Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

('ENABLE_SSL', true)


Rodland

Recommended Posts

in configuration when I do this:

 

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

 

I get this:

 

[b]Not Found[/b]



The requested URL /catalog/HTTPS_SERVER/catalog/login.php was not found on this server.

 

I would like the checkout procedure to go via SSL. Do I have to put the checkout files in my SSL directory or something?

 

 

CMR

Link to comment
Share on other sites

forgive the second 'code' - haven't quite got the hang of this yet. Its just an error 404 page.

 

CMR

Link to comment
Share on other sites

It appears that you have not set the HTTPS_SERVER (it should be the second item in configure.php) to the appropriate setting (i.e. https://www.yourdomain.com).

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

I have, but I've used an ip address for the time being:

 

define('HTTPS_SERVER', 'https://111.11.111.11'); // eg, https://localhost - should not be NULL for productive servers

 

should I maybe do this:

 

define('HTTPS_SERVER', 'https://localhost');

 

or perhaps wait until I've delegated the new nameservers for the domain?

Link to comment
Share on other sites

When you enter https://111.11.111.11 directly into your browsers address, what do you get?

 

Typically when you use an IP address it is https://111.11.111.11/~username.

 

If your site is not live I would suggest not enabling SSL until your cert is installed and your name resolves properly.

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

If that is the case then you have it correct at being https://111.11.111.11 for the https_server setting.

 

At what point are you receiving the error message?

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

Since I need to login first to go to any checkout pages I receive it when I click on the login or myaccount link.

 

I was wondering if I need to change any other settings. I found this in the admin configure.php file:

 

define('ENABLE_SSL_CATALOG', 'false'); // secure webserver for catalog module

 

can't be this surely?

Link to comment
Share on other sites

No, your admin configure.php will not have a bearin on this problem. So that you know, if that setting is true and there is an entry in the https_catalog_server, when you click on the Catalog link in the navigation header of the admin pane you will be taken to your catalog using SSL.

 

Would you mind posting your catalog/includes/configure.php file minus the database information and with your domain name replaced with 'mydomain' here?

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

 define('HTTP_SERVER', 'http://111.11.111.11'); // eg, http://localhost - should not be NULL for productive servers

 define('ENABLE_SSL', true); // secure webserver for checkout procedure?

 define('DIR_WS_CATALOG', '/catalog/'); // absolute path required

 define('DIR_WS_IMAGES', 'images/');

 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

 define('DIR_WS_INCLUDES', 'includes/'); // If "URL fopen wrappers" are enabled in PHP (which they are in the default configuration), this can be a URL instead of a local pathname

 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');



 define('DIR_WS_DOWNLOAD_PUBLIC', DIR_WS_CATALOG . 'pub/');

 define('DIR_FS_DOCUMENT_ROOT', '/home/httpd/vhosts/mydomain.com/httpdocs/');

 define('DIR_FS_CATALOG', '/home/httpd/vhosts/mydomain.com/httpdocs/catalog/');

 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');



// define our database connection

 define('DB_SERVER', '*****'); // eg, localhost - should not be NULL for productive servers

 define('DB_SERVER_USERNAME', '*****');

 define('DB_SERVER_PASSWORD', '*****');

 define('DB_DATABASE', '*****');

 define('USE_PCONNECT', 'false'); // use persistent connections?

 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

 

seems to be more ssl info in the admin configure.php

 

one friend said that I need to copy all of the catalog into my https folder as well as all of the folders related to checkout. This apparantly is the reason why I get the error 404 page because those files don't exist in the https folder. ???? I think though that this is not the case or it would be written all over the osDox/osC documentation.

Link to comment
Share on other sites

It appears that your configure.php file is missing a directive.

 

Between the HTTP_SERVER and ENABLE_SSL directives, there should be:

  define('HTTPS_SERVER', 'https://111.11.111.11');

add that missing piece to your file and let me know if anything changes.

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

well I never! how on earth that disappeared I don't know!!!

 

Thanks, it seems to have fixed that problem but now I have another:

 

When I click on the login link the browser address says:

 

https://111.11.111.11/catalog/login.php

 

And I get an error page:

 

Not Found

The requested URL /catalog/login.php was not found on this server.

 

Which makes me think that I should have some files in the httpsdoc folder ???

 

CMR

Link to comment
Share on other sites

I have the store all set up and working. right now it is in the http Directory.What I have read is to make a copy and place it in the https. I did this. I go to https default page I get a Sucuity alert does not match name of site I guess this is the host Certificate. If I click on details it says issued to plesk at the bottom it says Install Certificate do I leave this alone? Also after going to my default page https:// if I change the page it goes to a http:// page. I 'am going to use Instant ssl Certificate. I did not have any trouble getting the store set up but the sucuity part Iam lost on also in the admin it has the padlock open not protected. what do I need to do to get the sucuity set and if copying the catalog into https is what I should have done

Thanks Scott

Link to comment
Share on other sites

I have the store all set up and working. right now it is in the http Directory. What I have read is to make a copy and place it in the https. I did this.

That was the right thing to do.

 

I go to https default page I get a Sucuity alert does not match name of site I guess this is the host Certificate.

You are correct. View the certificate and verify that the certificate's path is the same as your shared certificate's path. If it is not, then the only way to remove that warning is to purchase a certificate of your own.

 

If I click on details it says issued to plesk at the bottom it says Install Certificate do I leave this alone?

Yes, leave this alone.

 

Also after going to my default page  https:// if I change the page it goes to a http:// page.

That is normal because you do not want your entire site running through SSL, just the login and checkout pages. osC will switch between the modes as needed.

 

I am going to use Instant ssl Certificate.

That is all that I use and do not have a problem. If you are interested, there is a contribution that will show the protected by Comodo (the authorizing agent for InstantSSL and FreeSSL) message in an infobox.

 

I did not have any trouble getting the store set up but the sucuity part Iam lost on also in the admin it has the padlock open not protected. what do I need to do to get the sucuity set and if copying the catalog into https is what I should have done

In order to get the admin portion secured as well, you need to move the admin folder to your https folder.

 

In addition, edit the admin/includes/configure.php file in the https folder and set the first entry HTTP_SERVER to to use the secure url (do not forget the https).

 

When you access your admin panel, be sure to request the secure url with the https.

 

That should have you going.

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

This thread has been very useful. Thanks.

 

The weird thing about all this is that some threads have said that no files need to be in the https directory and others have said that all the files that require ssl should be in the https directory. I think I've even heard that files should only be in the secure directory UNLESS you have a proper ssl certificate.

 

I wish there was a straight answer to this. Some have said that ALL the catalog and admin files should be in the https directory.

 

In fact, what would be useful would be if there was some kind of documentation showing which files should be in the https folder for users wishing to use https in the login and checkout pages.

 

i.e catalog/login.php

catalog/checkout_address.php

catalog/includes/languages/english/checkout_address.php

etc.

 

However, what happens if files that are in the secure server have images etc. that are linked to the unsecure directory?

 

Strange that there is not more documentation on this.

 

CMR

Link to comment
Share on other sites

The weird thing about all this is that some threads have said that no files need to be in the https directory and others have said that all the files that require ssl should be in the https directory. I think I've even heard that files should only be in the secure directory UNLESS you have a proper ssl certificate.

 

I wish there was a straight answer to this.

CMR

 

 

You don't have to put anything into the https directory.

On my server there is 1 SSL certificate that's shared by different domains.

 

You have to configure your server.

Do you have telnet access?

Cheers,

Susan

 

* * * * *

Find a way, or make one!

Link to comment
Share on other sites

see! what you say is different again!!

 

What is telnet access? What can I do with it?

 

By the way, I have my own certificate with Geotrust which I installed today.

 

Thanks,

CMR

Link to comment
Share on other sites

I'm sorry, I really don't mean to confuse you. :?

 

if you don't know what telnet is, don't worry about it, just ask your hosting company to configure your server, so all the files can be accessed with http and https without having 2 copies of each. they should know how to do it. it's really simple and saving you some pain.

 

Good luck!

and have a wonderful weekend!

Cheers,

Susan

 

* * * * *

Find a way, or make one!

Link to comment
Share on other sites

You don't have to put anything into the https directory.

On my server there is 1 SSL certificate that's shared by different domains.

 

You have to configure your server.

Do you have telnet access?

 

Susan,

 

Perhaps you can help me here also. What you've done sounds like what I want to accomplish. I want to get a secure cert for my main domain, then use that as my secure server path for multiple carts on other multiple domains. In essence I will be using my secured main domain as a shared SSL for all my carts. Essentially this sounds like what you are doing.

 

My host does not allow me to use telnet access, but they will configure whatever I need for me. So my question is could you give me more specifics on exacty what I need to ask them to configure for me? Or is what you previously said to ask them enough that they will understand?

 

Perhaps you can explain the telnet process for me so that I will understand more clearly what is to be done and share that with them if needed. I hope that is not too much trouble. I really need to find a way to make this work so I don't have to get certs for multiple domains.

Link to comment
Share on other sites

If you just tell them what you need to accomplish, they should know what they need to do. Just simply how I stated above.

 

I need to leave now, but in case you need more details I'll get back to you tomorrow. I can dig out the code but you need telnet access for that, I don't know it in any other way... :?

 

you see, I'm just learning, but glad to pass on whatever I can :wink:

 

I guess if it works fine for me, it'll work for you, too. :D

 

CHEERS!

Cheers,

Susan

 

* * * * *

Find a way, or make one!

Link to comment
Share on other sites

if you don't know what telnet is, don't worry about it, just ask your hosting company to configure your server, so all the files can be accessed with http and https without having 2 copies of each. they should know how to do it. it's really simple and saving you some pain.

 

GREAT this works!! It's OFFICIAL. You don't need to transfer files to your secure directory if you can get your host to do the above!

 

But now I get this problem when accessing secure files:

 

Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/home/httpd/vhosts/christianscott.com/httpsdocs/catalog/install) is not within the allowed path(s): (/home/httpd/vhosts/christianscott.com/httpsdocs) in /home/httpd/vhosts/christianscott.com/httpdocs/catalog/includes/header.php on line 15

 

 

mmm....

Link to comment
Share on other sites

Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/home/httpd/vhosts/christianscott.com/httpsdocs/catalog/install) is not within the allowed path(s): (/home/httpd/vhosts/christianscott.com/httpsdocs) in /home/httpd/vhosts/christianscott.com/httpdocs/catalog/includes/header.php on line 15
If you have already installed, you can delete line 15 from header.php and the entire install directory. You also may have an issue with the way that it switches from httpsdocs to httpdocs (unless that is just a typo in copying the error message).

 

Good luck,

Matt

Link to comment
Share on other sites

But now I get this problem when accessing secure files:

 

Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/home/httpd/vhosts/christianscott.com/httpsdocs/catalog/install) is not within the allowed path(s): (/home/httpd/vhosts/christianscott.com/httpsdocs) in /home/httpd/vhosts/christianscott.com/httpdocs/catalog/includes/header.php on line 15

 

 

mmm....

That means that your host has PHP running in safe_mode. Ask them if they will disable that.

 

In addition, never use telnet - it is unsecure. Instead use SSH (secure shell) for your connections to your server. A free SSH client is PuTTY.

 

I am glad to hear that everything is starting to work out for you.

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

So what is the secret of not having any files in the SSL folder. Currently I have several sites that are using one SSL folder for checkout. The only way I have got this to work is to copy my catalog into the SSL folder.

 

If there is a way to avoid the duplication, please let me know.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...