Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19
  1. #11
    Join Date
    Jan 2004
    Posts
    60,160
    Blog Entries
    4
    Plugin Contributions
    49

    Default Re: More SSL Issues After Server Upgrade

    I'm getting no issues when adding to cart from a non-SSL page, using Safari 5.1 on mac.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donations always welcome: www.zen-cart.com/donate

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.



  2. #12
    Join Date
    Feb 2011
    Posts
    130
    Plugin Contributions
    0

    Default Re: More SSL Issues After Server Upgrade

    Thank you for checking. Could it be my machines? Am using a PC and a mac and it happens in SeaMonkey on the PC, and Safari on the Mac, have cleared the caches and restarted many times, is there something else I can do? If it's just my machine, that would be great news. Thank you again for your help.

  3. #13
    Join Date
    Feb 2011
    Posts
    130
    Plugin Contributions
    0

    Default Re: More SSL Issues After Server Upgrade

    Still not resolved - if I have an url directly to a product, I can change it to https and the product will open up in the store listing. If I click on the item to the larger/detailed view, it switches to http. On the 'click here for more information' link, it also says http. Host tells me to convert all my links to https, which I've previously done, however, the problem is opening the https link in some browsers. That is where the security error kicks in. If the SSL is correctly installed and all is well, shouldn't the back and forth from http/https be seemless to the customer or am I misunderstanding somewhere?

    Tested the browsers that give security errors with an url that is https, such as bank. No problem, the https site opened right up, was able to login, no security messages anywhere. Should have thought to do that from the beginning, to me that seems to indicate the problem is the store/SSL configuration, not the browser's ability to handle https.

    In light of that, I found some further info, hoping it will help:

    "The web site is using a trusted SSL certificate but it is missing a chain/intermediate certificate. Most trusted certificates require that you install at least one other intermediate/chain certificate on the server to link your certificate up to a trusted source."

    And a very good link here, http://blog.alagad.com/2005/10/31/ge...rity-messages/ , that looks promising, but is way over my head.

    Would a re-install of the SSL take care of the authority chain problem if it is the cause?

    I will provide the info to host that other https sites work ok on the browser. Would be most grateful for any further ideas, links or info to be able to provide them.

    Thank you again.

  4. #14
    Join Date
    Jan 2004
    Posts
    60,160
    Blog Entries
    4
    Plugin Contributions
    49

    Default Re: More SSL Issues After Server Upgrade

    Quote Originally Posted by sparrowce View Post
    if I have an url directly to a product, I can change it to https and the product will open up in the store listing.
    Okay. Not usually much point in doing that, but it's interesting to note merely as a troubleshooting step.
    Quote Originally Posted by sparrowce View Post
    If I click on the item to the larger/detailed view, it switches to http.
    Entirely normal, and entirely expected.
    Quote Originally Posted by sparrowce View Post
    On the 'click here for more information' link, it also says http.
    Entirely expected.
    Quote Originally Posted by sparrowce View Post
    Host tells me to convert all my links to https
    That's overkill, unless all your product pages contain highly sensitive information that must always be encrypted both ways (to the customer's browser and back again to your server) ... which is *extremely* rare on *product* pages.
    Quote Originally Posted by sparrowce View Post
    however, the problem is opening the https link in some browsers. That is where the security error kicks in. If the SSL is correctly installed and all is well, shouldn't the back and forth from http/https be seemless to the customer or am I misunderstanding somewhere?
    If the SSL cert is properly installed and your store is properly configured, then yes it should go back and forth just fine without errors. Zen Cart will use SSL only on login/account and checkout pages.

    Quote Originally Posted by sparrowce View Post
    In light of that, I found some further info, hoping it will help:

    "The web site is using a trusted SSL certificate but it is missing a chain/intermediate certificate. Most trusted certificates require that you install at least one other intermediate/chain certificate on the server to link your certificate up to a trusted source."
    And what has your hosting company said in response to that?
    Quote Originally Posted by sparrowce View Post
    Would a re-install of the SSL take care of the authority chain problem if it is the cause?
    Maybe. It depends who's doing the install and how much permission they have on the server. Your server's main administrator should be well-skilled in that area and know exactly what to do with the message you posted.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donations always welcome: www.zen-cart.com/donate

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.



  5. #15
    Join Date
    Feb 2011
    Posts
    130
    Plugin Contributions
    0

    Default Re: More SSL Issues After Server Upgrade

    Quote:
    Originally Posted by sparrowce

    In light of that, I found some further info, hoping it will help:

    "The web site is using a trusted SSL certificate but it is missing a chain/intermediate certificate. Most trusted certificates require that you install at least one other intermediate/chain certificate on the server to link your certificate up to a trusted source."
    And what has your hosting company said in response to that?
    No answer to that, it was not addressed, only re-iterated that the SSL was installed correctly, and it's true, those web tests I mentioned previously also agree the SSL seems to be installed correctly but it does not make sense to me that another https site would work fine and this not on some browsers.

    So I took a different path and called RapidSSL support. They also said the SSL was installed correctly, but when I asked them about the chain situation, they said I might want to try re-issuing the SSL, if I'm understanding them right. They said re-installing might not clean everything out, but re-issuing would overwrite and apply the right chains. When I try to explain what they said, I can see I need to go back and get more understanding before attempting anything so critical and also will discuss with host before attempting.

    Hope this makes sense, and thank you for your help.

  6. #16
    Join Date
    Oct 2006
    Location
    Alberta, Canada
    Posts
    4,151
    Plugin Contributions
    0

    Default Re: More SSL Issues After Server Upgrade

    Installing an SSL Cert requires 3 files. Sounds like you have the first two but are missing the third - CA.crt (Certificate of Authority). Ask your Hoster if they installed the CA.crt that came with your SSL Cert. That is presuming you purchased the SSL Cert and sent it to your Hoster for installing.
    The learning is in the doing.

    Potent Products

  7. #17
    Join Date
    Feb 2011
    Posts
    130
    Plugin Contributions
    0

    Default Re: More SSL Issues After Server Upgrade

    Thank you, will do that and report back. Don't know the answer to your last sentence, it was purchased through host, and I recall doing what was sent by RapidSSL at the time, and will check with them.

  8. #18
    Join Date
    Feb 2011
    Posts
    130
    Plugin Contributions
    0

    Default Re: More SSL Issues After Server Upgrade

    Update, based on feedback here, I checked with RapidSSL, they provided potential solution and host is in process of installing, if anyone bumps into this type of thing, below might help, presumably depending on SSL company. It looks like there are times things can look right and still not be right!

    Thanks to all for the help and ideas.

    (From RapidSSL Support)

    The certificate is passing our SSL checker tool. Its properly installed, however older clients/browsers/machines which do not have our new root "Geotrust global ca" will not trust the current certificate path.

    Instead of a reissuance, simply install our cross-root intermediate, which is included in the "bundle"

    This will chain the certificate back to the previous Equifax root.

    Get the bundled intermediate (for Apache) here: https://knowledge.rapidssl.com/suppo...ewlocale=en_US

    Ask the host to replace the current intermediate file with this file and restart apache.

  9. #19
    Join Date
    Feb 2011
    Posts
    130
    Plugin Contributions
    0

    Default Re: More SSL Issues After Server Upgrade

    All is well now, confirming after host installed cross-root intermediate and restarted apache server, no more security errors on either browser. Hope this will be helpful if someone else comes across similar issue, thank you!

 

 
Page 2 of 2 FirstFirst 12

Similar Threads

  1. WHat are known MOd issues with 1.3.9b upgrade?
    By kevinmc3 in forum Upgrading from 1.3.x to 1.3.9
    Replies: 1
    Last Post: 11 May 2010, 02:54 PM
  2. Server upgrade compatability issues
    By Katsleen in forum Upgrading from 1.2 to 1.3.x
    Replies: 2
    Last Post: 8 Jan 2010, 05:19 AM
  3. Upgrade Issues
    By tracyselena in forum Upgrading from 1.2 to 1.3.x
    Replies: 0
    Last Post: 3 Feb 2007, 03:28 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •