acwhiteman Posted March 7, 2008 Posted March 7, 2008 Hi all, I obtained and installed a SSL certificate and enabled SSL in both of my 'configure.php' files. When I got the cert, the hosting company (1&1.com) instructed me to set up an .htaccess file under my domain with the following lines: RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*)$ https://www.ctmlb.us/$1 [R] This works fine since my entire site is now encrypted. I'm able to enter the store, log into a regular account, and view the contents of "My Account". However, when I try to log into my OSC Admin page, I get "Error: Invalid administrator login attempt". If I remove the .htaccess file, pages show as normal (non encrypted) and I'm able to log into the Admin page fine. However, logging into my store as a user, the page correctly displays 'https' in the address bar in a different color- but with an open lock! Any insight on how to resolve this will be greatly appreciated... Thank you, Alan.
♥FWR Media Posted March 7, 2008 Posted March 7, 2008 Hi all, I obtained and installed a SSL certificate and enabled SSL in both of my 'configure.php' files. When I got the cert, the hosting company (1&1.com) instructed me to set up an .htaccess file under my domain with the following lines: RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*)$ https://www.ctmlb.us/$1 [R] This works fine since my entire site is now encrypted. I'm able to enter the store, log into a regular account, and view the contents of "My Account". However, when I try to log into my OSC Admin page, I get "Error: Invalid administrator login attempt". If I remove the .htaccess file, pages show as normal (non encrypted) and I'm able to log into the Admin page fine. However, logging into my store as a user, the page correctly displays 'https' in the address bar in a different color- but with an open lock! Any insight on how to resolve this will be greatly appreciated... Thank you, Alan. I'm not answering your specific question with this because I think what follows is more important. Having SSL throughout your site is madness .. it increases server load massively .. slows the site down for customers .. Google wont index your site (doesn't index https pages). In fact there's not a single reason to do it. Remove the rewrite rule and let osCommerce work properly is my advice. Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work.
acwhiteman Posted March 7, 2008 Author Posted March 7, 2008 I'm not answering your specific question with this because I think what follows is more important. Having SSL throughout your site is madness .. it increases server load massively .. slows the site down for customers .. Google wont index your site (doesn't index https pages). In fact there's not a single reason to do it. Remove the rewrite rule and let osCommerce work properly is my advice. FWR Media, That's excellent advice! I will certainly remove the .htaccess file. However, that still leaves me with broken SSL pages. Firefox displays a pink addressbar and an open padlock on pages that need to be secured.
germ Posted March 7, 2008 Posted March 7, 2008 Make and upload the script decribed in this post: Click Me Access it with an HTTPS URL, like: https://www.ctmlb.us/catalog/myenv.php THE HTTPS IS OF THE UTMOST IMPORTANCE!!! Copy/paste the results of the scripts output into your next post. The reason you have the broken padlock is that osC isn't detecting your SSL. I can tell from this line in the HTML source of one of your secure pages: <base href="http://www.ctmlb.us/catalog/"> We'll probably need to make an adjustment to your application_top.php If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
germ Posted March 8, 2008 Posted March 8, 2008 This is worth reading: 1&1 SSL Fix If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
acwhiteman Posted March 8, 2008 Author Posted March 8, 2008 This is worth reading: 1&1 SSL Fix Thank you germ! This is the result of myenv.php: HTTP HOST: www.ctmlb.us Server Port: 443 SSL Status: 1 Fowarded Server: Fowarded Host: Fowarded By: I'll go ahead and read the article on 1&1 and see what needs to be done. I really appreciate your help...
acwhiteman Posted March 8, 2008 Author Posted March 8, 2008 This is worth reading: 1&1 SSL Fix Setting (getenv('HTTPS') == 'on') to (getenv('HTTPS') == '1') was the solution. Now everything works as intended. Again, Thank you.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.