glamourfish Posted May 3, 2006 Posted May 3, 2006 I have installed my SLL with the service provider. When you go into the cart section of the site the the URL changes to https://.... BUT the padlock still doesn't show up in the browser window. If you click where it is meant to be it gives you certificate details. Anybody know how this can be fixed??? Is it broken???? What do I need to do for it to display? if at first you do succeed...try not to look surprised!
jasonabc Posted May 3, 2006 Posted May 3, 2006 this is due to either a misconfigured config file or an incorrectly installed security certificate. Paste your config file here - minus the db information. Jason My Contributions: Paypal Payflow PRO | Rollover Category Images | Authorize.net Invoice Number Fix
glamourfish Posted May 3, 2006 Author Posted May 3, 2006 Thanks...appreciate the help......here's my file: catalog/includes/configure.php <?php /* osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright ? 2003 osCommerce Released under the GNU General Public License */ // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.g1skatesupply.net'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.g1skatesupply.net'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.g1skatesupply.net'); define('HTTPS_COOKIE_DOMAIN', 'www.g1skatesupply.net'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/home/content/g/1/s/g1skatesupply/html/catalog/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); // define our database connection define('DB_SERVER', '************'); // eg, localhost - should not be empty for productive servers define('DB_SERVER_USERNAME', '***********'); define('DB_SERVER_PASSWORD', '*********'); define('DB_DATABASE', '**********'); define('USE_PCONNECT', 'false'); // use persistent connections? define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' ?> if at first you do succeed...try not to look surprised!
jasonabc Posted May 3, 2006 Posted May 3, 2006 made a couple of tweeks - this is correct now. If this doesn't fix it - the problem lies elsewhere: <?php /* osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright ? 2003 osCommerce Released under the GNU General Public License */ // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://g1skatesupply.net'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://g1skatesupply.net'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'g1skatesupply.net'); define('HTTPS_COOKIE_DOMAIN', 'https://g1skatesupply.net'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/home/content/g/1/s/g1skatesupply/html/catalog/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); Jason My Contributions: Paypal Payflow PRO | Rollover Category Images | Authorize.net Invoice Number Fix
glamourfish Posted May 4, 2006 Author Posted May 4, 2006 Thanks Jason...I tried that but it didn't work. darn it!!! you know what I have noticed though - the padlock icon shows up in mozilla (even before) but not in explorer!!! eh?? if at first you do succeed...try not to look surprised!
glamourfish Posted May 4, 2006 Author Posted May 4, 2006 Thanks Jason...I tried that but it didn't work. darn it!!! you know what I have noticed though - the padlock icon shows up in mozilla (even before) but not in explorer!!! eh?? something else I just noticed as well.....if I refresh the page (in explorer) the padlock shows while it is refresshing, but then when the page is finished loading it goes away!!! Also the blocked cookies (?) is diplaying next to where the padlock should be. It the little ey with a no entry sign icon. if at first you do succeed...try not to look surprised!
jasonabc Posted May 4, 2006 Posted May 4, 2006 well we know there's nothing wrong with the certificate or it's installation because this page: https://g1skatesupply.net/ displays the padlock, the address bar turns yellow (https:// in Firefox) and the page info dialog box confirms that the entire page was encrypted at 256 bit encryption before being transmitted over the internet. So the problem must lie with your store. Are you sure you are using the config file tweeks I added yesterday - I took all the 'www.' references out - but all the links in your store all have 'www.' contained in them....? Jason My Contributions: Paypal Payflow PRO | Rollover Category Images | Authorize.net Invoice Number Fix
glamourfish Posted May 4, 2006 Author Posted May 4, 2006 Hi Jason, I've actually just checked that myself now & saw that the padlock displays as you said! I've including the www & taking it out. Gonna make sure it no longer has the www as you suggested & try again! Dunno if this helps or not, but in my admin page in the bottom left it says I am nt protected by SSL. ??? did you see that if you refresh the page the padlock shows up for a second? - But only if using the www if at first you do succeed...try not to look surprised!
AlanR Posted May 4, 2006 Posted May 4, 2006 Actually your certificate works for either the www or the non www version of the domain name. But you've got a broken padlock at: https://g1skatesupply.net/catalog/login.php? <base href="http://g1skatesupply.net/catalog/"> See: http://www.oscommerce.com/forums/index.php?sho...23entry672623 Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)
glamourfish Posted May 4, 2006 Author Posted May 4, 2006 Thanks Alan...yeh I just notced that. been reading over that thread you referred me too. Are you saying that line 41 of my catalog/includes/application_top.php must read as follows: $request_type = (getenv('HTTP__X_FORWARDED_HOST'') == '*****') ? 'SSL' : 'NONSSL'; ??? where ***** = something to do with ssl. Sorry I am confused! :blink: But what I did try was this - I deleted my application_top.php file to see what happens. The page obviously breaks, BUT the padlock is there!!! Does this mean the error is in my application_top.php file??? {catalog/includes/application_top.php} if at first you do succeed...try not to look surprised!
glamourfish Posted May 4, 2006 Author Posted May 4, 2006 Blood sweat & tears later................................ THANK YOU THANK YOU THANK YOU!!!!!!!!! (Alan & Jason)....I think I got it FINALLY!!! This is what I did in case anybody ever experiences the same thing: i used this method - create the php file ssl_test.php - saved in root folder <?php echo 'HTTP HOST: ' . "$HTTP_HOST"; echo '<br>Server Port: ' . getenv('SERVER_PORT'); echo '<br>SSL Status: ' . getenv('HTTPS'); echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER'); echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST'); echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY'); ?> then went to https://domain.net/ssl_test.php returned the server port as 443 so I changed line 41 of catalog/includes/application_top.php as follows: FROM: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; TO: $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; AND IT WORKS NOW!!!! Just one last question!!! Will this work now or is it possible that the server port can change in future???? if at first you do succeed...try not to look surprised!
glamourfish Posted May 4, 2006 Author Posted May 4, 2006 sorry...make that 2 question: question 2 - why does my admin cPanel still say that I am NOT protected by SSL? if at first you do succeed...try not to look surprised!
jasonabc Posted May 5, 2006 Posted May 5, 2006 Actually your certificate works for either the www or the non www version of the domain name. Hey Alan - actually I have to disagree with you here. The security certificate on my site has been installed for https://mysite.tv. If I try and browse to https://www.mysite.tv however, Firefox pops up a security alert box telling me there has been a domain name mismatch and IE7 displays a full blown security certificate error page. I have always had to be very specific with my ISP's on this issue when they go to install security certificate's on my client's sites. regards Jason Jason My Contributions: Paypal Payflow PRO | Rollover Category Images | Authorize.net Invoice Number Fix
jasonabc Posted May 5, 2006 Posted May 5, 2006 question 2 - why does my admin cPanel still say that I am NOT protected by SSL? Because ENABLE_SSL is set to false in your Admin config file ;-) Honestly - don't worry about your Admin Tool being over an SSL connection. It's unneccessary. Jason My Contributions: Paypal Payflow PRO | Rollover Category Images | Authorize.net Invoice Number Fix
glamourfish Posted May 5, 2006 Author Posted May 5, 2006 Ah right...i get it now. The admin tool isn't reading what the rest of the site is doing. Makes sense. Thanks for all your help...to all of you! much appreciated!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! thanks thanks thanks!! if at first you do succeed...try not to look surprised!
♥Vger Posted May 5, 2006 Posted May 5, 2006 This is incorrect. The cookie domain is a domain and not a url: define('HTTPS_COOKIE_DOMAIN', 'https://g1skatesupply.net'); should be: define('HTTPS_COOKIE_DOMAIN', 'g1skatesupply.net'); Vger made a couple of tweeks - this is correct now. If this doesn't fix it - the problem lies elsewhere: <?php /* osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright ? 2003 osCommerce Released under the GNU General Public License */ // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://g1skatesupply.net'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://g1skatesupply.net'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'g1skatesupply.net'); define('HTTPS_COOKIE_DOMAIN', 'https://g1skatesupply.net'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/home/content/g/1/s/g1skatesupply/html/catalog/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');
AlanR Posted May 5, 2006 Posted May 5, 2006 Hey Alan - actually I have to disagree with you here. The security certificate on my site has been installed for https://mycommerce.tv. If I try and browse to https://www.mycommerce.tv however, Firefox pops up a security alert box telling me there has been a domain name mismatch and IE7 displays a full blown security certificate error page. That's true for you and most others. It's not the case for glamourfish though. Did you check? https://g1skatesupply.net/catalog/login.php? https://www.g1skatesupply.net/catalog/login.php? Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)
nevergiveup Posted July 15, 2008 Posted July 15, 2008 This is for anybody looking for further help on this subject. I too was getting the Firefox padlock with a slash through it, meaning the page has both secure and unsecure items/links/images. This problem could be a lot of things wrong with the page and setup of config but here is what my problem was. I never thought to look in the osCommerce Knowledge Base on this site for help..DUH! that should be the first place to look in, not the last.. live and learn....I found my answer there. SSL - page contains secure and non secure items Here is the link: http://www.oscommerce.info/kb/osCommerce/G...mon_Problems/75 My problem was with Google Analytics in the footer. I used the below script so Google Analytics is ignored ONLY on secure pages. I assume Google Analytics will not keep track of the secure pages which I don't mind because Google should not know this information anyway. <?php if ($request_type != 'SSL') { <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"> </script> <script type="text/javascript"> _uacct = "**-*******-*"; urchinTracker(); </script> } ?> (don't forget to add your own account number in the "**-*******-*") Your case may be a different unsecured link or image...The way to trouble shoot is make a text page with the suspicious http links or images in your textEdit app on your computer and name it testpage.php put this on your server in catalog. ...Open this page in firefox browser as https://yourwebsite/catalog/testpage.php Look for the lock and see your results. Try this with each suspicious link one by one to find the problem link. Once you find the problem link or image change it to how it is suppose read so SSL Padlock is fully working. Here is a copy: 2. This page has both secure and insecure items This alert appears if the secured page the browser is trying to show has objects or references that point to non secured domains. So for instance if you had a graphical image of credit cards as processed by your gateway and say you were hotlinking to the images with a piece of code such as <img src="http://mycreditcardprocessor.com> That image is not on your encrypted domain hence the alert would show. Often this problem will appear from one or more of three sources: • Where you are hotlinking images for your products from the wholesalers server • • Objects in your footer • • Objects in your boxes in the columns 3. Fixing SSL Problems If the problem is an image you are hotlinking you need to ask the owner if you can have access to the image and place it in your own images directory under the encrypted domain and then change the path in your footer so that it now references the image in your domain. <?php echo tep_image(DIR_WS_IMAGES . 'my_image.gif', 'my ALT text', '100', '150'); ?> All images which are also hyperlinks should be referenced in the following way: <?php echo '<a href="' . tep_href_link('your_directory/your_page.php') . '">' . tep_image(DIR_WS_IMAGES . your_image.gif) . '</a>'; ?> If you are using images in the stylesheet for backgrounds they should also use the relative address ... e.g. images/my_background.gif If you have for instance a visitor counter that goes back to the counter owners server to process info - you may be able to construct an if else statement around the counter using php such that if the $request_type is SSL then do not go to the counter owners site. For Google ads the script has to go back to google - not on your domain which gives the problem so use the following construct to prevent google ads from showing iF the browser is on a secure page: <?php if ($request_type != 'SSL') { ..... ..... ..... src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script> ..... ..... } ?> Remember the Problem link or image can be in the header, footer, Boxes, columns and the main page. It's usually something you added so you have to think back what links you added and go from there. Hope this helps someone because it took me 4 days to figure it out and if this was here I would of found how to fix the problem right away.
nevergiveup Posted July 15, 2008 Posted July 15, 2008 My problem was with Google Analytics in the footer. I used the below script so Google Analytics is ignored ONLY on secure pages. I assume Google Analytics will not keep track of the secure pages which I don't mind because Google should not know this information anyway. <?php if ($request_type != 'SSL') { <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"> </script> <script type="text/javascript"> _uacct = "**-*******-*"; urchinTracker(); </script> } ?> (don't forget to add your own account number in the "**-*******-*") OPPS.... this is the correct way for Google Analytics to work with SSL so the Padlock is fully Locked: <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"></script> <script type="text/javascript"> _uacct = "**-*******-*"; urchinTracker(); </script>
Guest Posted August 29, 2008 Posted August 29, 2008 Having followed all the instructions here and in the KB regarding images and off site links, I still get the warning about insecure items. When I display them they are still the two that I changed the code for? I have now removed the off site links all together and still the message pops up :blink: Signed Confused in Scotland
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.