Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Newbie Help Needed!


mortsahl

Recommended Posts

I managed to get osCommerce 2.2MS2 working just fine without SSL (under Red Hat 7.3).

 

Now I want SSL, so I rebuilt apache, mod_ssl, openssl, php, ZendOptimizer.

 

I modified configure.php -- the relevant lines are ...

 

define('HTTP_SERVER', 'http://www.entitymachines.com');

define('HTTPS_SERVER', 'https://www.entitymachines.com/');

define('ENABLE_SSL', true);

 

I started apache with /usr/local/apache/bin/apachectl startssl

 

The generated URL is https://www.entitymachines.com/login.php?os...b906e5fd56f861f

 

When I attempt to login I get a "Cannot find server or DNS Error" from MSIE.

 

What did I miss? What else do I need to do?

 

morty

 

Thanks in advance for any help.

Link to comment
Share on other sites

SSL servers run on port 443 rather than the normal HTTP port 80. So, with the error that you're getting, I'm wondering if you built yourself a test SSL certificate and provided that was done correctly, if you modified httpd.conf and ssl.conf correctly (at least, that's how it's often split up these days)... If any of the above wasn't done, it can cause the error you're getting.

 

*edit* *snaps fingers*

Oh yeah! I forgot mention that you need to poke a hole in your firewall, if you have one, for your SSL port and make sure your routers are set up to direct your SSL port traffic to the correct machine.

Link to comment
Share on other sites

I've opened up 443 and fowarded it to the correct machine ... I get the same error in MSIE but a different one in Opera 7. Opera says "Secure Connection: Fatal Error (554)" ... then it says "The signatures of this certificate could not be verified."

 

When I did "make certificate" my actual command was "make certificate TYPE=custom".

 

I didn't make any manual changes to httpd.conf altho there are quite a few (uncommented) lines in there about SSL -- don't know what, if anything, I need to do there.

 

Again, any help would be appreciated!

 

Morty

Link to comment
Share on other sites

Well, the info in httpd.conf and ssl.conf (if you have that) can very much affect how SSL works on the system. I'd suggest looking closely at those configuration files, and referring to the Apache docs, to make sure everything is correct in there. As for the admin panel, by default it does not run in a secure mode. You need to change the configure.php file and specify https:// in the HTTP_SERVER define.

Link to comment
Share on other sites

After spending some time with Google and doing a LOT of reading, I got SSL working -- altho MSIE complains that "This certificate cannot be verified up to a trusted certification authority" .... guess I expected that.

 

At any rate, for any others that may have a similar problem, here's how I resolved it. I'm running Red Hat 7.3, so my directions are based on that assumption as well as assuming you have installed osc according to oscommerce-2.2ms2/INSTALL (building mod_ssl, php, openssl, etc.)

 

# openssl genrsa -des3 -out ca.key 1024

When prompted, type in a password

Make the certificate using the private key.

 

# openssl req -new -x509 -days 365 -key ca.key -out ca.crt

 

2) Make a Certificate Signing Request for www.kiwi.com (your name here, unless you really are kiwi)

 

# openssl genrsa -des3 -out kiwi.key 1024

 

This makes the key but it is password protected, which means you have to type in a password to start the server. To avoid this, remove the PW by writing out the key to a file and overwriting it.

 

# openssl rsa -in kiwi.key -out temp

# mv temp kiwi.key

 

Finally, make a CSR from the KEY.

 

# openssl req -new -key kiwi.key -out kiwi.csr

 

4) And sign it (do a locate and find out where sign.sh is located)

 

# ./sign.sh kiwi.csr

 

Copy the .crt and .key files to where they belong. Since you likely did a make certificate when you initially did your install, clean out the destination directories first ...

 

# rm -rf /usr/local/apache/conf/ssl.crt/*

# rm -rf /usr/local/apache.conf/ssl.key/*

# cp kiwi.crt /usr/local/apache/conf/ssl.crt/

# cp kiwi.key /usr/local/apache/conf/ssl.key/

 

Edit httpd.conf and make sure SSLCertificateFile and SSLCertificateKeyFile point to the correct files.

 

Now reboot, start Apache with

# /usr/local/apache/bin/apachectl startssl

and you should be good to go.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...