Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Easy way to move store from HTTP to HTTPS?


wxman

Recommended Posts

Hi

 

I have a site I take care of that I just got an SSL certificate set up for he owner. Now the owner wants me to get the store part of her site to run on the HTTPS side. Not the whole of her site, just the store. I see posts here about moving whole stores to new servers, but I don't see someone trying this.

 

Could it be just as simple as copying the entire store directory from the HTTPDOCS side to the HTTPSDOCS one, then changing the catalog/includes/configure.php and catalog/admin/includes/configure.php files?

Link to comment
Share on other sites

  • 2 weeks later...

Seems it's not so straightforward.

 

Question is, do you have your own cert, or a shared one?

 

In either case, you have to add the cert info into your config files - goto /yourstore/includes/configure.php and /yourstore/admin/includes/configure.php and add the details.

 

Now, if you have your own cert, things should work. If you have a shared one, only the pages you add to the specififed ssl location will be secured, and they will show the shared ssl certificate URL, not yours.

 

I believe this can be overcome by some server tweaking (search for symbolic link), but I'd imagine in most cases the ISP will want you to buy your own certificate.

 

Fun, this OSCommerce, isn't it? :)

Link to comment
Share on other sites

In most osc site SSL and nonSSL folders are same.

 

The only difference is while You configure You set SSL as true in configure.php

 

For the pages that should have SSL url chek How login.php or create account links are created.

 

Or the other option is that in href file apply some logic so that if the file name is within the lsit of names You have SSL url is applied.

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

On a decent server you shouldn't need to move any files .. just change a couple of lines in catalog/includes/configure.php.

 

This is catalog side only you'll need to do similar to the admin end.

 

Take the first 9 lines of the file. (assumes catalog is in root and the certificate is for https://www.mysite.com not https://mysite.com)

 

  define('HTTP_SERVER', 'http://www.mysite.com');
 define('HTTPS_SERVER', '');
 define('ENABLE_SSL', false);
 define('HTTP_COOKIE_DOMAIN', 'www.mysite.com');
 define('HTTPS_COOKIE_DOMAIN', '');

 

You would change these to ..

 

  define('HTTP_SERVER', 'http://www.mysite.com');
 define('HTTPS_SERVER', 'https://www.mysite.com');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', '.mysite.com');
 define('HTTPS_COOKIE_DOMAIN', '.mysite.com');

Link to comment
Share on other sites

Thanks for the responses.

 

I kind of ran out of time for my customer, so I did the most drastic way. Right now, it's hosted on a Plesk/Linux/Apache server, and it's set up to have all the secure files under the HTTPSDOCS directory, while the regular web files are under HTTPDOCS. Since I didn't know any better, I copied the whole OSC directory to the secure side, and turned on use SSL.

 

The store has it's own IP address and certificate, so I wonder if I could have did what you all suggested, which sound quite a bit easier. I did end up only needing to change to config files, and it seems to work fine now.

 

If anyone is curious, the store is at: https://www.brendajackson.net/osc/catalog/index.php

Link to comment
Share on other sites

Thanks for the responses.

 

I kind of ran out of time for my customer, so I did the most drastic way. Right now, it's hosted on a Plesk/Linux/Apache server, and it's set up to have all the secure files under the HTTPSDOCS directory, while the regular web files are under HTTPDOCS. Since I didn't know any better, I copied the whole OSC directory to the secure side, and turned on use SSL.

 

The store has it's own IP address and certificate, so I wonder if I could have did what you all suggested, which sound quite a bit easier. I did end up only needing to change to config files, and it seems to work fine now.

 

If anyone is curious, the store is at: https://www.brendajackson.net/osc/catalog/index.php

 

Be aware wxman that the ssl images alone will probably kill the server (well load it up) the pages will load slow and Google will not index it.

Link to comment
Share on other sites

Be aware wxman that the ssl images alone will probably kill the server (well load it up) the pages will load slow and Google will not index it.

 

 

Would I be better off doing it the other way? I hate having two different sections to take care of. If I change links on one side, I have to change them in both.

Link to comment
Share on other sites

Would I be better off doing it the other way? I hate having two different sections to take care of. If I change links on one side, I have to change them in both.

 

As I understand it, if you have your own cert, OSC file locations don't need to be changed at all - you just need to make sure you change the config files correctly. It's both files, apparently - the /store/includes AND the /store/admin/includes files.

 

 

I could be wrong though. I'm in the middle of getting the correct cert, and haven't actually got this running yet.

Link to comment
Share on other sites

Would I be better off doing it the other way? I hate having two different sections to take care of. If I change links on one side, I have to change them in both.

 

I can't imagine a reason for doing it any other way.

Link to comment
Share on other sites

On a decent server you shouldn't need to move any files .. just change a couple of lines in catalog/includes/configure.php.

 

This is catalog side only you'll need to do similar to the admin end.

 

Take the first 9 lines of the file. (assumes catalog is in root and the certificate is for https://www.mysite.com not https://mysite.com)

 

  define('HTTP_SERVER', 'http://www.mysite.com');
 define('HTTPS_SERVER', '');
 define('ENABLE_SSL', false);
 define('HTTP_COOKIE_DOMAIN', 'www.mysite.com');
 define('HTTPS_COOKIE_DOMAIN', '');

 

You would change these to ..

 

  define('HTTP_SERVER', 'http://www.mysite.com');
 define('HTTPS_SERVER', 'https://www.mysite.com');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', '.mysite.com');
 define('HTTPS_COOKIE_DOMAIN', '.mysite.com');

 

 

I am also trying to get theSSL set up. My host, Start Logic gave me these bits of info::

 

In order to be able to utilize the secure connection service on our servers you will need to include the S in the url such as https://modernhomeschooler.info/store/checkout_payment.php instead of http://modernhomeschooler.info/store/checkout_payment.php You will need to code your pages so that they have the secure URL. The "Secure Socket Layer Services" section in the members area located at http://members.startlogic.com/webControl/sslsetup.bml should give you a good understanding.

 

 

 

You will need to find the place in osCommerce where you can specify the address that goes to the checkout page so that you can indicate that you would like to have the address: https://modernhomeschooler.info/store/login...35ad8ba3ccefaf5 instead of http://modernhomeschooler.info/store/login...28ce6e2e40e8ede

 

The administrative login page is located at: http://modernhomeschooler.info/store/admin/ and it is password protected is where you should be able to make these changes.

 

 

I have done a search on several of the checkout pages, including checkout_payment.php and have not found the string in question. I have not even found login.php. Any suggestions?

 

Then I found your post above and looked in the catalog/includes/configure and found this:

 

define('HTTP_SERVER', 'http://modernhomeschooler.info'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://hsmom13.startlogic.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', false); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN','modernhomeschooler.info');

define('HTTPS_COOKIE_DOMAIN', 'hsmom13.startlogic.com');

 

 

My access under start logic is hsmom13 and the direct access is modernhomeschooler.info.

 

Does it matter which one I use?

 

(assumes catalog is in root and the certificate is for https://www.mysite.com not https://mysite.com)

 

HOw do I know what the SSL is for?

 

Is this what I should have? I assume that the url should be the same for all parts, but wasn't sure what to change. I also noticed that the word Code was not at the beginning nor end so I added that in

 

 define('HTTP_SERVER', 'http://modernhomeschooler.info'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://hsmom13.startlogic.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN','modernhomeschooler.info');
 define('HTTPS_COOKIE_DOMAIN', 'hsmom13.startlogic.com');

 

 

Also, with StartLogic, I had to put all files under public_html. Does that mean the store is not in the root? Is that is true, is there a different set of instructions?

 

I really appreciate any help with this.

 

TIA

 

hsmom13

Link to comment
Share on other sites

I am also trying to get theSSL set up. My host, Start Logic gave me these bits of info::

 

In order to be able to utilize the secure connection service on our servers you will need to include the S in the url such as https://modernhomeschooler.info/store/checkout_payment.php instead of http://modernhomeschooler.info/store/checkout_payment.php You will need to code your pages so that they have the secure URL. The "Secure Socket Layer Services" section in the members area located at http://members.startlogic.com/webControl/sslsetup.bml should give you a good understanding.

You will need to find the place in osCommerce where you can specify the address that goes to the checkout page so that you can indicate that you would like to have the address: https://modernhomeschooler.info/store/login...35ad8ba3ccefaf5 instead of http://modernhomeschooler.info/store/login...28ce6e2e40e8ede

 

The administrative login page is located at: http://modernhomeschooler.info/store/admin/ and it is password protected is where you should be able to make these changes.

I have done a search on several of the checkout pages, including checkout_payment.php and have not found the string in question. I have not even found login.php. Any suggestions?

 

Then I found your post above and looked in the catalog/includes/configure and found this:

 

define('HTTP_SERVER', 'http://modernhomeschooler.info'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://hsmom13.startlogic.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', false); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN','modernhomeschooler.info');

define('HTTPS_COOKIE_DOMAIN', 'hsmom13.startlogic.com');

My access under start logic is hsmom13 and the direct access is modernhomeschooler.info.

 

Does it matter which one I use?

 

(assumes catalog is in root and the certificate is for https://www.mysite.com not https://mysite.com)

 

HOw do I know what the SSL is for?

 

Is this what I should have? I assume that the url should be the same for all parts, but wasn't sure what to change. I also noticed that the word Code was not at the beginning nor end so I added that in

 

 define('HTTP_SERVER', 'http://modernhomeschooler.info'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://hsmom13.startlogic.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN','modernhomeschooler.info');
 define('HTTPS_COOKIE_DOMAIN', 'hsmom13.startlogic.com');

Also, with StartLogic, I had to put all files under public_html. Does that mean the store is not in the root? Is that is true, is there a different set of instructions?

 

I really appreciate any help with this.

 

TIA

 

hsmom13

 

Based on your hosts comments and standard osC function try .. (and this is just catalog/includes/configure.php not admin/includes/configure.php)

 

define('HTTP_SERVER', 'http://www.modernhomeschooler.info'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://modernhomeschooler.info'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN','.modernhomeschooler.info');
define('HTTPS_COOKIE_DOMAIN','.modernhomeschooler.info');

Link to comment
Share on other sites

Based on your hosts comments and standard osC function try .. (and this is just catalog/includes/configure.php not admin/includes/configure.php)

 

define('HTTP_SERVER', 'http://www.modernhomeschooler.info'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://modernhomeschooler.info'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN','.modernhomeschooler.info');
define('HTTPS_COOKIE_DOMAIN','.modernhomeschooler.info');

 

 

No that is incorrect .. and so are your hosts tell them that their SSL certificate is based on .startlogic.com .. your HTTPS_SERVER will therefore need to be based on that.

 

Looks like a wildcard cert.

Link to comment
Share on other sites

define('HTTP_SERVER', 'http://modernhomeschooler.info'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://hsmom13.startlogic.com'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN','modernhomeschooler.info');
define('HTTPS_COOKIE_DOMAIN', 'hsmom13.startlogic.com');

 

Is in fact correct .. I can access your site via https://hsmom13.startlogic.com

 

I would probably have http://modernhomeschooler.info as http://www.modernhomeschooler.info though

Link to comment
Share on other sites

Your html doesn't have a <base href though which it should (someone who knows little has deleted it) therefore https will not work properly.

Link to comment
Share on other sites

No that is incorrect .. and so are your hosts tell them that their SSL certificate is based on .startlogic.com .. your HTTPS_SERVER will therefore need to be based on that.

 

Looks like a wildcard cert.

 

 

What does that mean for me? What do I do with it? (I am very new and struggling to understand all the steps.

 

I had changed only the line define('ENABLE_SSL', false); to define('ENABLE_SSL', true);

and went back and saw that the page now has https on the URL.

 

Does that mean it is good to go?

 

hsmom13

Link to comment
Share on other sites

define('HTTP_SERVER', 'http://modernhomeschooler.info'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://hsmom13.startlogic.com'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN','modernhomeschooler.info');
define('HTTPS_COOKIE_DOMAIN', 'hsmom13.startlogic.com');

 

Is in fact correct .. I can access your site via https://hsmom13.startlogic.com

 

I would probably have http://modernhomeschooler.info as http://www.modernhomeschooler.info though

 

 

So I should change to this:

define('HTTP_SERVER', 'http://www.modernhomeschooler.info'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://hsmom13.startlogic.com'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN','www.modernhomeschooler.info');
define('HTTPS_COOKIE_DOMAIN', 'hsmom13.startlogic.com');

 

 

Is that right?

Link to comment
Share on other sites

So I should change to this:

define('HTTP_SERVER', 'http://www.modernhomeschooler.info'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://hsmom13.startlogic.com'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN','www.modernhomeschooler.info');
define('HTTPS_COOKIE_DOMAIN', 'hsmom13.startlogic.com');

Is that right?

 

 

Looks right to me

Link to comment
Share on other sites

Looks right to me

 

 

Thanks for the help on this. STill need a little help, but I think we are closer. All of the check out pages show up as https, and the actual payment pages include the authorize.net URL.

 

I used the code with both URLs (hsmom13.startlogic.com and modernhomeschooler.info) as above.

 

First, I noticed that the permissions error (Warning: I can write to this page . . . etc) came up, and I had to change the catalog/includes/configure.php permissions back to 444.

 

Next, I noticed that the https pages come up the the hsmom13.startlogic URL. That bothers me a little. Is it a problem that the URL no longer seems to be on my site? Or is that the nature of the shared SSL? Before I got to the end of the test transaction, I went back to the control panel and changed the https items to modernhomeschooler.info. I got all the way through and got an "Error processing the card" message, but no help on what the error was.

 

I changed the URL's back to hsmom13.startlogic, and saw that the permissions changed so the file was writeable. Changed that and tried to checkout--got the same Error processing the card message.

 

I tried this with a different card, and had to keep going back to change the permissions back if I made any change to the file.

 

Bottom line: I can't get the cards to process no matter which way I set up the config file.

 

Someone mentioned the lack of href line. Can anyone tell me what that should say and where I should put it, please?

 

I really need to get the payment processing in order so that we can go ahead with this.

 

Any ideas?

 

TIA

 

hsmom13

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...