How to install SSL on OSC: A Simple 1-2-3 Instruction

[sLaV-]

having a bit of trouble with our SSL ... our catalog is located at http://www.ourdomain.com.au and our secure site is located at https://secure.ourdomain.com.au

 

heres our includes/configure.php

  define('HTTP_SERVER', 'http://www.ourdomain.com.au'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://secure.ourdomain.com.au'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', '.ourdomain.com.au');
 define('HTTPS_COOKIE_DOMAIN', 'secure.ourdomain.com.au');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');

 

heres our admin/includes/configure.php

  define('HTTP_SERVER', 'https://secure.ourdomain.com.au'); // eg, http://localhost - should not be empty for productive servers
 define('HTTP_CATALOG_SERVER', 'https://secure.ourdomain.com.au');
 define('HTTPS_CATALOG_SERVER', 'https://secure.ourdomain.com.au');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

Doesnt seem to be working well...when I goto login it doesnt log the user in at all ... can anyone help?? Cheers

[germ]

I'd put a period in here:

 

  define('HTTPS_COOKIE_DOMAIN', 'secure.ourdomain.com.au');

like you did the other cookie domain:

 

  define('HTTPS_COOKIE_DOMAIN', '.secure.ourdomain.com.au');

If you have Firefox with the Web Developer plugin you can see if the site is making any cookies at all, and if so you can see if they have the osCid in them.

 

Sometimes shared SSL and osC can be a real... Well... You know...

;)

[sLaV-]

I'd put a period in here:

 

  define('HTTPS_COOKIE_DOMAIN', 'secure.ourdomain.com.au');

like you did the other cookie domain:

 

  define('HTTPS_COOKIE_DOMAIN', '.secure.ourdomain.com.au');

If you have Firefox with the Web Developer plugin you can see if the site is making any cookies at all, and if so you can see if they have the osCid in them.

 

Sometimes shared SSL and osC can be a real... Well... You know...

;)

 

Thanks Jim think we got it all sorted ... had to update some links that we had which was causing some issues ... this is a dedicated SSL our host wouldnt allow us to have https://www.ourdomain.com.au for some reason...so had to get secure.ourdomain.com.au and got our own SSL through GoDaddy :)

 

 

Cheers again :)

[fun2o]

What is that??

 

I'm not worried about whether or not OSC says you're secured in your initial admin page. You want https:// only links once you click on anything within your initial admin page.

 

Hi weber,

 

Please, I have just installed SSL certificate on the site I am working on, it was installed by my hosting company, it seem to be working fine afterall it shows proper addresses and the padlock whenever one go to the secured page.

But the problem is that all the images, logo, banner on these secured pages such as the login, my_account, checkout will not show.

I have actually check through the configuration.php files, comparing them to many of your comments, they seem OK.

Please, kindly give me an idea of what might be wrong. I will highly appreciate your assistance. I have actually spent sleepless nights on these.

 

Waidi

[germ]

Without a link to your site so the HTML source can be examined, resolution of your problem in a timely manner is highly unlikely.

:(

[OSC_FREAK]

I have a dedicated SSL running on plesk. I tested my webstore by purchasing some products.

 

How in the world is it possible that it keeps redirecting to the login page after trying to check out? If i disable SSL everything seems to work fine...

 

any solution?

[germ]

I'd say one or both of these in your configure file aren't defined correctly:

 

  define('HTTPS_COOKIE_DOMAIN', '');
 define('HTTPS_COOKIE_PATH', '');

I'd try these settings:

 

  define('HTTPS_COOKIE_DOMAIN', '.domain.com');
 define('HTTPS_COOKIE_PATH', '/');

Replace domain.com with your domain name.

[sLaV-]

Hi,

 

I don't know what is happening here but on my machine when I try to access our secure page in IE I get the following message:

 

The security certificate presented by this website was not issued by a trusted certificate authority.

 

This problem may indicate an attempt to fool you or intercept any data that you send to the server.

 

We recommend that you close this webpage.

 

I tried on some of my mates' PCs and it works fine ... what could be causing this?? Any ideas??

 

 

Thanks for your time!

[meulenb]

Hi,

 

I'm having a dedicated SSL installed but I'm getting the "do you want to display nonsecure items" in IE. I've I hit "No", the entire page loads except for the background image.

 

Am I then right in saying that since the background image didn't load it is the nonsecure target to fix?

 

if so, the background is defined in the stylesheet with a url that goes to internal image directory (background: url(http://www.houseofespresso.nl/catalog/images/wood_BGnewbright.jpg) repeat 0 12px;)

 

What to do in order to make the background a secured item?

[germ]

background: url(images/wood_BGnewbright.jpg) repeat 0 12px;

[meulenb]

background: url(images/wood_BGnewbright.jpg) repeat 0 12px;

 

Too easy... :blush: I thought this wasn't always possible with css. Many thanks!!

[meulenb]

Ok, I thought I was there with all pages working ok. But having further tested the SSL pages I'm now stuck on the [checkout_shipping.php] page.

 

The moment I set the 'ENABLE_SSL_CATALOG' to True in the includes/configure.php, the checkout_shipping.php starts appearing without any site format and layout, it's a blank page with only headers and standard text on it and the button for Changing the address.

 

Actual data such as the address as well as choice of shipping method, remarks field and the Continue button have disappeared.

 

 

I'm now thinking I might have to set SSL to "Yes" somewhere but have no clue where. The checkout pages haven't been changed heavily, key code should still be the default OsC one.

 

anyone any clue?

[germ]

You wouldn't be on one of those servers where you have a folder for HTTP and a separate folder for HTTPS would you?

:unsure:

 

I created an account and got to the checkout_shipping page (then manually changed the URL to HTTPS) and 3/4 of the page just disappears!

:o

 

It's even gone in the HTML source....

:blink:

 

I've never seen a page act like that.....

:(

[Guest]

Hey Jim,

 

What are the ramifications between having a server where you have a seperate public_html and private_html folders as opposed to just one. Are there benefits or just annoyances?

[germ]

IMHO it's just a large annoyance.

<_<

 

If it's setup that way you just have to remember to keep them "in-sync".

 

Servers setup that way should be shot into orbit...

:blink:

[AM/PM-Girl]

Ok, I thought I was there with all pages working ok. But having further tested the SSL pages I'm now stuck on the [checkout_shipping.php] page.

 

The moment I set the 'ENABLE_SSL_CATALOG' to True in the includes/configure.php, the checkout_shipping.php starts appearing without any site format and layout, it's a blank page with only headers and standard text on it and the button for Changing the address.

 

Actual data such as the address as well as choice of shipping method, remarks field and the Continue button have disappeared.

 

 

I'm now thinking I might have to set SSL to "Yes" somewhere but have no clue where. The checkout pages haven't been changed heavily, key code should still be the default OsC one.

 

anyone any clue?

 

 

I have a similar issue. If a customer choses to PWA the checkout_shipping.php will NOT be SSL enabled. However if the customer choses to create a new account or if they are a returning customer the checkout_shipping.php will be SSL enabled. This is the only page has this issue with this configuration.

 

Does anyone have any idea why?

 

Your help and guidance is appreciated

[meulenb]

You wouldn't be on one of those servers where you have a folder for HTTP and a separate folder for HTTPS would you?

:unsure:

 

I created an account and got to the checkout_shipping page (then manually changed the URL to HTTPS) and 3/4 of the page just disappears!

:o

 

It's even gone in the HTML source....

:blink:

 

I've never seen a page act like that.....

:(

 

Yes I am one of those.... :wacko:

 

It was an issue that initially popped up and made all https pages appear with a 404-page not found error. But my provider fixed this by altering a flag for "http&https located in one folder" and ever since all the other pages are working fine except this one...

[germ]

I'd recopy the page from the HTTP folder (that works) into the HTTPS folder (the one that doesn't work).

 

I'm thinking the bits, bytes, and the buffers may have gotten lost or scrambled somehow...

:huh:

[meulenb]

I'd recopy the page from the HTTP folder (that works) into the HTTPS folder (the one that doesn't work).

 

I'm thinking the bits, bytes, and the buffers may have gotten lost or scrambled somehow...

:huh:

 

Have tried as such but still get the same result :huh:

[germ]

I suppose the next thing would be to post the code from the one in the HTTPS folder and we'll see if anything jumps out.

:huh:

[meulenb]

I suppose the next thing would be to post the code from the one in the HTTPS folder and we'll see if anything jumps out.

:huh:

 

Sorry but maybe I wasn't being clear: the entire application is stored in http dir, nothing is in https. This works because my provider changed the set up to 'all in http folder'. So there's no OsC file or directory in the https directory.

 

The one thing I tried was to put the checkout_shipping.php in a /catalog folder in the https directory but it didn't help. If I switch off SSL then checkout_shipping.php is working fine. It can't be a html thing either because all pages work with the same STS template.

 

I can send the whole checkout_shipping.php for you to check if that helps....

[germ]

STS template

My effort ends here.

 

I haven't a clue how STS works.

[meulenb]

thanks anyway!

 

I'd better start a new topic on it.

[demsey]

Hi guys

 

if someone can check my config will be great. I am trying to setup SSL on my website and i have no idea where is a problem. I tried many types of paths and other settings. When i go to my website it is asking me "Do you want to display unsecured items?" When i click yes the website is appearing but without a padlock, when i click no the website is appearing without any image or photos. I have checked many other forums. Thanks for help and your time.

 

  define('HTTP_SERVER', 'http://www.my-domain.co.uk');
 define('HTTPS_SERVER', 'https://my-domain.co.uk');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'my-domain.co.uk');
 define('HTTPS_COOKIE_DOMAIN', 'my-domain.co.uk');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'dem_images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/home/leonidas/public_html/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

[germ]

Change this:

 

  define('HTTPS_SERVER', 'https://my-domain.co.uk');

to

 

  define('HTTPS_SERVER', 'https://www.my-domain.co.uk');

Your certificate is registered to your domain name with the "www." prefix.

 

If that doesn't help, try this:

 

In your /includes/application_top.php find this line (about line 41):

 

  $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

Change it to:

 

  $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'