ryana2 Posted November 23, 2006 Posted November 23, 2006 HI I recently got an SSL cert on my site, and it seems to be working (after much help from forum friends!). Anyway here's my question. Now that I have my SSL, should every link that appears in my webbrowers not have the HTTPS in front of it. I mean I can physically type in the https and the site works, but say for examply i click on a product it then jumps back to the HTTP:// I need to know that its secure as we will be accepting Credit card payments, as well as PayPal. But I'm not sure if I need to change something in order to make the whole site appear with the HTTPS. Also if I go to my control panel...and I type in the HTTPS (https://MY-URL.COM/admin/index.php) It says You are protected by a 128-bit secure SSL connection. But if I type in the same URL without the S, it says I'm not secure. Surely I shouldn't have the option to choose which one I want, i.e. it should now have the HTTPS:// on my entire site? Or maybe i'm way off base here and I should not be accepting credit card payments on site, and just 'enable' one of the other payment modules? ANy advice help is REALLY appreciated. Thanks a million, Aoife :)
bill110 Posted November 23, 2006 Posted November 23, 2006 the parts that need to be secure are where sensitive customer data is displayed. In admin pull up customer info and it should be automatically secure. When the cust. logs in or checks out it should also be secure. Having the entire site secure would slow the site down also. My Contributions Stylesheet With Descriptions Glassy Grey Boxtops Our Products Meta Tags On The Fly Password Protect Admin "No matter where you go....There you are" - Buccaroo Bonsai
ryana2 Posted November 23, 2006 Author Posted November 23, 2006 the parts that need to be secure are where sensitive customer data is displayed. In admin pull up customer info and it should be automatically secure. When the cust. logs in or checks out it should also be secure. Having the entire site secure would slow the site down also. I need to find out how I can set the OScommerce to direct people to the https:// when checking out. When they are due to input their credit card details. I need to make sure that this page is secure. any suggestions?
bill110 Posted November 23, 2006 Posted November 23, 2006 You could create a test customer, place a fake order (which you will not complete) and go thru the checkout process and see if the pages are secure. My Contributions Stylesheet With Descriptions Glassy Grey Boxtops Our Products Meta Tags On The Fly Password Protect Admin "No matter where you go....There you are" - Buccaroo Bonsai
ryana2 Posted November 23, 2006 Author Posted November 23, 2006 Hi thanks for the replies. I have gone into my catalog/includes/configure.php and changed the code to be as follows: define('HTTP_SERVER', 'http://www.intunemusic.ie'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.intunemusic.ie'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.intunemusic.ie'); define('HTTPS_COOKIE_DOMAIN', 'intunemusic.ie'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/') I'm sorry that the code is all over the place. But i thought that since i changed the ENABLE_SSL', true) and defined it (https://www.intunemusic.ie') then the checkout procedure should be secure but its not. ANy help?
Druid6900 Posted November 23, 2006 Posted November 23, 2006 Hi thanks for the replies. I have gone into my catalog/includes/configure.php and changed the code to be as follows: define('HTTP_SERVER', 'http://www.intunemusic.ie'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.intunemusic.ie'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.intunemusic.ie'); define('HTTPS_COOKIE_DOMAIN', 'intunemusic.ie'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/') I'm sorry that the code is all over the place. But i thought that since i changed the ENABLE_SSL', true) and defined it (https://www.intunemusic.ie') then the checkout procedure should be secure but its not. ANy help? Yeah, I checked your site and the account creation page isn't secure either. In my set-up, which does work, I don't have the www. in front of the https domains, but, mine is a little different because I'm using a shared certificate. Try losing the www. and see if it makes any difference. OsC will protect the areas that need to be protected which seem to be account, checkout and, I believe, logoff. You'll have to make the changes in both copies of configure.php. HTH No Good Deed EVER Goes Unpunished
Recommended Posts
Archived
This topic is now archived and is closed to further replies.