Checkout pages secured?

[JDog21]

I am configuring my SSL. I have secured my admin, and set the "true" setting for my checkout pages being secured, as well.

Although my admin is now secure (with https in address), simulated transactions do not result in ssl pages at any point throughout the checkout process.

I suspect this is some simple thing, but other than change my config.php file in my includes, and do not know of any other thing to do in order to secure my checkout pages....

I appreciate any help......

vers. 1.3.9a

[terraGirl]

Without a URL to test it's tricky to say.

Normally, changing /includes/configure.php is all you need to do. The key entries are:

define('HTTPS_SERVER', 'https://www.yourdomain.com'); // note the HTTPS address
define('ENABLE_SSL', 'true');

A less common issue is a template which over-rides links with http links. As long as the standard Zen Cart link function is used, you should be fine.

[DrByte]

When you make changes to your configure.php files, remember that those files are normally read-only on the server, meaning no changes will be saved unless you first make the files writable. Then upload the changes and make those files read-only again.

[JDog21]

I've checked file permissions, and I've modified admin/includes/configure.php and store/includes/configure.php for SSL

When I go to the login page for admin, there is an https in the address. Same for rest of admin pages.

When I check out, though, there is no https. in the address. All the way through, including the page where you enter a credit card number.

Can a page be protected and still not have an https in it's address? How do you check? I want the https. to be there. I want customers to see it.

Can being in test mode with authorize.net have something to do with this?

Could GoDaddy have set up the SSL incorrectly?

[DrByte]

When I check out, though, there is no https. in the address. All the way through, including the page where you enter a credit card number.

What about the store login page?

Can a page be protected and still not have an https in it's address?

No.

Can being in test mode with authorize.net have something to do with this?

Not at all.

Could GoDaddy have set up the SSL incorrectly?

Maybe. Wouldn't be the first time.
But that may have nothing to do with the problem you're reporting.


How EXACTLY are you going about editing the /includes/configure.php file on your server?

[JDog21]

I figured it out.....

I simply had to stare at it long enough, and eventually it became visible......

the define the https parameter had http://myssite.com

I just had to add an s. https://mysite.com


My mistake......I'm learning..........

[DrByte]

LOL -- I've done that too. Welcome to the club.

[wingc3]

I figured it out.....

I simply had to stare at it long enough, and eventually it became visible......

the define the https parameter had http://myssite.com

I just had to add an s. https://mysite.com


My mistake......I'm learning..........

We've all done it! It just helps us not to make the same mistake next time..

[frenchy232]

I wondering if anyone can help?

I have also purchased a dedicated SSL certificate from 1and1 and have tried to follow the steps as described above, (just for admin at the moment). When I now go to admin using Firefox I get the following error message;

This Connection is Untrusted

You have asked Firefox to connect
securely to www.mightcontainnuts.com, but we can't confirm that your connection is secure.


Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right place. However, this site's identity can't be verified.

What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.


Technical Details

www.mightcontainnuts.com uses an invalid security certificate.

The certificate is only valid for mightcontainnuts.com.

(Error code: ssl_error_bad_cert_domain)



Looking at the error message the different is the missing 'www'. However I am not sure how to fix this or even if the certificate has been set up correctly.

Here is the relavent section of my admin/includes/configure.php;

* If you desire your *entire* admin to be SSL-protected, make sure you use a "https:" URL for all 4 of the following:
*/
define('HTTP_SERVER', 'https://www.mightcontainnuts.com');
define('HTTPS_SERVER', 'https://www.mightcontainnuts.com');
define('HTTP_CATALOG_SERVER', 'https://www.mightcontainnuts.com');
define('HTTPS_CATALOG_SERVER', 'https://www.mightcontainnuts.com');

// Use secure webserver for catalog module and/or admin areas?
define('ENABLE_SSL_CATALOG', 'true');
define('ENABLE_SSL_ADMIN', 'true');


And lastly the site URL is;

www.mightcontainnuts.com/store

Any help much appreciated.

Barry.

[Tech-E]

Hi Barry

It looks like either you set up the certificate incorrectly or there is something wrong with the certificate.

It appears that the certificate is set up for mightcontainnuts.com. If you are going to use the www in the URLs, the certificate needs to be set up for www.mightcontainnuts.com.

Something is not right with the certificate, because when I change the URL to eliminate the www, I still get the warning message. That could, however, still be related to the certificate being issues for the wrong form of the URL.

Possible solutions:

See if 1 & 1 can fix the certificate issue. They many need to re-issue it to use the proper form of the URL.

or

Set up the store to use http://mightcontainnuts.com/store/ as the standard URL.

There is something strange about the images in your site. Most of them are fuzzy and hard to view. The image buttons are also hard to read. It looks like you are over-optimizing the images.