Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL configuration Problem or .htaccess or both?


sbarrethavm

Recommended Posts

I have installed oscommerce in an oscommerce directory under my main directory. I have created an .htaccess that redirects traffic from mydomain.com to mydomain.com/oscommerce. It looks like this:

 

DirectoryIndex /oscommerce/index.php index.htm

Options +FollowSymlinks

 

I have a private ssl and a security certificate installed.

 

Now, when I go to the admin area, I enter the following path:

 

https://www.mydomain.com/oscommerce/admin/index.php I get asked for my password (via apache I believe) enter it and go to the entered URL.

 

Now when I select the pending orders from the admin box on the left:

 

I get asked for a password again and then get switched to this URL:

 

http://www.mydomain.com/oscommerce/admin/o...502e97a29cb159e

 

I am no longer in secure mode! If I go look at a credit card or something, I am not secure? Is there a way to correct this? Have I configured something incorrectly or do I need to change a path somewhere?

 

Any help would be much appreciated, thanks....steve b

Link to comment
Share on other sites

  • 3 weeks later...

Hello

 

OK before you jump all over me I have searched these forum and elsewhere for ANYthing on https SSL and it only contradicts itself or doesn't work.

 

Here my situation. We have a certificate installed and run both port 80 and 443 on the same box from the same files. In the config.php in admin I set the regular server to be the https one as recommended in these boards. Well that's nice now all the internal admin links are https. But what I REALLY DESPERATELY need is for the admin LOGIN to run over SSL so the pass never goes wirebound in clear text.

 

I have tried as per the FAQ and the user contributed. I have tried SSLRequireSSL. (server error)

also <IfModule> commands and redirects, to NO AVAIL whatsoever.

 

What happens. If you go to http://...../admin it asks for login just like before. Fine except the pass is cleartext. If you go to https://...../admin you get straight in, no password required. This is terrible.

unacceptable and horrible. How can I fix this!!!!

 

:(

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...