Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Just Got SSL & Need Help!!!!


cjtroiani

Recommended Posts

Posted

OK... Here's the issue... I would like for my whole store to run secure (all links should be secure, etc.)... EVERYTHING... But when SSL is on, I get messages about mixed content and lose my lock... What do I do?!

 

And yes, I have an SSL cert...

 

Thanks in advance!

Posted

What's the url?

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted

The first thing I do when someone has a problem like this is look at the source and search on 'http:' looking for images that are linked from a non secure site. That's mixed content.

 

><img src="http://www.chaosstreetwear.com/hcl/inc/skins/default/images/lh/initiate.gif"

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted

Links don't matter, they don't import data to the page. img source does.

 

Why do you want to run under https all the time anyway?

 

osC is quite well set up, why not take advantge of the features and use them as intended?

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted

Okay, how about my site?

 

Try this link: https://acehighsupply.com/logoff.php

 

Neither the stylesheet nor images are working. And they are not linked by using "http://".

 

I just got this SSL cert installed, and it is late, so maybe I am missing something obvious. I tried search for SSL in the forums, but since it is not four characters, I can't.

 

Oh, also, if you try to order something, OsC does not take you to a secure site to enter in the payment information. It just takes you to http, not https.

 

Is there some sort of configuration switch I have to make?

 

Sorry if there is an obvious answer - like I said, it is late :(

Posted

By the way, that link is just an example. I don't really "want" the logoff page to be secure :P

Posted

So change the configure.php file (catalog/includes/configure.php)

 

define('HTTP_SERVER', 'http://acehighsupply.com');

define('HTTPS_SERVER', 'https://acehighsupply.com');

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'acehighsupply.com');

define('HTTPS_COOKIE_DOMAIN', 'acehighsupply.com');

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted

Oops . . . like I said, I'm tired ;)

 

Thanks for the help!!

Posted

Okay, close, but not quite.

 

Now, if you change any page to https, it works perfectly. Thanks for the tip AlanR!!

 

However, when I go through the checkout process, it does not take me through a secure page. I would think that by "checkout_payment.php", the page should be directed to a secure page, but it is not. Am I still missing something to make OsC go through a secure process?

 

I have now changed the configure file:

 

define('HTTP_SERVER', 'http://www.acehighsupply.com');

define('HTTPS_SERVER', 'https://www.acehighsupply.com');

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'acehighsupply.com');

define('HTTPS_COOKIE_DOMAIN', 'acehighsupply.com');

Posted
Okay, close, but not quite.

 

Now, if you change any page to https, it works perfectly.  Thanks for the tip AlanR!!

 

However, when I go through the checkout process, it does not take me through a secure page.  I would think that by "checkout_payment.php", the page should be directed to a secure page, but it is not.  Am I still missing something to make OsC go through a secure process?

 

I have now changed the configure file:

 

  define('HTTP_SERVER', 'http://www.acehighsupply.com');

  define('HTTPS_SERVER', 'https://www.acehighsupply.com');

  define('ENABLE_SSL', true); // secure webserver for checkout procedure?

  define('HTTP_COOKIE_DOMAIN', 'acehighsupply.com');

  define('HTTPS_COOKIE_DOMAIN', 'acehighsupply.com');

Your certificate is valid only for https://acehighsupply.com not https://www.acehighsupply.com .

 

That's why I gave you the settings I did, I had checked this. You probably had a choice when you got the cert.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted

Thanks again for your continued help, AlanR.

 

I am not sure why I decided to add the "www". However, I have changed it and there still is no change. OsC does not send me to any secure pages during checkout.

 

Here is what I have in the configure.php file:

 

define('HTTP_SERVER', 'http://acehighsupply.com');

define('HTTPS_SERVER', 'https://acehighsupply.com');

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'acehighsupply.com');

define('HTTPS_COOKIE_DOMAIN', 'acehighsupply.com');

 

Is there anything else I have to change? I am really stuck right now.

 

Thanks!

Posted

You're sure you've got this?

 

define('ENABLE_SSL', true)

 

If you check the browser status line when hovering over log in the link still points to http.

 

This is unusual if you've got the catalog configure file set correctly.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted

OK... But back to my issue... The reason I want all my pages to be secure, is because I have an idAuthority account as well as an SSL that covers the user up to $10,000... Every page needs to be secure in order to supply the coverage and identity, including browsing...

 

So does anyone know how to make the entire catalog secure? (Including the category links, etc)

Posted

I know that there's a ForcedSSL contrib out there, but is there an easier way than adding the code to each and every page?

Posted

Sorry cjtroiani for taking over your topic. I thought you had your problem fixed. I will move my discussion to a new topic.

Posted
because I have an idAuthority account as well as an SSL that covers the user up to $10,000...

To sell low cost club wear?

 

You'll need to hack away or find a contibution.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted

Well that was uncalled for... I just like to make my customers feel safe with purchasing from me. It's not like I spent $800 to get the coverage...

  • 3 weeks later...
Posted

And just so everyone knows, I used to ForcedSSL contrib and hacked away at the files and everything works flawlessly. I just hate mixed content popups and they occur often if the whole site isn't SSL.

 

Still tweaking things out to make my site look better. Not that I'm trying to be too fancy. Easy layout, easy everything.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...