Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How to install SSL on OSC: A Simple 1-2-3 Instruction


jpweber

Recommended Posts

  • Replies 485
  • Created
  • Last Reply

Yes, I know the thread. I've been living on it and getting nowhere with it for days. I just wanted to make sure someone else was getting the same result that I was getting.

Yes Ma'am I get the error.

 

If I knew anything at all about how it works I would try to help, but I don't.

 

My apologies for my ignorance.

:blush:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

  • 3 months later...

Hello All:

 

I was about to purchase an ssl certificate from go daddy $12.99 for 1 year, standard ssl certificate (Great Offer)!!! Luckily I checked this post first, and then decided to look at my hosts website first. Turns out, they do not allow "3rd Party SSL Certificates," <_< yeah right!!!, Ofcourse only the ones you can purchase through them which is with Geo Trust $49.95 a year. Yes I'm on a veryyy limited budget (don't call me cheap, lols). Really upset about this :angry: , on the other hand, I do get an incredible price for my hosting, they offer a free ssl certificate (not so good with osc), and unlimited everything for very cheap, so I guess things can't be perfect.

 

Anyways, just wanted to scream my frustration to the world, lolss, and advise to CHECK WITH YOUR HOSTING COMPANY, what the procedures are regarding SSL Certificates, before you go off and buy one. Would be really bad if you end up buying one of the more expensive ones, and then not be able to use it.

I Hate PHP, LoLssss

Visit My Site, Any constructive comments and suggestions Welcome :)

WARNING: IT'S STILL UNDER CONSTRUCTION, LOLS

Link to comment
Share on other sites

Hi. First, could you provide your web address so we could look? Secondly, there are only a few pages that require protecting in SSL. The only pages that require SSL protection are login, create_account, my_account, checkout, etc., etc., ..... basically, pages that require data input on the end-user's behalf. SSL encrypts this data, so that when it passes through other servers, it's unreadable. This is good for a lot of privacy issues, and espcially when you're dealing with credit card numbers!

 

Why would you have both an index.html, and an index.php? Get rid of one of them so customers can just type in www.gotowebsite.com! Make it as simple on the customer as possible! Besides, I don't understand the point in having two pages. The directions that were stated, however, were completely related to your catalog/includes/configure.php and catalog/adming/includes/configure.php files. Regardless, NO, it will not screw up your configures just because you have two separate index files. Your configs will still be www.yoursite.com, and https://www.yoursite.com ...

 

 

Hi first of all I'd like to say Im new to osc and my hosting company has installed the ssl and certificate therefore there is an ssl folder were Im supposed to put all the pages that require ssl protection and you say it is the user input pages that need to there my problem is which ones, can you explain to me the file structure of osc as well because there are folders that look like they have identical pages.

 

I've also configured [catalog/includes/configure.php] the other one.

Link to comment
Share on other sites

Hi. First, could you provide your web address so we could look? Secondly, there are only a few pages that require protecting in SSL. The only pages that require SSL protection are login, create_account, my_account, checkout, etc., etc., ..... basically, pages that require data input on the end-user's behalf. SSL encrypts this data, so that when it passes through other servers, it's unreadable. This is good for a lot of privacy issues, and espcially when you're dealing with credit card numbers!

 

Why would you have both an index.html, and an index.php? Get rid of one of them so customers can just type in www.gotowebsite.com! Make it as simple on the customer as possible! Besides, I don't understand the point in having two pages. The directions that were stated, however, were completely related to your catalog/includes/configure.php and catalog/adming/includes/configure.php files. Regardless, NO, it will not screw up your configures just because you have two separate index files. Your configs will still be www.yoursite.com, and https://www.yoursite.com ...

 

 

Hi first of all I'd like to say Im new to osc and my hosting company has installed the ssl and certificate therefore there is an ssl folder were Im supposed to put all the pages that require ssl protection and you say it is the user input pages that need to there my problem is which ones, can you explain to me the file structure of osc as well because there are folders that look like they have identical pages.

 

I've also configured [catalog/includes/configure.php] the other one.

Link to comment
Share on other sites

Hi. First, could you provide your web address so we could look? Secondly, there are only a few pages that require protecting in SSL. The only pages that require SSL protection are login, create_account, my_account, checkout, etc., etc., ..... basically, pages that require data input on the end-user's behalf. SSL encrypts this data, so that when it passes through other servers, it's unreadable. This is good for a lot of privacy issues, and espcially when you're dealing with credit card numbers!

 

Why would you have both an index.html, and an index.php? Get rid of one of them so customers can just type in www.gotowebsite.com! Make it as simple on the customer as possible! Besides, I don't understand the point in having two pages. The directions that were stated, however, were completely related to your catalog/includes/configure.php and catalog/adming/includes/configure.php files. Regardless, NO, it will not screw up your configures just because you have two separate index files. Your configs will still be www.yoursite.com, and https://www.yoursite.com ...

 

 

Hi first of all I'd like to say Im new to osc and my hosting company has installed the ssl and certificate therefore there is an ssl folder were Im supposed to put all the pages that require ssl protection and you say it is the user input pages that need to there my problem is which ones, can you explain to me the file structure of osc as well because there are folders that look like they have identical pages.

 

I've also configured [catalog/includes/configure.php] the other one.

Link to comment
Share on other sites

Sorry I am new to this.Just wondering do you need to get an SSL for your shop? How do I do this?

Hello Jo:

 

I'm just another newbie, but as far as the information that you need, just go back to the first page of this post, it has step by step instructions on what to do, to get an SSL certificate for your shop.

 

As far as if you need to get one, I think it is always recommended that you do, especially if you are going to process credit card payments from your shop. If you are going to use a payment module such as Paypal or Google Checkout, they do have SSL on their payment processing pages, but remember when a customer opens an account on your shop, they are still sharing their personal information, and you should be able to protect that information also.

 

I still don't have one on mine, I'm still working on it, but definitely will before going live with it. Good Luck on your journey with Osc!!! :)

 

 

Glenda

I Hate PHP, LoLssss

Visit My Site, Any constructive comments and suggestions Welcome :)

WARNING: IT'S STILL UNDER CONSTRUCTION, LOLS

Link to comment
Share on other sites

  • 2 weeks later...

Hi, I have read the posts and I am still struggling to get my SSL certificate working. I installed the SSL two months ago and suddently my front-end isn't allowing me to add products to the shopping cart or update the quantities within the cart. I have looked at code and it appears to be the same and I am wondering if there is anything I am missing (I have included the code).

 

My website is www.onestopfestival.com and if anybody has got any idea where I have went wrong, please let me know. Any help is greatly appreciated.

 

Thanks, Fraser

 

/includes/configure.php

define('HTTP_SERVER', 'http://www.onestopfestival.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.onestopfestival.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.onestopfestival.com');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '');

 

/admin/includes/configure.php

define('HTTP_SERVER', 'http://www.onestopfestival.com/'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'http://www.onestopfestival.com/');

define('HTTPS_CATALOG_SERVER', 'https://www.onestopfestival.com/');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

Link to comment
Share on other sites

define('HTTPS_COOKIE_DOMAIN', '');

That's a mistake.

 

Make it the same as what you have for HTTP_COOKIE_DOMAIN

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Alright. I regrettably have to ask for help in this thread. I've made certain that both configure.php files are configured correctly, and verified that my SSL cert is installed correctly. I had a Comodo SSL cert installed by my hosting company on a shared server with a dedicated IP. My hosting company is InMotion hosting if that somehow makes any difference. When forced https:// is configured in a .htaccess file the cert works perfectly with osCommerce. However when I removed the redirect it no longer works as it should. On pages like login.php, create_account.php, etc it does not change over to https://. I'm running osCommerce rc2a, and my catalog is /buy (index.php in root redirects to catalog). What could possibly be the problem? I'm inexperienced with php so if there are any faults in the code I can't spot it myself but I compared it to the bog standard osCommerce and the SSL code lines look identical.

 

Just to verify, my configure.php files look as follows:

 

For catalog - It works only when forced through .htaccess and does not otherwise...

 

  define('HTTP_SERVER', 'http://goldmonger.net');
 define('HTTPS_SERVER', 'https://goldmonger.net');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'goldmonger.net');
 define('HTTPS_COOKIE_DOMAIN', 'goldmonger.net');
 define('HTTP_COOKIE_PATH', '/buy/');
 define('HTTPS_COOKIE_PATH', '/buy/');
 define('DIR_WS_HTTP_CATALOG', '/buy/');
 define('DIR_WS_HTTPS_CATALOG', '/buy/');

 

For admin - This works perfectly, since it's being told that http = https...

 

  define('HTTP_SERVER', 'https://goldmonger.net');
 define('HTTP_CATALOG_SERVER', 'https://goldmonger.net');
 define('HTTPS_CATALOG_SERVER', 'https://goldmonger.net');
 define('ENABLE_SSL_CATALOG', 'true');

 

Thanks for any help, as my hosting won't provide support!

Link to comment
Share on other sites

Read this thread:

 

SSL Implementation help

 

There are things in the first post in that thread for you to check/try.

 

If it doesn't work after that, there is a link in the second post to a contribution I wrote to help.

 

Download the contribution and upload all the files to your store folder (/buy folder).

 

Then let me know (by post or PM) and I'll check it out for you.

 

I won't be able to check it for about 6 hours (I'm at work now)

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Read this thread:

 

SSL Implementation help

 

There are things in the first post in that thread for you to check/try.

 

If it doesn't work after that, there is a link in the second post to a contribution I wrote to help.

 

Download the contribution and upload all the files to your store folder (/buy folder).

 

Then let me know (by post or PM) and I'll check it out for you.

 

I won't be able to check it for about 6 hours (I'm at work now)

 

Followed your guide and the tools, sent you a PM regarding the results. Thanks!

Link to comment
Share on other sites

  • 4 months later...

Hello: I have a site hosted at ipage.com. I talked with them about my wish to use SSL from ev1servers for my site and I am told that I must use their SSL service. Has anyone used ev1servers SSL on a site hosted at ipage.com? Would what they are telling me not be a clear breach of antitrust laws?

Link to comment
Share on other sites

I'm using a shared SSL Cert from ipowerweb. I believe I have everything configured correctly, since I can login and the URL changes over to my SSL subdomain with "https://mysite.shareddomain.com"

 

My question: Is there a way to keep the user logged if they continue to browse the site? If they click on any other links, they move back the "http://" URL, which if they want to check their shopping cart, it requires them to login again, even though the site says they are already logged in.

 

Thank for the help.

 

erok210

Link to comment
Share on other sites

I'm using a shared SSL Cert from ipowerweb. I believe I have everything configured correctly, since I can login and the URL changes over to my SSL subdomain with "https://mysite.shareddomain.com"

 

My question: Is there a way to keep the user logged if they continue to browse the site? If they click on any other links, they move back the "http://" URL, which if they want to check their shopping cart, it requires them to login again, even though the site says they are already logged in.

 

Thank for the help.

 

erok210

SINCE POSTING THIS I FOUND I HAD AN ISSUE WITH MY CONFIGURE.PHP file.

Link to comment
Share on other sites

  • 2 months later...

This is as simple as it gets -- how to install SSL, which is a mandate on every e-commerce site, easily and effectively on OSC:

 

(1) Inform your host. Tell your host you're going to install SSL through another company. They shouldn't charge you, but they might ... 10 bucks or whatever. They'll e-mail you a CSR (certificate signing request), which is really just a big clump of mumble-jumbled coding.

 

(2) Find an SSL Company. A popular one seems to be the RapidSSL by Geotrust, 'cause it's cheap, but there are plenty. Many people use Geotrust, Verisign, Networksolutions, GoDaddy, and others. A Simple Google Search can give you plenty of other options. Make sure it has at least 128-bit data encryption, and is compatible with all browsers. Make sure it has a trusted root. Make sure it puts a padlock in your browser. These are all questions you'll ask the SSL company.

 

(3) Purchase the SSL. E-mail the SSL company your CSR that your host gave to you. Be sure that both your host and the SSL company are on the same page -- assign your SSL to either http://www.yoursite.com, or http://yoursite.com -- but make sure the host and the SSL company are on the same page, and both do the same thing.

 

(4) Go back to your host. You'll receive an SSL Certificate Key from the SSL company once purchased. This will be more mumble-jumbled coding in your e-mail. E-mail the SSL Certificate Key back to your host. They'll install it for you.

 

(5) Alter your config files. All you need to do now is to alter your configure.php files. They're located in (path to catalog)/includes/configure.php, and (path to catalog)/admin/includes/configure.php. OSC is designed to protect the pages that require data encryption, and altering your config files will do this for you. These pages include login, create_account, checkout, etc,. and any other pages that require data-input by the end-user.

 

(6) In includes/configure.php, set the SSL to "true"; it should look something like this near the top, if you assigned the SSL to www.yoursite.com:

define('HTTP_SERVER', 'http://www.yoursite.com');

define('HTTPS_SERVER', 'https://www.yoursite.com');

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', '.yoursite.com');

define('HTTPS_COOKIE_DOMAIN', '.yoursite.com');

 

(7) In admin/includes/configure.php, set the SSL to "true" and add an "s" after all the http's. So it'll look something like this, if assigned to www.yoursite.com:

define('HTTP_SERVER', 'https://www.yoursite.com/');

define('HTTP_CATALOG_SERVER', 'https://www.yoursite.com/');

define('HTTPS_CATALOG_SERVER', 'https://www.yoursite.com/');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

 

(8) Save and upload your configure.php files to their appropriate directories, perhaps using your FTP tool, or other upload tool of choice, and your SSL should be running smoothly and efficiently.

Link to comment
Share on other sites

Thanks for such clear concise instructions. I am still experiencing issues.

 

I Built my store on an IP address before I launched it but now that I've launched it, I can only get the home page to load behind the SSL but when I click any of the buttons to go to different places in the catalog or even the admin area, the IP address still shows and I'm no longer behind the SSL. Is there any other place I need to change from the IP address to the correct URL?

Link to comment
Share on other sites

In the includes FOLDER (catalog and admin) where the normal configure.php files are there is a FOLDER named local

 

On some installs there may be a configure.php inside the local FOLDER (catalog and admin)

 

If there is, anything in it overrides anything in the normal configure.php files.

 

Check for these "other" config files.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Hi, I need your help :(

 

I am trying configure ssl, but it doesnt works correctly, it lost sessions when I go from http to https area and https to http.

 

When I click on my account it login correctly and looks https://....

but when I click on categories, prodcuts... logout and look http...

 

If I add products to cart it works correctly... but.. when I go to https area to login... cart looks empty.

 

I think I have problem with sessions, but i dont know anymore...

 

here my configure.php

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.mydomain.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.mydomain.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', 'true'); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.mydomain.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.mydomain.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/'); 
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']));
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
 define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', '********');
 define('DB_SERVER_PASSWORD', '*******');
 define('DB_DATABASE', '******');
 define('USE_PCONNECT', 'false'); // use persistent connections?
 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'
?>

Thanks for all and sorry for my english.

Link to comment
Share on other sites

  • 4 weeks later...
  • 2 weeks later...

Just two quick questions for installing SSL Certificate on 2.3

 

1. Are the installation instructions the same as explained in this thread?

 

2. If not, can someone please explain how to install on 2.3 in simple terms

 

Thanks

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...