Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL Configuration


Ogrady

Recommended Posts

:lol: Help please!

 

After a successful installation the admin page says, 'You are NOT protected by a secure SSL connection'. I have made several attempts with the SSL configuration but I can't get it. Help please and Thank you!

 

Sean Aughey

[email protected]

 

My existing domain, oil-tech.com is not yet pointing at this server and my IP is oiltech.my-ehost.com.

 

Here is the sum total of all the specific SSL information that is in the WEBePanel from the host.

------------------------------------------------------------------------------------------------

Your Secure and Non-Secure webpages are stored in the same directory. They are stored in:

 

/home/oiltech/oiltech-www

 

To access a secure webpage, you would use the following Secure URL:

 

https://secure43.mysecureorder.net/oil-tech/

 

Using formmail.pl through secure server

 

If you are calling the formmail through the secure server, your action line and other code will look like the following:

 

<FORM METHOD=POST ACTION=

"https://secure43.mysecureorder.net/cgi-sys/formmail.pl">

<input type=hidden name="recipient" value="[email protected]">

<input type=hidden name="subject" value="Order">

<input type=hidden name="return_link_URL" value=

"https://secure43.mysecureorder.net/oil-tech/yourpage.html">

 

The last line allows a link back to your main page - thus they get a report of what they ordered and a link.

 

It's important that you call your order page through a secure URL (HTTPS) in order for it to work properly.

-----------------------------------------------------------------------------------------------

 

Here is step 4 of the osCommerce configuration entries, all good so far.

 

osCommerce configuration step 4

 

www Address: http://oiltech.my-ehost.com/catalog/

 

Webserver Root Directory: /home/oiltech/oiltech-www/catalog/

 

HTTP Cookie Domain: oiltech.my-ehost.com

 

HTTP Cookie Path: /catalog/

 

Enable SSL Connections: check box (checked)

 

 

This is what I entered in step 5. I've also taken 'oil-tech' out from each entry with no success either. I've also deleted the MySQL data base inbetween installs incase as well.

 

Configuration step 5

 

Secure WWW Address: https://secure43.mysecureorder.net/oil-tech...ch-www/catalog/

 

Secure Cookie Domain: secure43.mysecureorder.net/oil-tech/

 

Secure Cookie Path: oiltech-www/catalog/

Link to comment
Share on other sites

Maybe like this?

www Address:                    http://oiltech.my-ehost.com

 

Webserver Root Directory:  /home/oiltech/oiltech-www

 

HTTP Cookie Domain:        oiltech.my-ehost.com

 

HTTP Cookie Path:              /catalog/

 

Enable SSL Connections:    check box (checked)

 

Configuration step 5

 

Secure WWW Address:        https://secure43.mysecureorder.net/oil-tech

 

Secure Cookie Domain:      secure43.mysecureorder.net

 

Secure Cookie Path:            /oil-tech/catalog/

After the install is done, you need to go into admin/includes/configure.php and manually change to
define('HTTP_SERVER', 'https://secure43.mysecureorder.net/oil-tech');

Hth,

Matt

Link to comment
Share on other sites

Thank you for your reply and help Matt.

Sorry this maybe close but no cigar.

 

Also the admin page, http://oiltech.my-ehost.com/catalog/admin/index.php url

after the installation was pointing to http://oiltech.my-ehost.com/admin/index.php so it didn't open. Opening it up with the correct url showed no SSL

 

I added the '/catalog' to the www.address and to the secure address but no go.

 

Sean

Link to comment
Share on other sites

What MATT forgot to say is in

 

in in BOTH /includes/configure.php

manually change to :

define('HTTP_SERVER', 'http://oiltech.my-ehost.com'); 
define('HTTPS_SERVER', 'https://secure43.mysecureorder.net/oil-tech'); 
define('ENABLE_SSL', true);

Link to comment
Share on other sites

Thanks Matt, Jason,

I believe I have succeeded. The secure part of the osCommerce now operates and shows as locked (if I accept the certificate), but the 'lock' in administration is unlocked! I found out why.

 

Investigation shows there is a problem with my hosts ssl certificate, it is not valid!

Here is the config info that I entered, as you can see the dashes and no dashes in the word oiltech are potential stumbling blocks.

 

WWW Address: http://oiltech.my-ehost.com/catalog/

Webserver Root Directory: /home/oiltech/oiltech-www/catalog/

HTTP Cookie Domain: oiltech.my-ehost.com

HTTP Cookie Path: /catalog/

Enable SSL Connections: checked

 

Secure WWW Address: https://secure47.mysecureorder.net/oil-tech/catalog

Secure Cookie Domain: secure47.mysecureorder.net/oiltech

Secure Cookie Path: oil-tech/catalog/

 

--------------------------------------------------------------------------

This is the /catalog/admin/includes/configure.php as found.

As you can see there isn't the line define('HTTPS_SERVER', 'https://secure43.mysecureorder.net/oil-tech');

that Jason recommends to add. Should I add it? I'm thinking not.

 

define('HTTP_SERVER', 'http://oiltech.my-ehost.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'http://oiltech.my-ehost.com');

define('HTTPS_CATALOG_SERVER', 'https://secure47.mysecureorder.net');

------------------------------------------------------------------------------------------

This is the /catalog/includes/configure.php as found.

 

define('HTTP_SERVER', 'http://oiltech.my-ehost.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://secure47.mysecureorder.net'); // eg, https://localhost - should not be empty for productive servers

 

Thanks SO MUCH!java script:emoticon(':D')

smilie

 

Sean Aughey

 

P.S. osCommerce is so much more than a shopping cart! I'm still pinching myself to have such a cart on my site. Koudos to all involved in development of this program!

Link to comment
Share on other sites

Hi. thanks for reporting this - I'm having the same problems with pretty much the same webserver/url configuration.

 

I have a difference in that my admin site shows the padlock quite correctly! My admin directory is inside the catalog directory (as per normal MS2.2 install).

 

This confuses me greatly - why would the SSL padlock show on the admin site, but not the catalog?

 

Anyway - if you get any further, I'd love to hear what you did.

 

thanks.

Link to comment
Share on other sites

I have more info, and a possible solution for you:

 

searching through the support forum, I found this:

 

http://www.oscommerce.com/forums/index.php?sho...t=0entry65024

 

which says - remove the base tags. I did this for my site, and it seems to work fine. I get a padlock and it stays there! I think that my shared SSL server doesn't support the HTTPS environment variable, and this means that the osCommerce way of checking SSL doesn't work, so the admin pages won't be able to tell you whether you're protected or not.

Incidentally, the admin pages all work correctly because none of them have the base tag.

 

According to the W3C, the base tag isn't really needed for a web site like osCommerce as the server will determine it from http metadata or the url if the base tag is not present.

 

You have to remove the base tag from a few files:

 

account.php(line 29) - try this to see if it works OK (view the 'my account' page)

index.php(40)

account_edit.php(127)

account_history.php(30)

account_history_info.php(44)

account_newsletters.php(52)

account_notifications.php(77)

account_password.php(72)

address_book.php(30)

address_book_process.php(244)

advanced_search.php(23)

advanced_search_result.php(134)

checkout_confirmation.php(94)

checkout_payment.php(86)

checkout_payment_address.php(202)

checkout_shipping.php(157)

checkout_shipping_address.php(214)

checkout_success.php(57)

conditions.php(24)

contact_us.php(41)

cookie_usage.php(24)

create_account.php(259)

create_account_success.php(32)

info_shopping_cart.php(24)

location.php(24)

login.php(82)

logoff.php(33)

password_forgotten.php(47)

popup_cvv.php(23)

popup_image.php(25)

popup_search_help.php(23)

privacy.php(24)

product_info.php(25)

product_reviews.php(43)

product_reviews_info.php(52)

product_reviews_write.php(78)

products_new.php(24)

reviews.php(24)

shipping.php(24)

shopping_cart.php(24)

specials.php(24)

ssl_check.php(24)

tell_a_friend.php(101)

 

I hope this helps, this problem seems to be quite common at the moment, perhaps because mod_ssl doesn't export the environment variables by default, so you need a relatively switched-on host.

 

 

I hope this is all correct, can anyone tell me otherwise?

Cheers.

Link to comment
Share on other sites

Thank you Andy,

I will check this 'base' idea out.

 

The program for most part is operational except when I attempt to leave the secure part of the store by clicking 'continue'.

 

This is the browser url after the 404 I receive.

https://secure47.mysecureorder.net/oil-tech...bdc9bb5256968f8

 

I'm expecting the 'continue' would take you to the catalog again.

 

I've been able to click forwards and backwards within the catalog be it secure side, unsecure side, enter the site from the purchasers email, but not the continue.

 

Sean Aughey

Link to comment
Share on other sites

BE sure you this option "Use Search-Engine Safe URLs = false""

if you set them to tru you will get the 404 error in secure mode.

<span style='font-family:Courier'>If you can't fix it Perl it!!!...</span>

******************************

Link to comment
Share on other sites

Thanks Jello on the 'Use Search-Engine Safe URLs = false' was already false.

 

Andy, I see the 'base' tags, I forgot to ask, HOW to remove them. This is my 3rd day of exposure to a language other than html so I'm not familiar at all but can follow directions. I thought of adding what l'd call a comment tag at the front of the line but thought I should ask first.

 

Thanks!

Sean

Link to comment
Share on other sites

FYI. I have found the problem where clicking the 'login' button on login.php brings up a page with 'you are about to be redirected to a nonsecure site' (or words to that effect).

 

The issue is in general.php - the function tep_redirect uses the getenv(https) call to determine whether to route the page to https or http.

 

The fix is to create a new function that ignores getenv and call that instead from your login.php page.

 

This is what I did:

 

in general.php

// Redirect to another page or site

  function tep_redirect_ssl($url) {

    if ( (ENABLE_SSL == true) ) { // We are loading an SSL page

      if (substr($url, 0, strlen(HTTP_SERVER)) == HTTP_SERVER) { // NONSSL url

        $url = HTTPS_SERVER . substr($url, strlen(HTTP_SERVER)); // Change it to SSL

      }

    }

 

    header('Location: ' . $url);

 

    tep_exit();

  }

 

in login.php, line 64. change the tep_redirect line to

         

tep_redirect_ssl($origin_href);

 

hope this helps.

Link to comment
Share on other sites

Thanks all for your input.

 

I've been following another issue and have not changed the 'base' yet. I've stumbled across this and it turns out they are related.

 

I create dummy orders. I send out e-mail notifications, I open these emails and the return link is correct in the "Order Process' message

 

https://secure47.mysecureorder.net/oil-tech....php?order_id=9

 

BUT not in the "Order Update" be they pending, processing or delivered!

 

https://secure47.mysecureorder.net/catalog/....php?order_id=9

 

The fog clears so I have a look at the 'Continue' after completing a purchase link.

I took the '404' url and inserted '/oil-tech' and away it goes, that is the program is generating a link,

 

https://secure47.mysecureorder.net/catalog/...osCsid=9........

 

when it needs to be this

 

https://secure47.mysecureorder.net/oil-tech...?osCsid=9.......

 

This I suspect is an easy fix for one of you guys! AND Thank you!

 

Sean

Link to comment
Share on other sites

Well Andy I've finished removing the 'base tags. There was a change on the admin side alright, the link urls had an additional '/oil-tech' which of course brought up 404's.

 

I modified admin/includes/configure from

define('HTTP_SERVER', 'http://oiltech.my-ehost.com/oil-tech');

to

define('HTTP_SERVER', 'http://oiltech.my-ehost.com');

This repaired that issue but my original remains. I also tried your idea on the 'general.php file of which the program rejected totally, displaying only blank pages. I don't know if I introduced a typo or not but replacing the page after 2 attempts brought all back as before.

 

My original 2 problems remain. on leaving the completed order the generated url is

https://sec...order.net/catalog/ind..

when it needs to be

https://sec...order.net/oil-tech/catalog/ind..

which is the same problem I'm having with the customers email return link

https://secure47.m....net/catalog/account_h...ory_info.php?...

when it needs to be

https://secure47.m....net/oil-tech/catalog/...tory_info.php...

Order Process sends out the correct link in the email

Order Update sends our the wrong link in the email, be it pending, processing or delivered.

Thanks everyone for your help thus far!

 

Regards

Sean

 

here is catatog/includes/configure

<?php

/*

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://oiltech.my-ehost.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://secure47.mysecureorder.net'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'oiltech.my-ehost.com');

define('HTTPS_COOKIE_DOMAIN', 'secure47.mysecureorder.net/oil-tech');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', 'oil-tech/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/oil-tech/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/home/oiltech/oiltech-www/catalog/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', '------');

define('DB_SERVER_PASSWORD', '-------');

define('DB_DATABASE', '------');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

 

here is catatog/admin/includes/configure

 

<?php

/*

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://oiltech.my-ehost.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'http://oiltech.my-ehost.com');

define('HTTPS_CATALOG_SERVER', 'https://secure47.mysecureorder.net');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/home/oiltech/oiltech-www/catalog/'); // where the pages are located on the server

define('DIR_WS_ADMIN', '/catalog/admin/'); // absolute path required

define('DIR_FS_ADMIN', '/home/oiltech/oiltech-www/catalog/admin/'); // absolute pate required

define('DIR_WS_CATALOG', '/catalog/'); // absolute path required

define('DIR_FS_CATALOG', '/home/oiltech/oiltech-www/catalog/'); // absolute path required

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

// define our database connection

define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', '------');

define('DB_SERVER_PASSWORD', '------');

define('DB_DATABASE', '---------');

define('USE_PCONNECT', 'false'); // use persisstent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

Link to comment
Share on other sites

You definitely need /oil-tech adding to the https server config.

 

define('HTTPS_SERVER', 'https://secure47.mysecureorder.net/oil-tech');

and

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

eg. on my site: I have these

  define('HTTP_SERVER', 'http://www.sportsdepotmk.co.uk');

  define('HTTPS_SERVER', 'https://sslrelay.com/sportsdepotmk.co.uk');

  define('DIR_WS_HTTP_CATALOG', '/catalog/');

  define('DIR_WS_HTTPS_CATALOG', '/catalog/');

in both catalog and admin sections.

 

 

The general.php thing - it should work, try cut and paste the existing tep_redirect function and removing the getenv() part. You still need the existing tep_reirect function there - for all the unmodified pages (I only altered login.php to use the new function).

Link to comment
Share on other sites

Andy, and all others who contributed to resolving my saga!

 

I've made major progress today. Problem IS solved and the reason IS known.

 

To help as many people as possible here goes.

 

My problem lies with the fact that my SSL server is a SHARED server. Not knowing anything about SSL until the beginning of the week, I didn't know I really need my own SSL contract for my OWN website. Without one your browser will flag the decrepancy between your site and the secure one and away go your customers!

 

A shared SSL changes how osCommerce needs to be configured to send out the correct e-mail address to your customer when you send 'Order Updates' and not truncate in my case, '/oil-tech from the return email to the shopping cart. Andy you are right on regarding the HTTPS server /oil-tech addition and this needs to be done to admin/includes.configure.php.

 

define('HTTPS_CATALOG_SERVER', 'https://secure47.mysecureorder.net');

 

The above is correct for a dedicated SSL, but not for a shared SSL, in my case I need

 

define('HTTPS_CATALOG_SERVER', 'https://secure47.mysecureorder.net/oil-tech');

 

I made this small change and now 'Order Update' emails are correct.

 

As far as the 404 at the end of the transaction is concerned, for all my hair pulling, this IS a server issue, again shared SSL related and is corrected by your HOST.

I now know this as I switched hosts just to purchase a service that has osCommerce turn key. Expecting no issues I was taken aback when exactly the same issues surfaced. Different this time for me was a host that knows exactly what to do and did it.

 

Here is some of his reply, and THANK YOU Michael.

 

"There were a couple of problems. Basically the problem is purely path related. Both the 404 error and the email path problem were related to how osC constructs paths.

 

First, the 404 error was fixed by properly addressing the shared SSL server. That was the problem on your original host.

 

Second, the email issue was corrected by changing the HTTP SERVER path in the admin/includes.configure.php file to correctly address the shared SSL server.

 

The reason it was failing on our first install is because we were in the middle of an upgrade and the paths had not been updated. The problem is purely in the path construction in the configure.php files."

Link to comment
Share on other sites

I just want to say 'THANK YOU!' to Ogrady for going through what he did. I just started setting up my osCommerce today and was having the exact same problems but his hard and this thread saved me hours (if not days!) of heartache!

 

Thank you so much for detailing your solution and everything!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...