Shared SSL problems =(

[smit]

Hi

 

we're having problems with our store, once shared ssl is enabled, the store does not work :'( we have been working on it for days now and cant find a solution to the problem

 

When we get to checkout_shipping.php we get a 404 'page not found' message

 

the url that appears in the address bar links to the correct directory in our server. We're with the company hostess.com.au

 

any help would be appreciated :)

 

thankyouu in advance!

 

Smit / Ehedei

 

p.s. here's our includes/configure.php file

 

<?php

define('HTTP_SERVER', 'http://www.skillzone.com.au');

define('HTTPS_SERVER', 'https://4tknox.au.com/skillzone.com.au');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'skillzone.com.au');

define('HTTPS_COOKIE_DOMAIN', '4tknox.au.com/skillzone.com.au');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/secure/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/secure/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/clientdata/zeus-dynamic-1/s/k/skillzone.com.au/www/catalog/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

[germ]

Check with your host.

 

Your shared SSL URL doesn't seem to be correct:

 

This:

 

define('HTTPS_SERVER', 'https://4tknox.au.com/skillzone.com.au');

 

Doesn't work.

[smit]

yeah we checked with them first thing. but they said that, thats the one :(

 

we've emailed them again (for now) telling them the issue and hopefully they'll be able to come up with something :(

 

is there anything else that looks wrong? :S

 

thankyou so much for ur quick reply :)

 

Smit / Ehedei

[smit]

btw this is the 'tutorial' the company sent us if it helps in any way

 

http://support.hostess.com.au/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=90

[germ]

If you can't copy/paste the URL they give you into your browser address bar and get it to work, it aint right...

>_<

 

I noticed you have a folder named "secure", are you supposed to copy the store files there?

:unsure:

 

Which brings me to my last (but not least) point...

 

Visit the link below:

 

How to Secure Your Site

 

Pay close attention to "SECURING THE ADMIN" - Yours is vulnerable.

 

It's easier to do a few security fixes now than to clean up a hacked store later.

 

And if you don't secure the admin your shop will be hacked.

 

It's just a question of when...

:o

[smit]

well from what i understood in that tutorial they sent us was that we were meant to place all our catalog files into a folder named secure for the ones that needed to be changed to https.

 

the tutorial didn't really entirely make sense to us but yeah so that's what we did :|

 

and thanks for reminding me to secure admin..I've renamed the admin folder and ill put up a password on it too :)

 

 

Smit/Ehedei

[germ]

From the link you provided:

 

Location of secure pages on the server

 

Place the pages that you would like to view securely in the /secure folder in your document root (ie assuming the Webpage is called "order.html", then place it at www.domain.com/secure/order.html). Ensure that all graphical content is also placed into the secure directory appropriately. e.g. any include files, or any frames and/or images.

[smit]

i still don't quite get it (sorry :( ) but does that mean we don't need 4tknox.au.com in front? we did that before and it wasn't exactly working. it wasn't implementing ssl.

 

ohhhh waittt .. so that means we don't need the catalog folder right? but we've changed it to just secure before and it still didn't work. :/

[germ]

From what I can tell, you don't have a folder named "secure" in the document root.

 

It's in your /catalog folder.

 

That's not the same as "document root".

 

And I don't want to rain on your parade but your admin is NOT secure.

 

Any hacker worth his salt could drive a Mack truck right thru it..

:o

[MrPhil]

First of all, make sure you're actually getting a real 404 error, and it's not a case of some other (e.g., 500/Internal Server) error followed by a bogus 404 error because you don't have /500.shtml defined. I see this all the time -- people report "I have a 404 error" when it's actually something else. The default Apache configuration is stupid, but that's what most sites have (it first looks for a custom error handler, e.g., /500.shtml, and issues a 404 if you don't have one, even if there is a default handler it can use).

 

I'm a bit puzzled by the "secure" references. Is your host telling you that you have to put SSL-protected pages under a separate file tree? That's stupid! That will break osC, unless you duplicate much of your store in the regular /catalog/ plus the /catalog/secure/. An SSL certificate (whether it's private or shared) normally applies to your entire domain, so you don't have to put various files in different places depending on whether they're to be under SSL or not. Either your host has a very bizarre setup, or your tech support has no idea what they're doing, or you misunderstood them.

[smit]

YAY it works lol originally we had the secure folder in the document root but it still wasn't working. but today when we changed it back to that it worked!!! so a little confused about what we were doing wrong before but at least it works now :)

 

now for scouring through osCommerce forums on the errors we're getting now. if we can't fix it ill post it up here for u to see

 

but thanks heaps guys!!