Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

My SSL / Shared Certificate solution to get https & padl


smartwork

Recommended Posts

WHEW! :shock: I have read and read and read about this here on the forums and never found a solution to my exact issue but rather found pieces/parts and from what I gather a TON of people have a similar issue when it comes to SSL and shared certificates WHEN having some sort of ~username type format.

 

Here's what I have - NOTE: two different domains due to shared certificate:

 

Domain: http://www.mydomain.com

Secured address with shared certificate:

https://my.host.com/~myusername

 

I tried SO many combinations in the two configure.php files to get this to work. Files (if set up according to install directories) are catalog/includes/configure.php and catalog/admin/inclludes/configure.php

 

Here is what worked for me (so far :wink: ):

 

In the catalog/includes/configure.php

 

define('HTTP_SERVER', 'http://www.mydomain.com);

define('HTTPS_SERVER', 'https://my.host.com/~myusername);

define('ENABLE_SSL', true);

 

 

In the catalog/admin/includes/configure.php

 

define('HTTP_SERVER', 'https://my.host.com/~username');

define('HTTP_CATALOG_SERVER', 'https://my.host.com/~username');

define('HTTPS_CATALOG_SERVER', 'https://my.host.com/~username');

define('ENABLE_SSL_CATALOG', 'false');

 

 

What is the result?

 

1. My catalog is served via regular http - no SSL

2. Use https://my.host.com/~username/catalog/admin/index.php to access your admin area. NOT www.mydomain.com/catalog/admin/index.php

2. My admin is now ALL https... not just the first screen BUT all links are now https :lol: MAJOR difference compared to some other "solutions" I read (at least for my config).

 

Gosh... I sure hope this helps at least one person spare the brain-racking I've done. :wink: It certainly won't work for everyone, but hopefully someone.

 

-shaun

Link to comment
Share on other sites

Ugh... wish this forum had "edit your own post".

 

 

Added info to above post:

 

1. My host does not have us put http and https files in separate directories. They're all in one.

 

2. Yes, I get the padlock and do not get any secure/nonsecure pop-up warnings.

Link to comment
Share on other sites

:bigups:

 

Thank you, thank you, thank you!!!!! :D

 

I've had sooo much trouble trying to install v2.1. Then after searching through lots of posts with similar problems I stumbled across one that said to just use v2.2 because that's what 95% of people are doing. So I did, but didn't use the installation wizard to start with. After a couple of hours of trying to fix things I decided to use the wizard :bigups: . Then I had the same problem as you with the shared SSL cert. I followed your previous thread and was about to give up when I stumbled across this thread! Thank you so very much for following up on your problem. No doubt you have saved me many hours of head banging! :bigups: :D

Link to comment
Share on other sites

Yes and it almost completely works! The only problem I've come across so far is that some of the images in the admin pages e.g. country flags are using a combination of the shared SSL path and the regular http path. For example:

 

On the languages admin page, https://myhost.com/~myusername/catalog/admi...n/languages.php, the image on the right hand side that displays the country flag is a broken link. It seems to be

 

https://myhost.com/catalog/includes/languag...images/icon.gif

 

instead of

 

https://myhost.com/~myusername/catalog/incl...images/icon.gif (this works in a browser on its own)

 

I've tried changing the admin configure.php field HTTP_CATALOG_SERVER to be just plain old http, but to no effect.

 

Do you get the same problem? Any ideas?

Link to comment
Share on other sites

I think I've come to either:

 

(a) the conclusion that I should just settle for plain old .htaccess protection to the admin directory as it saves tinkering with the code too much, plus it's faster to use the pages

 

or

(B) my wits end :crazy:

 

:)

Link to comment
Share on other sites

Urrrgghh! :x

 

Yep, for some reason it's keeping the myhost address which is correct for the https but dropping the username after the .com before it adds on the goodies like directories of catalog, images, icons, etc.

 

hmmmm... what causes it to drop or truncate the user name? hmmm... is there a function that's getting called or something causing it to do that?

 

Anyone?

 

-shaun

Link to comment
Share on other sites

And the strange part is that the images in the header are receiving the proper URL for running those images through https

 

Somewhere :x the other image references are having the /~username truncated but the header images are not.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...