Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL malarky


ryana2

Recommended Posts

Posted

HI

I recently got an SSL cert on my site, and it seems to be working (after much help from forum friends!).

 

Anyway here's my question.

Now that I have my SSL, should every link that appears in my webbrowers not have the HTTPS in front of it.

I mean I can physically type in the https and the site works, but say for examply i click on a product it then jumps back to the HTTP://

 

I need to know that its secure as we will be accepting Credit card payments, as well as PayPal. But I'm not sure if I need to change something in order to make the whole site appear with the HTTPS.

 

Also if I go to my control panel...and I type in the HTTPS (https://MY-URL.COM/admin/index.php) It says

You are protected by a 128-bit secure SSL connection.

 

But if I type in the same URL without the S, it says I'm not secure. Surely I shouldn't have the option to choose which one I want, i.e. it should now have the HTTPS:// on my entire site?

 

Or maybe i'm way off base here and I should not be accepting credit card payments on site, and just 'enable' one of the other payment modules?

 

ANy advice help is REALLY appreciated.

 

Thanks a million,

 

Aoife

:)

Posted

the parts that need to be secure are where sensitive customer data is displayed. In admin pull up customer info and it should be automatically secure. When the cust. logs in or checks out it should also be secure. Having the entire site secure would slow the site down also.

My Contributions

 

Stylesheet With Descriptions Glassy Grey Boxtops Our Products Meta Tags On The Fly

Password Protect Admin

"No matter where you go....There you are" - Buccaroo Bonsai

Posted
the parts that need to be secure are where sensitive customer data is displayed. In admin pull up customer info and it should be automatically secure. When the cust. logs in or checks out it should also be secure. Having the entire site secure would slow the site down also.

 

I need to find out how I can set the OScommerce to direct people to the https:// when checking out. When they are due to input their credit card details. I need to make sure that this page is secure.

 

any suggestions?

Posted

Hi thanks for the replies.

 

I have gone into my catalog/includes/configure.php and changed the code to be as follows:

 

define('HTTP_SERVER', 'http://www.intunemusic.ie'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.intunemusic.ie'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.intunemusic.ie'); define('HTTPS_COOKIE_DOMAIN', 'intunemusic.ie'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/')

 

I'm sorry that the code is all over the place.

But i thought that since i changed the ENABLE_SSL', true) and defined it (https://www.intunemusic.ie')

 

then the checkout procedure should be secure but its not.

 

ANy help?

Posted
Hi thanks for the replies.

 

I have gone into my catalog/includes/configure.php and changed the code to be as follows:

 

define('HTTP_SERVER', 'http://www.intunemusic.ie'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.intunemusic.ie'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.intunemusic.ie'); define('HTTPS_COOKIE_DOMAIN', 'intunemusic.ie'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/')

 

I'm sorry that the code is all over the place.

But i thought that since i changed the ENABLE_SSL', true) and defined it (https://www.intunemusic.ie')

 

then the checkout procedure should be secure but its not.

 

ANy help?

 

Yeah, I checked your site and the account creation page isn't secure either.

 

In my set-up, which does work, I don't have the www. in front of the https domains, but, mine is a little different because I'm using a shared certificate. Try losing the www. and see if it makes any difference. OsC will protect the areas that need to be protected which seem to be account, checkout and, I believe, logoff.

 

You'll have to make the changes in both copies of configure.php.

 

HTH

No Good Deed EVER Goes Unpunished

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...