Tsuri Japan Posted November 8, 2006 Share Posted November 8, 2006 Just looking for some advice here.... I followed how to convert my admin to my ssl cert. Here's what I did so far: -changed my admin folder to my own original name -went into my admin/install config file and changed the two sections that used to say ADMIN to my new name. -went to my server and changed password and folder name to my new admim. Checked my admin but the icon is still showing it as not being seure, to be exact: You are not protected by a secure SSL connection. What am I supposed to do to fix this? Thanks, Nigel Link to comment Share on other sites More sharing options...
jasonabc Posted November 8, 2006 Share Posted November 8, 2006 You are confusing htaccess (username and password) for security encryption (SSL). The first requires you to enter a username and password to access a folder, the second simply encrypts data as it travels between a users browser and a webserver so it cannot be read if it is intercepted. There is no need to move your Admin Tool over to an SSL connection - no sensitive data is contained in there. Password protecting it is enough. If you still wish to get your admin tool working with SSL - read this first: http://www.oscommerce.com/forums/index.php?showtopic=151162 Jason My Contributions: Paypal Payflow PRO | Rollover Category Images | Authorize.net Invoice Number Fix Link to comment Share on other sites More sharing options...
Dutch1 Posted November 18, 2006 Share Posted November 18, 2006 You are confusing htaccess (username and password) for security encryption (SSL). The first requires you to enter a username and password to access a folder, the second simply encrypts data as it travels between a users browser and a webserver so it cannot be read if it is intercepted. There is no need to move your Admin Tool over to an SSL connection - no sensitive data is contained in there. Password protecting it is enough. If you still wish to get your admin tool working with SSL - read this first: http://www.oscommerce.com/forums/index.php?showtopic=151162 You are wrong! The admin section has customer info and credit card info in the Orders link with only an http showing. I need this on an SSL and I also need help doing it. Link to comment Share on other sites More sharing options...
tapuahk Posted November 18, 2006 Share Posted November 18, 2006 Just looking for some advice here.... I followed how to convert my admin to my ssl cert. Here's what I did so far: -changed my admin folder to my own original name -went into my admin/install config file and changed the two sections that used to say ADMIN to my new name. -went to my server and changed password and folder name to my new admim. Checked my admin but the icon is still showing it as not being seure, to be exact: You are not protected by a secure SSL connection. What am I supposed to do to fix this? Thanks, Nigel IF you are using a shared SSL server you need to use that to access the Admin section. On the shared SSL your url would look something like https://yoursite.com.sslserver.com/store/catalog/admin Does this help? Link to comment Share on other sites More sharing options...
ddp Posted November 18, 2006 Share Posted November 18, 2006 If you are storing cc numbers in your database I would look into a different type of payment processing. Many payment modules do not store the whole number and is therefore much less risky. Backup before making changes. Backup before making changes! Backup before making changes!! You did do a backup? eh? Link to comment Share on other sites More sharing options...
Dutch1 Posted November 19, 2006 Share Posted November 19, 2006 If you are storing cc numbers in your database I would look into a different type of payment processing. Many payment modules do not store the whole number and is therefore much less risky. It is not just about securing a cc # it is all the customer info I am baffled with the lack of security in accessing a database. Using a password is fine and dandy. Why do we only care about what the customer sees? A cute little lock and they feel confident that there information (including birthdates?) , but when we access these database over unsecure connections it's OK because the customer can't see it? I have tried to get help from my host and I have read many posts clamering for SSL in the admin but so far I have seen no help in this regard. I might be new to osCommerce but I'm not new to internet sales. I have been in business for 7 years and I am appalled at the lack of security built around osCommerce. The typical responce is to have this in your configure.php file: define('HTTP_CATALOG_SERVER', 'http://yourdomain.com'); define('HTTPS_CATALOG_SERVER', 'https://yourdomain.com'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module I have even seen some say to change the HHTP server to an https address but the infamous You are not protected by a secure SSL connection. Still appears. So what is the solution to this problem that many people are asking for? Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 19, 2006 Share Posted November 19, 2006 You need to use https for each of these define('HTTP_SERVER', 'https://...'); define('HTTP_CATALOG_SERVER', 'https://...'); define('HTTPS_CATALOG_SERVER', 'https://...'); and change this to true define('ENABLE_SSL_CATALOG', 'false'); There is a contribution (admin ssl enable, I think), that will allow you to control which parts of admin use the ssl, but it is not required for this to work. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Dutch1 Posted November 19, 2006 Share Posted November 19, 2006 So, what to do if it still does not work. Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 19, 2006 Share Posted November 19, 2006 Is the ssl installed correctly? Try going to https://your_domain.com. Does your page display? Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Dutch1 Posted November 19, 2006 Share Posted November 19, 2006 Place this in your .htaccess file it works great! ReRewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R] Well, it did for me. Dutch1 Link to comment Share on other sites More sharing options...
Tsuri Japan Posted November 19, 2006 Author Share Posted November 19, 2006 Awesome this did the trick for me and now my admin has complete SSL..... define('HTTP_SERVER', 'https://...'); define('HTTP_CATALOG_SERVER', 'https://...'); define('HTTPS_CATALOG_SERVER', 'https://...'); Kind of weird though my first page that has all the admin icons isn't secured but once you click on tools or configuration it works no problem. The box on the left still says You are not protected by a secure SSL connection. I don't care about that anymore and give up trying to make that icon change properly, all I know is my admin is SSL protected so that's good. Nigelman :thumbsup: Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.