Can I config SSL to www? Pretty please...?

[tinyvibes]

Hello... having a bit of a panic attack :'(

 

I'm getting the "Unknown Authority" warning in firefox. After some research I see that it's because we have installed our security certifcate on the www.mysite.com domain and not on the mysite.com

 

It looks like people are saying OSC is supposed to run SSL on mysite.com. Can I have it be www.mysite.com?

 

If there is a way to just change this in config any help would be GREATLY appreciated

 

here is my setup:

 

define('HTTP_SERVER', 'http://www.mysite.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.mysite.com/shop/en/'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.mysite.com');

define('HTTPS_COOKIE_DOMAIN', 'www.mysite.com');

//define('HTTP_COOKIE_PATH', '/productions/putu/catalog/');

define('HTTP_COOKIE_PATH', '/shop/');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/shop/en/');

define('DIR_WS_HTTPS_CATALOG', '');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

[Jack_mcs]

This

define('HTTPS_SERVER', 'https://www.mysite.com/shop/en/');

should be

define('HTTPS_SERVER', 'https://www.mysite.com);

 

Jack

[tinyvibes]

This

define('HTTPS_SERVER', 'https://www.mysite.com/shop/en/');

should be

define('HTTPS_SERVER', 'https://www.mysite.com);

 

Jack

 

Hi.. Thanks so much! I've adjusted things... but for some reason I still get the "Website Certified by an Unknown Authority" warning in Firefox. I know our certificate is installed on www.site.com. I don't think I am jumping domains... anyone know why this is poping up still? Is it the cookies path? I wasn't sure what to do with that. Also, I am adjusting the config file in /shop/includes/. Do I need to fix others? I've adjusted the config like so...

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.site.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.site.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', '.site.com');

define('HTTPS_COOKIE_DOMAIN', '.site.com');

//define('HTTP_COOKIE_PATH', '/productions/putu/catalog/');

define('HTTP_COOKIE_PATH', '/shop/');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/shop/en/');

define('DIR_WS_HTTPS_CATALOG', '/shop/en/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

I would love anyone's input here! Please help... thx

[Jack_mcs]

For some reason, you changed these

define('HTTP_COOKIE_DOMAIN', '.site.com');
define('HTTPS_COOKIE_DOMAIN', '.site.com');

They need to be

define('HTTP_COOKIE_DOMAIN', '.www.site.com');
define('HTTPS_COOKIE_DOMAIN', '.www.site.com');

If that doesn't do it, it could be that your cert requres a ca bundle. That has to be installed with the cert.

 

Jack

[tinyvibes]

Thanks alot Jack! I think am getting it worked out.

 

New issue only in Explorer 6 (I think)... "You are about to be redirected to a connection that is not secure" is popping up when I try login.php... or sometimes when I go from HTTPS to HTTP or vice versa. Any way around this? It's sure to scare customers off...

[Jack_mcs]

That probably means you have a non-secure link on the page. You'll need to locate it and remove or disable it for secure pages. It will be a link to a different site than yours.

 

Jack

[tinyvibes]

That probably means you have a non-secure link on the page. You'll need to locate it and remove or disable it for secure pages. It will be a link to a different site than yours.

 

Jack

 

Hmmm... it really seems to happening when I go from HTTPS to HTTP pages. It's that the cart contents page is HTTP (which I'd like to keep that way) and the login is HTTPS. Anyway around this? Thanks!

[Jack_mcs]

Maybe I don't understand the error you are getting but if it is a warning about non-secure links, you will only get that on an https page.

 

Jack

[tinyvibes]

Maybe I don't understand the error you are getting but if it is a warning about non-secure links, you will only get that on an https page.

 

Jack

 

It's happening on my account login page, which is https.... when you enter your username and password it should take you to the account page (if cart is empty) or to shopping_cart.php if not...(which is not HTTP)....

 

I'm actually not sure why I am still getting it (only in IE6). It is saying you are about to be re-directed to a connection that is not secure after your login is successful

 

perhaps I should just put both pages behind SSL but I don't want to for the shopping_cart.php since it wasn't set up that way prob for good reason... pretty noob at this

[Jack_mcs]

You can only get that error if it is on a secure page so the code must be thinking the shopping cart page, or whatever you are going to is secured. I don't have a reason why it would though. It could be that your server isn't interpreting the ssl port correctly. This thread may help.

 

Jack