Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL Installation


Guest

Recommended Posts

I deleted the admin folder on the secure side.

 

Check your config file again for the other problem.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Wait a second. The shopping cart is not a secure section anyway.

 

Only checkout, and "your account" are.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Ran into a few problems

 

I moved my /catalog folder into my /secure directory but now can only access my cart by this link:

 

https://www.securewebexchange.com/horrormonsters.com/catalog

 

How do I set it up so I can access the catalog and admin files like:

 

www.horrormonsters.com/catalog

www.horrormonsters.com/catalog/admin

 

I saw on your site that the my account and checkout shipping links redirect to the SSL server, and the my cart link redirects to your unsecure directory. That is what im trying to accomplish.

 

I got it up and running securely on the above link but all of the pages are secure and I cannot access the unsecure files or admin folder anymore.

 

Thanks for your help Alan, im getting close to success!

 

 

Mark

Link to comment
Share on other sites

I didn't say move. :lol:

 

I said "duplicate" meaning you've got two complete copies on the server, one in public and one in private or secure.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

With shell access you can duplicate server side.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

AlanR, thanks for you help! You got me pointed in the right direction, and this was the fix to my encrypted and non-encrypted SSL pages:

 

 

backup your /includes/application_top.php (so you have a copy in case this doesn't work)

 

edit your /includes/application_top.php

 

Find this code (at around line 41):

 

CODE

// set the type of request (secure or not)

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

 

Comment out the existing getenv() command with "//" and add the following one, like so:

 

CODE

// set the type of request (secure or not)

// $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

 

Make sure you haven't got any spare lines after the last "?>" line of the code.

 

Save the file, upload it (overwrite the old file in /includes/).

 

 

Works like a charm!

Open source is great, but everyone that helps out us newbies is even greater!

 

Thank you everyone...

Link to comment
Share on other sites

I have turned on shell access from my hosting control panel

and downloaded putty.

 

I can log into my server but am not sure how to access the /secure folder and copy the catalog folder and place it in /public using putty.

 

I read up on the tutorial and know how to copy and paste text I see in the window, but am unsure of how to access these directories.

 

Thank you for your patience and excellent instructions,

 

 

 

Mark

Link to comment
Share on other sites

I was going to start a thread but seeing as this is exactly what I want to do I thought I would ask anyone why they think my SSL will not link. I am getting the 404 file not found message. This is my configuration file, your help would be much appreciated.

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.glovesrus.co.uk'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://sslrelay.com/secure1st.co.uk'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.glovesrus.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'sslrelay.com/secure1st.co.uk/secure1st/catalog');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/homepages/46/d86206271/htdocs/john/mark/glovesrus/catalog/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

BTW I have made a copy of my catalog and put it on to the SSL server.

Link to comment
Share on other sites

I still can't get this to work.

 

My hosting company gives me an SLL address to use for SLL encryption as follows:

 

https://www.sslrelay.com/mysite.com

 

It does not install any new folders on my webspace for the secure SLL.

 

So, if my site is located in the root directory (i.e. not in /catalog/, but in /.) so what should I be putting in the configure.php?

 

It seems to be going to the sllrealy.com/mysite.com during checkout, the padlock appears for a split second and dissapears again. I checked with my host and they said it should stay there and must be an error in the osCommerce config or code thats preventing it staying.

 

Any ideas?

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.mysite.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://sslrelay.com/mysite.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.mysite.com');

define('HTTPS_COOKIE_DOMAIN', 'sslrelay.com/mysite.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

Link to comment
Share on other sites

actually, looking at it. I have a secure connection (I know this because I get the warning that some items aren't secure, as well as the url address being correct for the secure connection).

 

So, it seems my only problem is the padlock not being shown. Anyone spot whats wrong?

 

Also, the message in admin says that I am NOT using a secure connection. Why is this when I quite clearly am?

Link to comment
Share on other sites

I am thinking. Would the reason the padlock is not showing be DUE TO the fact that there are non-secure items?

 

The padlock appears when this warning comes up, but when you choose to continue and show non-secure items the padlock dissapears. I am thinking that maybe this is because in effect the page is not actually secure (as the non-secure items are present).

 

What do you think?

 

cheers

Alex

Link to comment
Share on other sites

My question is very elementary and will help me sort out in my head how the shared ssl works with oscommerce. Are there acutally any files on a shared ssl directory or does oscommerce just use that address with the php to secure its pages and pulles all the files from the standard install directories?

 

So in other words do any files have to be added to the following path/url

define('HTTPS_COOKIE_DOMAIN', 'sslrelay.com/secure1st.co.uk/secure1st/catalog');

 

It might seem like a silly question. I do have one oscom running with a dedicated ssl .. but now setting up a shared and want to make sure setup goes smooth.

 

kind regards

 

Blair

Link to comment
Share on other sites

Hi!

 

I fear that it depends on how each hosting company has set up the secure server and the SSL related stuff! Browsing the forums, I noticed that there where users which had nothing to copy and other ones that had to dublicate the shop in the secure web server or in the secure directory ... !! :unsure:

Antonios

 

olympicslogo_en.gif

Link to comment
Share on other sites

my admin page says im not protected by a secure connection either. 

 

When I log into my admin panel using the https://mydomain.com/catalog/admin

 

the admin panel says I'm protected, and there is a lock in the lower right corner.

 

Now, If I go to view orders, OSC wants to switch back to http:// - WHY? There is sensitive info there that I want secured!

John Skurka

Link to comment
Share on other sites

AlanR, thanks for you help! You got me pointed in the right direction, and this was the fix to my encrypted and non-encrypted SSL pages:

 

 

backup your /includes/application_top.php (so you have a copy in case this doesn't work)

 

edit your /includes/application_top.php

 

Find this code (at around line 41):

 

CODE

// set the type of request (secure or not)

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

 

Comment out the existing getenv() command with "//" and add the following one, like so:

 

CODE

// set the type of request (secure or not)

// $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

that half works for me.. i get the padlock but i lose all my CSS and images.. :(

Link to comment
Share on other sites

that half works for me.. i get the padlock but i lose all my CSS and images.. :(

What's your url?

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...