL' : 'NONSSL';

 

That will hopefully solve the broken padlock issue.

 

Running on a Unix/Linux server. Tried all the same and it did not work :(

 

Damian

Vger

♥Vger

Posted
Posted

Those fixes were valid whatever type of server they are used on. The fact is that your hosting company uses a non-standard method of ssl (maybe a different port number other than 443). You need to ask them which port they are using for ssl.

 

Vger

damianbunn

damianbunn

Posted
  • Author
Posted
Those fixes were valid whatever type of server they are used on. The fact is that your hosting company uses a non-standard method of ssl (maybe a different port number other than 443). You need to ask them which port they are using for ssl.

 

Vger

 

Vger,

 

Thanks so far. I must confess I did not try the first line as you mentioned if I were running Windows so I guessed it would not work. I have however now tried it, had to put a ( after the first "=" as I got a parse error $request_type = (($_SERVER['HTTPS']) == 'on') ? 'SSL' : 'NONSSL';

 

Still however did not work. I will check about port 443, i'd be suprised if they used anything other as this is Network Solutions I am using (www.networksolutions.com).

 

Looking at the source of the output there are a lot of http:// calls rather than https:// which I imagine would through up the unencrypted content. The base URL is also showing as http://www.koi-waterlife-centre.com.

 

Any more thoughts would be great.

 

Damian

damianbunn

damianbunn

Posted
  • Author
Posted
Look at the March 25th post by AlanR in this thread:

http://www.oscommerce.com/forums/index.php?sho...36entry824536

 

Vger

 

Thanks

 

I checked the post and made the following amendments:-

 

in includes/application_top.php

 

// Fix to get around the lack of padlock

$request_type = (getenv('HTTP_X_FORWARDED_HOST') == 'www.koi-waterlife-centre.com') ? 'SSL' : 'NONSSL';

 

in includes/configure.php

 

define('HTTP_SERVER', 'http://koi-waterlife-centre.com');

 

and in the general.php file

 

// if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) { // We are loading an SSL page

if ( (ENABLE_SSL == true) && ($request_type == 'SSL') && (getenv('HTTP_X_FORWARDED_HOST') == 'koi-waterlife-centre.com') ) {

if (substr($url, 0, strlen(HTTP_SERVER)) == HTTP_SERVER) { // NONSSL url

$url = HTTPS_SERVER . substr($url, strlen(HTTP_SERVER)); // Change it to SSL

}

}

 

 

This works for both ie and firefox. I get the padlock. Only issue with this now is that when I enter the initial URL www.koi-waterlife-centre.com/eShop/catalog I get the going to a secure connection message which itself is not a problem and I can see padlock. I then get a message that the page includes unsecure information also. Login and checkout all work fine.

 

Damian

 

ps. Will test admin later today and see how I get on.

damianbunn

damianbunn

Posted
  • Author
Posted
Hi

 

Did you get this sorted ? I am having similiar problems .

 

Thanks

Martin

 

Martin,

 

Yes I did. There is another post about some bugs with SSL that I went through. If I can dig out all the info I'll let you know.

 

Damian

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...