agtlewis Posted February 6, 2003 Share Posted February 6, 2003 I would like some people to visit my website, click on checkout, and tell me if they get a security warning regarding the ssl certificate. This is a trial certificate from instantssl.com and they said that they were a recognized certificate authority but my browser says that I have chosen not to trust them. www.astions.com This cert was free and I am debating on whether or not to buy one from them. Link to comment Share on other sites More sharing options...
chinhuat Posted February 6, 2003 Share Posted February 6, 2003 i had tried your website. yes there is a security warning regarding the ssl certificate. your certificate is working just fine. btw, i had a question on ssl: a. my initial install i had unchecked the secured transaction, however now i would like to enable it. instead of doing the install again, may i just edit the configure.php in catalog/includes and admin/includes to enable it? https://localhost - should not be NULL for productive servers define('ENABLE_SSL', false); // secure webserver for checkout procedure? are there more settings need to be make? because once i had set it to 'true', i am not able to proceed to 'checkup', "the page cannot be display" cheers! Link to comment Share on other sites More sharing options...
agtlewis Posted February 6, 2003 Author Share Posted February 6, 2003 hello, I changed ssl_enabled to true in both the admin and catalog sections. Also for the admin configure file, I changed the non ssl url to https://mydomain.com so that it would always be secure regardless. Link to comment Share on other sites More sharing options...
agtlewis Posted February 6, 2003 Author Share Posted February 6, 2003 Can anyone tell me why this certificate is not trusted? Is it installed incorrectly? Link to comment Share on other sites More sharing options...
robertl Posted February 6, 2003 Share Posted February 6, 2003 Your browser determines the validity of the cert. In your browser has a list of the Cert Author. Rob Link to comment Share on other sites More sharing options...
dreamscape Posted February 6, 2003 Share Posted February 6, 2003 This cert was free and I am debating on whether or not to buy one from them. I get it too... I got a free cert from freessl.com and it only gives me that on Opera. I guess freeSSL is included in the default "trusted" orginizations on IE and Netscape. The only thing necessary for evil to flourish is for good men to do nothing - Edmund Burke Link to comment Share on other sites More sharing options...
HLT Posted February 6, 2003 Share Posted February 6, 2003 We get the security warning too, but we have a Thawte certificate. Its a new installation and a new server mind you, but any experts, please feel free to peruse this information and give your input: We get a popup when trying to check out saying the following page contains insecure items. User is sent to checkout_payment.php and it is an http URL at the top. Previous page was https. Programmers are telling me that this is happening because there is no _SERVER[HTTPS] with the value of "on" located in the "PHP Variables" section of this file: https://www.hairlosstalk.com/progs/shop/adm...server_info.php I told the server admin, he turned it on, and the whole store broke. 500 server errors everywhere. So he turned it back off. Are any of you familiar with this apache variable and it needing to be present, and on? Could you take a quick look at your server_info.php files and tell me if its there? Its within "PHP Variables" and typically within the first 10 rows of the table. The only way they say to fix the problem (true, it worked on the old store) was to change the definition of <base> in several pages of the store code. <base> defines for the store and the browser where to look for everything. In this case they manually changed all the necessary files to read https://www.hairlosstalk.com/etc/etc/etc. Basically they hardcoded it, rather than letting the server do it. I don't want all this customization on the new store. Any help you can give would be much appreciated. By the way, also note that when in the admin section, on that intro-dark-blue screen, lower left corner, it says "You are NOT protected by a secure connection".... when in fact we are. . www.hairlosstalk.com Consumer Hair Loss Information & Support Link to comment Share on other sites More sharing options...
agtlewis Posted February 6, 2003 Author Share Posted February 6, 2003 That warning is being caused because an image or webpage which IS NOT secure is being pulled from a page that IS Secured. Simple way to fix it is to change whatever url is causing it to https instead of http Link to comment Share on other sites More sharing options...
badjuju Posted February 6, 2003 Share Posted February 6, 2003 I have a similar problem. I have an image on my page, but I'm using the https url to avoid ssl warnings. Now the image is linking to a secure paypal page. The problem is when someone tries to access an unsecure page, the image does now show up - red X. It only shows up on secure pages. Is there a way to get around this? I tried changing the url to use a relative url, but still weird. Is the problem caused by the url the image is linking to - it's paypal's https. Thx Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.