sergeys Posted January 13, 2010 Posted January 13, 2010 How can I compulsively indicate to osCommerse that the certificate is not used? Situation similar to * and ** . The certificate is not needed and not installed and in both configure.php the value 'false' is set. However, in admin panel the message "Your're protected by unknown SSL connection" is shown, as well as the values of paths 'domain.com' (instead of 'mydomain.com') are taken from the settings configure.php for SSL. This does not interfere with the work of the website for all browsers except Internet Explorer. If IE is used, the images and CSS files stop working and have path http://domain.com/path_to_img_or_css. Meanwhile the connection for all browser and for website and for admin panel is done via HTTP (not HTTPS). ./catalog/includes/configure.php define('HTTP_SERVER', 'http://www.mydomain.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'http://www.domain.com'); // eg, hettps://localhost - should not be empty for productive servers define('ENABLE_SSL', false); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', '.mydomain.com'); define('HTTPS_COOKIE_DOMAIN', '.domain.com'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); ./admin/includes/configure.php define('HTTP_SERVER', 'http://www.mydomain.com'); // eg, http://localhost - should not be empty for productive servers define('HTTP_CATALOG_SERVER', 'http://www.mydomain.com'); define('HTTPS_CATALOG_SERVER', 'http://www.domain.com'); define('ENABLE_SSL_CATALOG', 'false'); // secure webserver for catalog module * - http://www.oscommerce.com/forums/topic/269665-i-do-not-want-to-use-ssl/page__p__1105566__hl__Your're%20protected%20by%20unknown%20SSL%20connection__fromsearch__1&%23entry1105566 ** - http://www.oscommerce.com/forums/index.php?showtopic=255178&st=0&p=1044635&hl=Your're%20protected%20by%20unknown%20SSL%20connection&fromsearch=1&%23entry1044635
♥mdtaylorlrim Posted January 13, 2010 Posted January 13, 2010 I must not be reading this right. You don't want to use SSL because you *want* to get hacked? Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...?
Guest Posted January 14, 2010 Posted January 14, 2010 Hey, That configure.php file is ..............right out of the box. Yes, Mark......I am confused by this post as well. Chris
germ Posted January 14, 2010 Posted January 14, 2010 The code in the admin that displays that message hinges on this: if (getenv('HTTPS') == 'on') { On the rare occaison (2 or 3 times) I have see that true even if no SSL cert. is present or installed. The poster and I changed it to something else (this was in the catalog side). And with HTTP_SERVER and HTTPS_SERVER both being http links on the catalog side you'd never be able to tell there. :blush: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
sergeys Posted January 14, 2010 Author Posted January 14, 2010 I look at the issue in terms of server administration, the client does not want to use the certificate on principle, so I have no right to interfere. But he thinks that the standard configuration of CPanel has a drawback in the work with certificates which leads to the onformation about the certificate being shown in HTTP connection. However no one else has such a problem, so it's hard to imagine how the server can have impact on it. Thanks a lot for the comments.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.