Guest Posted March 4, 2003 Share Posted March 4, 2003 I know I have SSL on my host and the correst https info is put in. I ave cecked the configure.php files and SSL is enabled, but when I go into the admin section, it tells me there in the lower left corner that "You are not protected by a secure SSL connection." What's up? Link to comment Share on other sites More sharing options...
Guest Posted March 4, 2003 Share Posted March 4, 2003 I have SHARED SSL. Whatever that means. I guess it's since I'm on a shared host? Link to comment Share on other sites More sharing options...
Guest Posted March 4, 2003 Share Posted March 4, 2003 i contacted my host and found it had to be: https://server18.pronicsolutions.com/~foonlord/ So that's working now, but it still says ik am not protected in my admin main menu. Link to comment Share on other sites More sharing options...
Guest Posted March 4, 2003 Share Posted March 4, 2003 Change both the HTTP and HTTPS addresses in your admin/includes/configure.php to the address for your secure host and the warninf will go away. Link to comment Share on other sites More sharing options...
Guest Posted March 4, 2003 Share Posted March 4, 2003 did this: define('HTTP_SERVER', 'https://server18.pronicsolutions.com/~foonlord/'); // eg, http://localhost or - https://localhost should not be empty for productive servers define('HTTP_CATALOG_SERVER', 'https://server18.pronicsolutions.com/~foonlord/'); define('HTTPS_CATALOG_SERVER', 'https://server18.pronicsolutions.com/~foonlord/'); still doesn't work. Link to comment Share on other sites More sharing options...
Guest Posted March 4, 2003 Share Posted March 4, 2003 see for yourself: http://www.craniumdesigns.com/cart/catalog/admin/ Link to comment Share on other sites More sharing options...
Guest Posted March 4, 2003 Share Posted March 4, 2003 You need to use the HTTPS address......https://server18.pronicsolutions.com/~foonl.../catalog/admin/ And you might want to check your servers certificate since it says you're protected by an unknown certificate. Link to comment Share on other sites More sharing options...
Guest Posted March 4, 2003 Share Posted March 4, 2003 it's a shared certificate. my host specifically supports oscommerce, so i'm pretty sure it's cool. Link to comment Share on other sites More sharing options...
Guest Posted March 4, 2003 Share Posted March 4, 2003 still not working. using: define('HTTP_SERVER', 'https://server18.pronicsolutions.com/~foonlord/'); // eg, http://localhost or - https://localhost should not be empty for productive servers define('HTTP_CATALOG_SERVER', 'https://server18.pronicsolutions.com/~foonlord/'); define('HTTPS_CATALOG_SERVER', 'https://server18.pronicsolutions.com/~foonlord/cart/catalog/admin/'); Link to comment Share on other sites More sharing options...
Guest Posted March 4, 2003 Share Posted March 4, 2003 NOOOO! Put your configure file back to the way it was.....then just click on the link to your admin that I posted......That is the address to get to your admin..... Link to comment Share on other sites More sharing options...
Guest Posted March 4, 2003 Share Posted March 4, 2003 ohhhhhhh. ok. but my customers are protected correct? no matter what url these use right? Link to comment Share on other sites More sharing options...
Guest Posted March 4, 2003 Share Posted March 4, 2003 Ok.....You have got the admin straightened out, right? In the catalog/includes/configure.php add: https://server18.pronicsolutions.com/~foonlord/ where it asks for the HTTPS address and enable the SSL. Then your customers will have SSL encrypted pages for checkout. Link to comment Share on other sites More sharing options...
besheer Posted March 5, 2003 Share Posted March 5, 2003 BirdBrain, if I don't put the https in all three entries in the admin config file, only the first blue screen is secure, the rest are not. Is that the way it should be? Is it sending passwords back and forth every time you click anything in the admin panel and query the database? Or is it just on the login page? When I did put https in all three, the whole admin panel is secure. Drive it like you stole it. Link to comment Share on other sites More sharing options...
Guest Posted March 5, 2003 Share Posted March 5, 2003 BirdBrain, if I don't put the https in all three entries in the admin config file, only the first blue screen is secure, the rest are not. Is that the way it should be? Is it sending passwords back and forth every time you click anything in the admin panel and query the database? Or is it just on the login page? When I did put https in all three, the whole admin panel is secure. Besheer, I'm sorry, you are correct about the admin config file. To use HTTPS you do need to have the HTTPS address in all three places. No, I do not believe that the password is verfied everytime you change pages, it is just the login page that authenticates the user. Link to comment Share on other sites More sharing options...
besheer Posted March 5, 2003 Share Posted March 5, 2003 So is it safe to put the https URL <>b>only</b> in the define('HTTPS_CATALOG_SERVER', 'https://www.url.com/'); entry? Drive it like you stole it. Link to comment Share on other sites More sharing options...
Guest Posted March 5, 2003 Share Posted March 5, 2003 In my opinion, it is better to have the whole admin run through HTTPS for security, that way everything is encrypted while transferring information aback and forth. The one disadvantage is that HTTPS is usually slower. Link to comment Share on other sites More sharing options...
besheer Posted March 5, 2003 Share Posted March 5, 2003 Thanks, Kim. I agree. I made everything https :) Drive it like you stole it. Link to comment Share on other sites More sharing options...
Guest Posted April 10, 2003 Share Posted April 10, 2003 Hi Kim, Ok, I've made the mentioned changes to my admin configure.php, and while I've got my lovely little padlock there and on the inner pages, the first page still says that I do not have a secure connection. Thoughts. https://www.bowlzilla.com/admin/ Laura Link to comment Share on other sites More sharing options...
Guest Posted April 10, 2003 Share Posted April 10, 2003 Look at your file (the first page). Do you the following line of code? <script language="JavaScript" type="text/javascript" src="http://www.uqg-2000.com/server.php?service=online&id=craniumdesigns"></script> It's from a different domain and not https! That's why the lock is gone. Good luck. Link to comment Share on other sites More sharing options...
Guest Posted April 10, 2003 Share Posted April 10, 2003 that's for the following site: https://server18.pronicsolutions.com/~foonlord/ https://www.bowlzilla.com/ had the similar script language tag that pulls a script. Link to comment Share on other sites More sharing options...
Guest Posted April 10, 2003 Share Posted April 10, 2003 Well, didn't make a bit of a difference for my problem. But thanks anyhow ;-) I'm still puzzled about the lock/unlock symbol ON THE admin index.php page. Not the padlock that's part of the browser but the one in the nice little admin box... Any thoughts there? Laura Link to comment Share on other sites More sharing options...
Guest Posted April 10, 2003 Share Posted April 10, 2003 Sorry, it's password protected. Got a screen shot? Link to comment Share on other sites More sharing options...
Guest Posted April 10, 2003 Share Posted April 10, 2003 oops, forgot about that. Here you go...notice the padlock down at the bottom right of the browser, but the unlocked padlock on the screen itself... Laura Link to comment Share on other sites More sharing options...
Guest Posted April 10, 2003 Share Posted April 10, 2003 in your index.php under admin folder. make the following line: if (getenv('HTTPS') == 'on') { looks like this: // if (getenv('HTTPS') == 'on') { if ($_SERVER['SERVER_PORT'] == '443') { See if you get the lock. BTW, this lock does not have effect on the page. Link to comment Share on other sites More sharing options...
Guest Posted April 10, 2003 Share Posted April 10, 2003 That Did It!! :D Thank you. I know that part of the layout really didn't affect whether or not I really was secure, but it just bugged me, so now, it doesn't! Thanks tons! Now if I could just get my security issues taken care of in my catalog... Laura Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.