SSL Setup Options

[Jeff]

Hello

Trying to setup SSL on a shared web hosting platform. I have setup SSL to true in the configure.php file and added the https path as given to me by my web host, but when I select to go to checkout it throws up an internal server error with a URL path of https://www1.securesiteserver.co.uk/reconne...ut_shipping.php

CODE

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
  define('HTTP_SERVER', 'http://www.reconnectingu.co.uk'); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', 'https://www1.securesiteserver.co.uk/reconnectingu/login.php'); // eg, https://localhost - should not be empty for productive servers
  define('ENABLE_SSL', true); // secure webserver for checkout procedure?
  define('HTTP_COOKIE_DOMAIN', 'www.reconnectingu.co.uk');
  define('HTTPS_COOKIE_DOMAIN', 'www.reconnectingu.co.uk');
  define('HTTP_COOKIE_PATH', '/');
  define('HTTPS_COOKIE_PATH', '/');
  define('DIR_WS_HTTP_CATALOG', '/');
  define('DIR_WS_HTTPS_CATALOG', '/');
  define('DIR_WS_IMAGES', 'images/');
  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

Any help much appreciated.

Thanks,
Jeff

[FWR Media]

Hello

Trying to setup SSL on a shared web hosting platform. I have setup SSL to true in the configure.php file and added the https path as given to me by my web host, but when I select to go to checkout it throws up an internal server error with a URL path of https://www1.securesiteserver.co.uk/reconne...ut_shipping.php

CODE

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
  define('HTTP_SERVER', 'http://www.reconnectingu.co.uk'); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', 'https://www1.securesiteserver.co.uk/reconnectingu/login.php'); // eg, https://localhost - should not be empty for productive servers
  define('ENABLE_SSL', true); // secure webserver for checkout procedure?
  define('HTTP_COOKIE_DOMAIN', 'www.reconnectingu.co.uk');
  define('HTTPS_COOKIE_DOMAIN', 'www.reconnectingu.co.uk');
  define('HTTP_COOKIE_PATH', '/');
  define('HTTPS_COOKIE_PATH', '/');
  define('DIR_WS_HTTP_CATALOG', '/');
  define('DIR_WS_HTTPS_CATALOG', '/');
  define('DIR_WS_IMAGES', 'images/');
  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

Any help much appreciated.

Thanks,
Jeff

The top four should probably be: -

CODE

  define('HTTP_SERVER', 'http://www.reconnectingu.co.uk'); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', 'https://www1.securesiteserver.co.uk/reconnectingu'); // eg, https://localhost - should not be empty for productive servers
  define('ENABLE_SSL', true); // secure webserver for checkout procedure?
  define('HTTP_COOKIE_DOMAIN', 'www.reconnectingu.co.uk');
  define('HTTPS_COOKIE_DOMAIN', 'www1.securesiteserver.co.uk/reconnectingu');

[Vger]

I'd use:

CODE

define('HTTPS_COOKIE_DOMAIN', 'www1.securesiteserver.co.uk');
define('HTTPS_COOKIE_PATH', '/reconnectingu/');

and this should be:

CODE

define('HTTPS_SERVER', 'https://www1.securesiteserver.co.uk/reconnectingu');

Why you had login.php on the end of the https pathway I don't know.

Vger

[Jeff]

I'd use:

CODE

define('HTTPS_COOKIE_DOMAIN', 'www1.securesiteserver.co.uk');
define('HTTPS_COOKIE_PATH', '/reconnectingu/');

and this should be:

CODE

define('HTTPS_SERVER', 'https://www1.securesiteserver.co.uk/reconnectingu');

Why you had login.php on the end of the https pathway I don't know.

Vger

Thanks for the replies. The login.php did confuse me, as this was what my host provided. They realised that they added the login.php on the end before correcting it for me.

I can't seem to bypass the checkout page though.

CODE

includes/configure.php

define('HTTP_SERVER', 'http://www.reconnectingu.co.uk'); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', 'https://www1.securesiteserver.co.uk/reconnectingu'); // eg, https://localhost - should not be empty for productive servers
  define('ENABLE_SSL', true); // secure webserver for checkout procedure?
  define('HTTP_COOKIE_DOMAIN', 'www.reconnectingu.co.uk');
  define('HTTPS_COOKIE_DOMAIN', 'www1.securesiteserver.co.uk');
  define('HTTP_COOKIE_PATH', '/');
  define('HTTPS_COOKIE_PATH', '/reconnectingu/');


admin/includes/configure.php


define('HTTP_SERVER', 'http://www.reconnectingu.co.uk'); // eg, http://localhost - should not be empty for productive servers
  define('HTTP_CATALOG_SERVER', 'http://www.reconnectingu.co.uk');
  define('HTTPS_CATALOG_SERVER', 'https://www1.securesiteserver.co.uk/reconnectingu');
  define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

Thank you,
Jeff

[Vger]

Turn off "Force Cookie Use" - you cannot use it with shared ssl.

Vger

[Jeff]

Turn off "Force Cookie Use" - you cannot use it with shared ssl.

Vger

Thanks Vger.

Silly question, but how do I turn off "Force Cookie Use"?

It's probably simple I know.

Thank you once again,
Jeff

[The_Bear]

In admin/configuration/Sessions/Force cookie use set to false

The_Bear

[Jeff]

In admin/configuration/Sessions/Force cookie use set to false

The_Bear

Thanks. I turned off 'Force Cookie Use' but still I cannot get to the checkout page when trying to make a purchase!!! This is really frustrating and demoralising. I guess unless you know OSCommerce inside out you could lose customers and money. I've read many solutions to this in the forums but none of them work. Turning off force cookie use allowed me to create an account but not get to checkout. I'm using shared SSL. Sorry, just feeling very frustrated with OSCommerce!!! Thanks for the advice guys, i'm trying everything but it's not working.

CODE

includes/configure.php

define('HTTP_SERVER', 'http://www.reconnectingu.co.uk'); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', 'https://www1.securesiteserver.co.uk/username'); // eg, https://localhost - should not be empty for productive servers
  define('ENABLE_SSL', true); // secure webserver for checkout procedure?
  define('HTTP_COOKIE_DOMAIN', 'www.reconnectingu.co.uk');
  define('HTTPS_COOKIE_DOMAIN', 'www1.securesiteserver.co.uk');
  define('HTTP_COOKIE_PATH', '/');
  define('HTTPS_COOKIE_PATH', '/reconnectingu/');


admin/includes/configure.php


define('HTTP_SERVER', 'http://www.reconnectingu.co.uk'); // eg, http://localhost - should not be empty for productive servers
  define('HTTP_CATALOG_SERVER', 'http://www.reconnectingu.co.uk');
  define('HTTPS_CATALOG_SERVER', 'https://www1.securesiteserver.co.uk/username');
  define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

Jeff

[Jeff]

Thanks. I turned off 'Force Cookie Use' but still I cannot get to the checkout page when trying to make a purchase!!! This is really frustrating and demoralising. I guess unless you know OSCommerce inside out you could lose customers and money. I've read many solutions to this in the forums but none of them work. Turning off force cookie use allowed me to create an account but not get to checkout. I'm using shared SSL. Sorry, just feeling very frustrated with OSCommerce!!! Thanks for the advice guys, i'm trying everything but it's not working.

CODE

includes/configure.php

define('HTTP_SERVER', 'http://www.reconnectingu.co.uk'); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', 'https://www1.securesiteserver.co.uk/username'); // eg, https://localhost - should not be empty for productive servers
  define('ENABLE_SSL', true); // secure webserver for checkout procedure?
  define('HTTP_COOKIE_DOMAIN', 'www.reconnectingu.co.uk');
  define('HTTPS_COOKIE_DOMAIN', 'www1.securesiteserver.co.uk');
  define('HTTP_COOKIE_PATH', '/');
  define('HTTPS_COOKIE_PATH', '/reconnectingu/');
admin/includes/configure.php
define('HTTP_SERVER', 'http://www.reconnectingu.co.uk'); // eg, http://localhost - should not be empty for productive servers
  define('HTTP_CATALOG_SERVER', 'http://www.reconnectingu.co.uk');
  define('HTTPS_CATALOG_SERVER', 'https://www1.securesiteserver.co.uk/username');
  define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

Jeff

Also, sorry, I've just rechecked and turning off 'force cookie use' hasn't changed anything, it's still the same as before.

Thanks,
Jeff

[Vger]

You are using a template which hardcodes pages to http, rather than being set up correctly to allow osCommerce to select which pages should be http and which should be https. You also have all of the images hardcoded to http, and when moving to https you don't get the padlock if you display the images but only get the padlock if you don't allow the "Insecure Content" (meaning the images) to be displayed.

Your configure.php files appear to be fine, and working fine if it were not for the rubbish template you are using.

I suspect that with all of the other problems caused by the template that there's a problem also with carrying the session forward.

Please don't ask us to debug a Template Monster template!

Vger

[Jeff]

You are using a template which hardcodes pages to http, rather than being set up correctly to allow osCommerce to select which pages should be http and which should be https. You also have all of the images hardcoded to http, and when moving to https you don't get the padlock if you display the images but only get the padlock if you don't allow the "Insecure Content" (meaning the images) to be displayed.

Your configure.php files appear to be fine, and working fine if it were not for the rubbish template you are using.

I suspect that with all of the other problems caused by the template that there's a problem also with carrying the session forward.

Please don't ask us to debug a Template Monster template!

Vger

Thanks for the response.

Because I never really knew about OSCommerce, I purchased a template. Had I been aware that OSCommerce and OSCommerce templates were different I wouldn't have purchased the template in the first place. I have to admit, I have gathered that templates don't appear to be favourable with OSCommerce users out there. Although due to my inexperience I can't really say. I do think templates look far more professional though.

As stated, I never realised OSCommerce templates were different from the default OSCommerce. Those I purchased the template from simply stated that it works in conjunction with OSCommerce.

Is there anyone out there who has OSCommerce template expertise? Surely, there must be many others who have used the templates and setup shared SSL other than myself.

Please don't tell me to give up this template and throw it away, i'm determined and sure there is a solution somewhere, it's just finding out and finding someone else who has conquered this problem.

Many thanks,
Jeff

[Vger]

Each template is different - and so each has their own unique coding problems.

Their good point is that the Graphic Design element can be very good, the bad point being that they are written by Dreamweaver addicts with little knowledge of PHP or osCommerce, and so they do stupid things.

I'm not saying that you should dumpt the template - but you won't get anyone to debug a whole template for free. I suggest you post in the "Request Paid Help" forum and be prepared to pay someone who knows what they are doing to sort out the mistakes.

Vger

[Jeff]

Each template is different - and so each has their own unique coding problems.

Their good point is that the Graphic Design element can be very good, the bad point being that they are written by Dreamweaver addicts with little knowledge of PHP or osCommerce, and so they do stupid things.

I'm not saying that you should dumpt the template - but you won't get anyone to debug a whole template for free. I suggest you post in the "Request Paid Help" forum and be prepared to pay someone who knows what they are doing to sort out the mistakes.

Vger

Thanks, I now see where the problem may lie. That's possibly why my first taste of OSCommerce hasn't been that positive.

Anyway, do you think the SSL may work if I set up my own cert rather than used shared SSL?

My webhost has suggested using personal SSL that provides Comodo Instant SSL Pro 128-bit with trusted logo for £100 per year. Does this seem a reasonable fee and will this get me out of the shared SSL complications as well as using my own domain name?

Either that, or he has suggested as below:-

The answer is yes you can have your own SSL cert but it has to be done using the Comodo Instant SSL Pro 128-bit with trusted logo for £100 or if you do not like this option then there is another. I can offer you a share of a dedicated server service that allows you the benefits of shared hosting (reduced cost) and dedicated (ability to set your own options and have access to a larger part of the server resource).

As you probably know once the web site gets busy you will notice a degradation of the server performance because you are competing for resource with other users. This is particularly acute for dynamic sites that require the server to process scripted code. The other problem with shared hosting is the one you have discovered when you want to set options for just your site (inability to use SSL in your case but there are others).

A dedicated server means that you get the entire resource to configure as you wish but this is an expensive option at about £1,000 - £1,500 + VAT per year. What I can offer is a dedicated server that has a limited number of users (no more than 5 in my case). This means you can set options and you are getting 20% of the server resource (worst case). The bad news is that I charge £300 + VAT per year for this service.

I'm not too sure what the going rate is for your own SSL.

Thanks,
Jeff

[Vger]

I'm not too sure what the going rate is for your own SSL

We provide the Dedicated IP Address (necessary to run a full ssl certificate on a shared server), plus the Comodo SSL Cert with Site Seal for £95.00 a year - but that's only for people hosted with us.

You may have a problem with the way they set up their shared ssl, but I doubt it. If that was the cause of the problem it would hit you as soon as you clicked on any https link and not when part-way through checkout.

My guess remains as before - the template!

A dedicated server means that you get the entire resource to configure as you wish

A brand new website has no record of how much bandwidth it will require each month, so to suggest a dedicated server, or a part share of one is total overkill - and would do nothing to solve the problem you are having.

Vger

[Jeff]

We provide the Dedicated IP Address (necessary to run a full ssl certificate on a shared server), plus the Comodo SSL Cert with Site Seal for £95.00 a year - but that's only for people hosted with us.

You may have a problem with the way they set up their shared ssl, but I doubt it. If that was the cause of the problem it would hit you as soon as you clicked on any https link and not when part-way through checkout.

My guess remains as before - the template!
A brand new website has no record of how much bandwidth it will require each month, so to suggest a dedicated server, or a part share of one is total overkill - and would do nothing to solve the problem you are having.

Vger

Thanks Vger for your response.

This may require looking further into. It sounds like you say that it is the template.

The shared SSL problem occurs when I click on Checkout, it just won't go any further. Naturally, all was ok before enabling SSL.

I'm tempted to try my own cert and see if this changes anything, it may not, but you never know, computers are funny things.

It may be that I may have to go to using the default OSCommerce setup.

Thanks,
Jeff

[Alex2911]

Hi @ all

In the 2.2 maybe you have to change some pieces of code in the application_top.php too.

if (($HTTP_X_FORWARDED_HOST == 'YOURSSLDOMAIN.COM') || (getenv('HTTPS') == 'on')){
$request_type = 'SSL';
} else {
$request_type = 'NONSSL';
}

[FWR Media]

Hi @ all

In the 2.2 maybe you have to change some pieces of code in the application_top.php too.

if (($HTTP_X_FORWARDED_HOST == 'YOURSSLDOMAIN.COM') || (getenv('HTTPS') == 'on')){
$request_type = 'SSL';
} else {
$request_type = 'NONSSL';
}

Good point by Alex2911

CODE

https://www1.securesiteserver.co.uk/reconnectingu/

The base href is indeed showing

CODE

<base href="http://www.reconnectingu.co.uk/">

I find the following usually works

includes/application_top.php

Find ...

CODE

// set the type of request (secure or not)
  $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

Replace with ..

CODE

// set the type of request (secure or not)
//$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
  $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

[Jeff]

Good point by Alex2911

CODE

https://www1.securesiteserver.co.uk/reconnectingu/

The base href is indeed showing

CODE

<base href="http://www.reconnectingu.co.uk/">

I find the following usually works

includes/application_top.php

Find ...

CODE

// set the type of request (secure or not)
  $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

Replace with ..

CODE

// set the type of request (secure or not)
//$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
  $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

Hi Guys,

Thanks for the advice as i'm still trying to work this out. Very tough when you lack php skills.

From your observations, am I correct to say that the following 2 points need modifying?:-

1)

In the 2.2 maybe you have to change some pieces of code in the application_top.php too.

CODE

if (($HTTP_X_FORWARDED_HOST == 'YOURSSLDOMAIN.COM') || (getenv('HTTPS') == 'on')){
$request_type = 'SSL';
} else {
$request_type = 'NONSSL';
}

2)

I find the following usually works includes/application_top.php Replace with ..

CODE

// set the type of request (secure or not)
//$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
  $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

Sorry, don't know which file

CODE

<base href="http://www.reconnectingu.co.uk/">

is located in.

Great to know there are still members out there who still try and help others even when some of the threads are a number of days old. Hope this might solve my SSL problems!!!

Jeff

[FWR Media]

Hi Guys,

Thanks for the advice as i'm still trying to work this out. Very tough when you lack php skills.

From your observations, am I correct to say that the following 2 points need modifying?:-

1)

CODE

if (($HTTP_X_FORWARDED_HOST == 'YOURSSLDOMAIN.COM') || (getenv('HTTPS') == 'on')){
$request_type = 'SSL';
} else {
$request_type = 'NONSSL';
}

2)

CODE

// set the type of request (secure or not)
//$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
  $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

Sorry, don't know which file

CODE

<base href="http://www.reconnectingu.co.uk/">

is located in.

Great to know there are still members out there who still try and help others even when some of the threads are a number of days old. Hope this might solve my SSL problems!!!

Jeff

Jeff

In my post I put

1) the file to be changed

2) The code to search for

3) The code to replace it with

I'm struggling to make it any clearer tbh.