Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL problem in IE


ziggy13

Recommended Posts

I am having a slight problem in Internet Explorer. We have OScommerce installed with an SSL. When I use IE to view my cart, gourdshop.com/retal I get a warning that says "This page contains both secure and nonsecure items". If you click yes to display the nonsecure items, everything looks fine. When you click no, it takes all the formatting away and shows a bunch of text, no colors or anything. What do I need to do so that this message no longer pops up? A lot of customers have been complaining about it and they don't think our site is secure.

 

Any help would be appreciated, and thanks for everyones time.

 

-Ziggy

Link to comment
Share on other sites

I am having a slight problem in Internet Explorer. We have OScommerce installed with an SSL. When I use IE to view my cart, gourdshop.com/retal I get a warning that says "This page contains both secure and nonsecure items". If you click yes to display the nonsecure items, everything looks fine. When you click no, it takes all the formatting away and shows a bunch of text, no colors or anything. What do I need to do so that this message no longer pops up? A lot of customers have been complaining about it and they don't think our site is secure.

 

Any help would be appreciated, and thanks for everyones time.

 

-Ziggy

 

 

I have been battling with this all day. Finally got it fixed from the help of Jim. Visit the link below to the and scroll down to the bottom. The bottom of page 1 and all of page two reference it.

 

http://www.oscommerce.com/forums/index.php?showtopic=302218&st=0

 

also, what is your website?

 

clint

Link to comment
Share on other sites

Post what your /retail/includes/configure.php file has for these lines:

 

  define('HTTP_SERVER', ''); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', ?); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', '');
 define('HTTPS_COOKIE_DOMAIN', '');
 define('HTTP_COOKIE_PATH', '');
 define('HTTPS_COOKIE_PATH', '');

Don't post the entire file, just those seven lines.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

define('HTTP_SERVER', 'http://gourdshop.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://gourdshop.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'gourdshop.com');
 define('HTTPS_COOKIE_DOMAIN', 'gourdshop.com');
 define('HTTP_COOKIE_PATH', '/retail/');
 define('HTTPS_COOKIE_PATH', '/retail/');

Link to comment
Share on other sites

I also want to give you some other info...I edited my .htaccess file to forward everyone to https://gourdshop.com. I did this because if you typed in the www. and went to a secure page, it would tell you that the SSL certificate did not belong to www.gourdshop.com but that it belonged to gourdshop.com. Forwarding everyone to https://gourdshop.com solved this problem, but I was still getting the "secure and nonsecure" error in IE. I also got an error in my object_info.php file that wouldn't let me post any new products. So I put the original .htaccess file back and it fixed the error that wouldn't let me post new products, however I still get the error about the SSL not belonging to www.gourdshop.com and I still get the "secure and nonsecure" error.

Link to comment
Share on other sites

Change these:

 

  define('HTTP_COOKIE_DOMAIN', 'gourdshop.com');
 define('HTTPS_COOKIE_DOMAIN', 'gourdshop.com');
 define('HTTP_COOKIE_PATH', '/retail/');
 define('HTTPS_COOKIE_PATH', '/retail/');

to:

 

  define('HTTP_COOKIE_DOMAIN', '.gourdshop.com');
 define('HTTPS_COOKIE_DOMAIN', '.gourdshop.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');

But that won't fix your problem.

 

Look in the <head> section of your /retail/index.php for a line that looks something like this:

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

Post what you have for this line.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

I have been trying to make those changes in the retail/includes/configure.php file but it will not let me. Everytime I try to upload the file via SmartFTP it sends it to the transfer queue, tries to upload and replace it and it won't take it. Then it just sits there and retries it every 30 seconds but it won't overwrite it.

 

 

Here is exactly what I have in the <head> section of my retail/index.php file:

 

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

Link to comment
Share on other sites

If it won't overwrite it you have a permissions problem.

 

Login to your Control panel provided by your Web host (NOT OSC!) and change it there.

 

Look in /retail/includes/application_top.php around line 40 for this code:

 

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

Post what you have in your file for those lines.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

  • 2 weeks later...

Sorry for the delay. I fixed my permissions and changed the other files as you requested. Here is what my /retail/includes/application_top.php says in those lines:

 

 

// set the type of request (secure or not)
 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

Link to comment
Share on other sites

Copy the text in the CODE box below into a text editor (Notepad) on your PC:

 

<?php
echo 'HTTP HOST: ' . "$HTTP_HOST";
echo '<br>Server Port: ' . getenv('SERVER_PORT');
echo '<br>SSL Status: ' . getenv('HTTPS');
echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER');
echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST');
echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY');
?>

Save it as myenv.php

 

Upload it into your /retail folder on your server.

 

Then, access it using this link: <-- VERY IMPORTANT!!!

 

Click Me

 

It will output some text to your browser.

 

Copy/paste that output into your next post.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

  • 2 months later...

I apologize for the long delay since my last post. I was moving servers and a lot of stuff happened but anyways...

 

This is what it said:

 

HTTP HOST:

Server Port: 443

SSL Status: on

Fowarded Server:

Fowarded Host:

Fowarded By:

 

 

 

But first it said the SSL certifcate issued was for www.gourdshop.com not gourdshop.com, this came up in a little popup message

Link to comment
Share on other sites

This:

 

  define('HTTPS_SERVER', 'https://gourdshop.com'); // eg, https://localhost - should not be empty for productive servers

Should be:

 

  define('HTTPS_SERVER', 'https://www.gourdshop.com'); // eg, https://localhost - should not be empty for productive servers

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

The site is making a cookie for the HTTP and HTTPS side with the osCid in it as it is now.

 

Unless you're having problems logging in, dumping the cart contents, or losing the session ID, I wouldn't change them.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

With a full ssl certificate, provided the http and https cookie domains are set correctly to the name of the ssl certificate, you can then turn on "Force Cookie Use" - which you cannot do if those settings don't match the certificate common name.

 

You may also, depending on the server set up, be able to use the Force SSL directive to lock down the osCommerce admin panel behind https connections (no unencrypted connections will be possible).

 

Vger

Link to comment
Share on other sites

  • 2 weeks later...

Hi guys,

 

I'm actually getting the same problem with internet explorer for my site, www.totsntales.com.

 

I'm getting the "this page contains secure and unsecure items. Do you want to display the unsecure items?" message whenever the site goes to ssl, like on login.php or create_account.php.

 

The SSL certificate is registered to www.totsntales.com.

 

Here's what I have in my includes/configure.php file:

 

define('HTTP_SERVER', 'http://www.totsntales.com');

define('HTTPS_SERVER', 'https://www.totsntales.com');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'www.totsntales.com');

define('HTTPS_COOKIE_DOMAIN', 'www.totsntales.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/shop/');

define('DIR_WS_HTTPS_CATALOG', '/shop/');

 

Any clues?

 

Cheers,

 

Grant

Link to comment
Share on other sites

You have a hard coded http image link in your stylesheet:

 

	background-image:url(http://www.totsntales.com/images/babybee.jpg);

Try this instead:

 

	background-image:url(/images/babybee.jpg);

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...