Boom Posted April 10, 2009 Posted April 10, 2009 Hey all, I'm having trouble with my SSL setup. My cert is done, and works fine. But it won't automatically go to https in the store. When I log into the admin it does, but not the store. Here are my config files: includes/configure.php define('HTTP_SERVER', 'http://www.woodwerks.com'); define('HTTPS_SERVER', 'https://www.woodwerks.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', '.woodwerks.com'); define('HTTPS_COOKIE_DOMAIN', '.woodwerks.com'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); admin/includes/configure.php define('HTTP_SERVER', 'https://www.woodwerks.com'); define('HTTP_CATALOG_SERVER', 'https://www.woodwerks.com'); define('HTTPS_CATALOG_SERVER', 'https://www.woodwerks.com'); define('ENABLE_SSL_CATALOG', 'true'); When I MANUALLY type in https, I get the error stating some of my content is not secured. I know why this happens, but I can't for the life of me find whatever it is that is being pulled from somewhere else. Is there an easy way to track this down? OSC is great, but good lord there are alot of interconnected files. >.< I've installed STS. The graphics I'm using are actually outside of the catalog folder, but still on the site. Can that cause a problem? I really appreciate any help offered. Boom
danjt Posted April 10, 2009 Posted April 10, 2009 Try changing the config file : includes/configure.php define('HTTP_SERVER', 'http://www.woodwerks.com'); define('HTTPS_SERVER', 'https://www.woodwerks.com'); to includes/configure.php define('HTTP_SERVER', 'https://www.woodwerks.com'); define('HTTPS_SERVER', 'https://www.woodwerks.com'); which you have done on the admin bit!
knifeman Posted April 10, 2009 Posted April 10, 2009 I tried your site in Safari, IE7, and firefox. All 3 browsers went from the homepage to the login page and changed to https. This page: http://shop.woodwerks.com/ gives an error if your force https, but it should not be secure anyway.
Boom Posted April 10, 2009 Author Posted April 10, 2009 shop.woodwerks.com is our current store, and it's not OSC. We're working on moving to OSC. The OSC store is here: www.woodwerks.com/catalog That's where my problems are.
danjt Posted April 10, 2009 Posted April 10, 2009 Again, try changing the config file : includes/configure.php define('HTTP_SERVER', 'http://www.woodwerks.com'); define('HTTPS_SERVER', 'https://www.woodwerks.com'); to includes/configure.php define('HTTP_SERVER', 'https://www.woodwerks.com'); define('HTTPS_SERVER', 'https://www.woodwerks.com');
germ Posted April 10, 2009 Posted April 10, 2009 Again, try changing the config file : includes/configure.php define('HTTP_SERVER', 'http://www.woodwerks.com'); define('HTTPS_SERVER', 'https://www.woodwerks.com'); to includes/configure.php define('HTTP_SERVER', 'https://www.woodwerks.com'); define('HTTPS_SERVER', 'https://www.woodwerks.com'); Not a good idea... :blush: Having SSL on all the time is a waste. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
danjt Posted April 10, 2009 Posted April 10, 2009 The increase in message size due to SSL is not very significant, and is rarely a concern. With the increases in processing, the performance overhead of SSL is less and less relevant.
germ Posted April 10, 2009 Posted April 10, 2009 Beside slowing things down, search engines don't generally index SSL sites well. I helped someone once whose whole site had been SSL for more than a year, and the only listings he had on Google were links on other sites POINTING to his. Not a single one of his own on Google. It's still undesirable (IMHO). If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Boom Posted April 13, 2009 Author Posted April 13, 2009 The increase in message size due to SSL is not very significant, and is rarely a concern. With the increases in processing, the performance overhead of SSL is less and less relevant. Daniel, I tried that, and I still don't get the auto switch to SSL when going to the cart or checkout. Is there something else I'm missing? Also, is there a good way to determine exactly what my "unprotected element" is that's giving me the SSL error? (when I force SSL) Boom
germ Posted April 13, 2009 Posted April 13, 2009 In the includes FOLDER (catalog and admin) where the normal configure.php files are there is a FOLDER named local On some installs there may be a configure.php inside the local FOLDER (catalog and admin) If there is, anything in it overrides anything in the normal configure.php files. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Guest Posted April 13, 2009 Posted April 13, 2009 Try changing define('HTTPS_COOKIE_DOMAIN', '.woodwerks.com'); to define('HTTPS_COOKIE_DOMAIN', 'www.woodwerks.com');
Boom Posted April 13, 2009 Author Posted April 13, 2009 Ok... I'm insanely embarassed. I've been pounding my head on this for DAYS now. I made the additional changes you guys just suggested, then quickly ctr-shift-U in Dreamweaver to upload my changed file. I just barely noticed a window pop up then disappear. As it turns out, I have NEVER successfully uploaded my configure.php file (the admin one is fine) since I first uploaded it several weeks ago, and never noticed the error notification. I promptly downloaded the copy of configure.php from the server, and SSL is set to false. I have no problem admitting PHP is a challenge for me... but uploading and downloading? /facepalm I still can't seem to replace the Configure file on the server, but I'm sure I can figure it out. I don't doubt this will solve some of my issues, then I'll come back and post a reply. Thanks so much for the suggestions. Boom
Guest Posted April 13, 2009 Posted April 13, 2009 Ok... I'm insanely embarassed. I've been pounding my head on this for DAYS now. I made the additional changes you guys I still can't seem to replace the Configure file on the server, but I'm sure I can figure it out. I don't doubt this will solve some of my issues, then I'll come back and post a reply. Thanks so much for the suggestions. Boom Make sure you have write permissions on the config file. If not you won't be able to edit or upload a new copy of it.
Boom Posted April 13, 2009 Author Posted April 13, 2009 Make sure you have write permissions on the config file. If not you won't be able to edit or upload a new copy of it. Therein lies the rub. Ok, somewhere along the line, I setup the store and got the "Warning: I am able to write to the configuration file:" warning. I no doubt looked for a solution on the forums, found it, implimented it, and went about my business. I have NO idea what solution that was. But is seems clear now, that whatever I did, I blocked all access to the file. I just had my host (I'm on a Windows Server btw) look at the file, and they had to delete it for me manually. So I uploaded my newly configured file, and all of a sudden the auto HTTPS issue is gone! (it automatically goes to HTTPS now.) But of course now I have the "Warning: I am able to write to the configuration file:" issue back. Considering I'm using windows, how do I protect the file, make OSC happy so it doesn't say that, AND allow myself to edit the file when I need to? On another note, this didn't solve my "Both secure and unsecure" issue. It still thinks my images are all unsecure. /ugh Boom
germ Posted April 13, 2009 Posted April 13, 2009 Read this If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Boom Posted April 13, 2009 Author Posted April 13, 2009 Read this I normally hesitate to offer this to strange men I don't know yet... but I want to have your babies. THIS FIXED IT. (the image problem) Now I just need to secure that configure.php file so I don't get the error anymore. I'm working on that now. Boom
germ Posted April 13, 2009 Posted April 13, 2009 Well, if it's any consequence you made my day too! :rolleyes: Since you're on a Windowz server there should be somewhere in your cPanel to make the file "read only". That should fix the warning. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Boom Posted April 13, 2009 Author Posted April 13, 2009 I don't seem to have that ability in my cPanel (I'm hosted at GearHost). I think I can set it here on my machine, then upload it. The problem is when I go to change it again, it will be "read only" and I'll have to call my host to have them delete it again. Am I just going about this the wrong way? How do most Windowz users do this? Boom
germ Posted April 13, 2009 Posted April 13, 2009 You should be able to do this in your cPanel and not have to get assistance from your Host at all. That's how others do it. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Boom Posted April 13, 2009 Author Posted April 13, 2009 Just talked to my host and they don't support CHMOD. They looked at the file and said permissions are set to only allow access to my master and ftp accounts. They said it's safe from everyone else. Does this mean I just need to figure out how to hide the pink warning banner? Boom
germ Posted April 13, 2009 Posted April 13, 2009 Last resort: /catalog/includes/application_top.php (almost at the bottom of the file) define('WARN_CONFIG_WRITEABLE', 'true'); Change to: define('WARN_CONFIG_WRITEABLE', 'false'); And BA-DA-BING, BA-DA-BOOM no more warning. ;) If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
Boom Posted April 13, 2009 Author Posted April 13, 2009 I C wut U did thar. :) That (of course) did the trick. My host assures me the file is protected, so I'm not worried. While I was working on all these fixes, my last major issue was getting UPSXML working (which is wasn't) and I just figured that out as well! So in the last 3 hours, I've fixed EVERY major site problem I was having for the last week. Jim and Brian, can't thank you both enough. Now I just need to finish understanding how STS works, and find a way to edit just my categories info box and make it look different from the rest. I'm sure I'll figure it out, but for tonight, I'm done... AND VICTORIOUS! lol Thanks all, Boom
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.