Results 1 to 8 of 8
  1. #1
    Join Date
    Sep 2012
    Posts
    2
    Plugin Contributions
    0

    red flag Installation of this Module is Disabled Until Your Admin Is Configured for SSL

    Installed 1.51. Upgraded from 1.39h.

    Installation appeared to go well. Made it through dbase upgrade, etc., etc.

    I'm getting the frequently mentioned "ALERT: For security reasons, Installation of this module is disabled until your Admin is configured for SSL." message on the FirstData API payment module.

    After initially connecting using a secure, SSL, connection in the admin screen, all menu selections "drop" me out of secure, into a standard connection, including menu / navigation to payments module.

    {admin}/includes/configure.php file appears to be set correctly:

    define('HTTP_SERVER', 'https://xxx.org');
    define('HTTPS_SERVER', 'https://xxx.org');
    define('HTTP_CATALOG_SERVER', 'http://xxx.org');
    define('HTTPS_CATALOG_SERVER', 'https://xxx.org');
    // Use secure webserver for catalog module and/or admin areas?
    define('ENABLE_SSL_CATALOG', 'false');
    define('ENABLE_SSL_ADMIN', 'true');

    I set and unset write permission to ensure the file got uploaded. Downloaded back to make sure the changes took effect.

    I tried removing the FirstData/Linkpoint module, as suggested in another thread. Cannot re-install because of this issue.

    I tried forcing an SSL connection by rewriting the address, with an https://. Getting the same "For Security Reasons" message.

    Suggestions?

    Arrggh!

  2. #2
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Once More - Installation of this Module is Disabled Until Your Admin Is Configure

    Quote Originally Posted by jtfindc View Post
    {admin}/includes/configure.php file appears to be set correctly:
    define('HTTP_SERVER', 'https://xxx.org');
    define('HTTPS_SERVER', 'https://xxx.org');
    define('HTTP_CATALOG_SERVER', 'http://xxx.org');
    define('HTTPS_CATALOG_SERVER', 'https://xxx.org');
    // Use secure webserver for catalog module and/or admin areas?
    define('ENABLE_SSL_CATALOG', 'false');
    define('ENABLE_SSL_ADMIN', 'true');



    Yes, that would be correct (assuming your xxx.org references are indeed correct).
    Quote Originally Posted by jtfindc View Post
    After initially connecting using a secure, SSL, connection in the admin screen, all menu selections "drop" me out of secure, into a standard connection
    Then that means your HTTPS_SERVER and ENABLE_SSL_ADMIN are correct, but your HTTP_SERVER is still not pointing to the https URL ... which is pretty much always a result of the file on the server not being uploaded/updated. Go back and check the actual file contents.

    I was thinking that the only other possibility might be an .htaccess rewrite rule, but then that would have meant your admin *login* wouldn't have been over SSL, but since you said it was, then that means .htaccess rewrite rules are unrelated here. So it must be the configure.php file contents not being uploaded.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Sep 2012
    Posts
    2
    Plugin Contributions
    0

    Default Re: Once More - Installation of this Module is Disabled Until Your Admin Is Configure

    Thanks for the quick response.

    Okay. In retrospect, substituting "xxx.org" for my actual domain, not great. I hadn't gone to that URL - or given it much thought.
    And don't, by the way. It's pretty much what you'd expect.

    That said - I've re-downloaded {admin}/includes/configure.php. Values check out as before.

    /includes/configure.php reads, in relevant part, as follows:

    define('HTTP_SERVER', 'https://xyzzy.org'); (Also not the real domain.)
    define('HTTPS_SERVER', 'https://xyzzy.org');
    // Use secure webserver for checkout procedure?
    define('ENABLE_SSL', 'true');

    Cleared cache and cookies.

    I looked at the .htaccess file in my {admin} folder. I'm no Apache guru, but I don't see anything that looks like it might force a rewrite to a secure connection. There's a block commented, "# The following makes adjustments to the SSL protocol for Internet Explorer browsers," but no general rule, s'far as I can tell.

    In the generated page source, all of the links to other pages in the menus are to "http://", not "https://"

  4. #4
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Once More - Installation of this Module is Disabled Until Your Admin Is Configure

    Two things:

    1. Your NON-ADMIN /includes/configure.php file should NOT have an https URL in your HTTP_SERVER setting, because your storefront shouldn't be https on all pages.
    But the ADMIN one does need to serve all content over SSL because your admin deals with sensitive data most of the time ... which is why the instructions only tell you to make HTTP_SERVER and HTTPS_SERVER be the same in the ADMIN configure.php file.

    2. If your /admin/includes/configure.php and /includes/configure.php files are actually correct, then you have something ELSE interfering, such as OTHER files on your server containing the same sets of define() statements but with wrong info. So that could be in your /admin/includes/local/configure.php or /includes/local/configure.php (those /local/configure.php files should NEVER be uploaded to your server), or perhaps elsewhere. Only *you* can locate those other files which are interfering with normal operation.
    A good file-comparison tool will show you what extra files are on your server. Something like WinMerge, etc. http://www.zen-cart.com/wiki/index.p...Obscure_Issues
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  5. #5
    Join Date
    Jan 2011
    Posts
    20
    Plugin Contributions
    0

    Default Re: Once More - Installation of this Module is Disabled Until Your Admin Is Configure

    Anyone who is having this same problem, as I was, I solved mine per Dr. Byte's recommendation clarification:

    1. Your NON-ADMIN /includes/configure.php file should NOT have an https URL in your HTTP_SERVER setting, because your storefront shouldn't be https on all pages.
    But the ADMIN one does need to serve all content over SSL because your admin deals with sensitive data most of the time ... which is why the instructions only tell you to make HTTP_SERVER and HTTPS_SERVER be the same in the ADMIN configure.php file.
    My admin/includes/config.php HTTP_SERVER was set at http://... INSTEAD of the correct way: https://...
    Amy

  6. #6
    Join Date
    Jan 2014
    Location
    New York
    Posts
    1
    Plugin Contributions
    0

    Default Re: Once More - Installation of this Module is Disabled Until Your Admin Is Configure

    includes/ configure.php as follows:
    / Define the webserver and path parameters
    // HTTP_SERVER is your Main webserver: eg-http://www.you_shop.us
    // HTTPS_SERVER is your Secure webserver: eg-https://www.you_shop.us
    define('HTTP_SERVER', 'http://www.you_shop.us');
    define('HTTPS_SERVER', 'https://www.you_shop.us');

    // Use secure webserver for checkout procedure?
    define('ENABLE_SSL', 'true');
    But the problem is that the linkpoint Gateway still can't recognize the SSL.
    Installation of this Module is Disabled Until Your Admin Is Configure
    (We are presently using: v1.5.0)

  7. #7
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,399
    Plugin Contributions
    87

    Default Re: Once More - Installation of this Module is Disabled Until Your Admin Is Configure

    Quote Originally Posted by Cammy2014 View Post
    includes/ configure.php as follows:
    / Define the webserver and path parameters
    // HTTP_SERVER is your Main webserver: eg-http://www.you_shop.us
    // HTTPS_SERVER is your Secure webserver: eg-https://www.you_shop.us
    define('HTTP_SERVER', 'http://www.you_shop.us');
    define('HTTPS_SERVER', 'https://www.you_shop.us');

    // Use secure webserver for checkout procedure?
    define('ENABLE_SSL', 'true');
    But the problem is that the linkpoint Gateway still can't recognize the SSL.
    Installation of this Module is Disabled Until Your Admin Is Configure
    (We are presently using: v1.5.0)
    Your admin's configure.php (/YOUR_ADMIN/includes/configure.php) needs to be set as:
    Code:
      // HTTP_SERVER is your Main webserver: eg-http://www.you_shop.us
      // HTTPS_SERVER is your Secure webserver: eg-https://www.you_shop.us
      define('HTTP_SERVER', 'https://www.you_shop.us');
      define('HTTPS_SERVER', 'https://www.you_shop.us');
    Essentially, to run the admin in SSL both the HTTP_SERVER and the HTTPS_SERVER constants must be https:// URLs.

  8. #8
    Join Date
    Oct 2005
    Location
    Hampshire, UK
    Posts
    96
    Plugin Contributions
    0

    Default Re: Once More - Installation of this Module is Disabled Until Your Admin Is Configure

    Quote Originally Posted by lat9 View Post
    Your admin's configure.php (/YOUR_ADMIN/includes/configure.php) needs to be set as:
    Code:
      // HTTP_SERVER is your Main webserver: eg-http://www.you_shop.us
      // HTTPS_SERVER is your Secure webserver: eg-https://www.you_shop.us
      define('HTTP_SERVER', 'https://www.you_shop.us');
      define('HTTPS_SERVER', 'https://www.you_shop.us');
    Essentially, to run the admin in SSL both the HTTP_SERVER and the HTTPS_SERVER constants must be https:// URLs.
    Thank you so much! I have been trying to solve this for days and days! All I needed to do was to add an 's'!!

    Works and I don't get the error now. Happy days!

 

 

Similar Threads

  1. v153 Can't login to admin after SSl was disabled, How to restore admin access?
    By alpheus in forum Installing on a Linux/Unix Server
    Replies: 8
    Last Post: 20 Dec 2014, 09:34 PM
  2. Replies: 2
    Last Post: 15 Apr 2014, 08:57 PM
  3. v150 Editing module disabled until Admin is configured for SSL
    By jar3300 in forum Upgrading to 1.5.x
    Replies: 2
    Last Post: 22 Aug 2012, 03:44 PM
  4. Editing module disabled until Admin is configured for SSL
    By boggl in forum Upgrading to 1.5.x
    Replies: 10
    Last Post: 29 Feb 2012, 09:23 PM
  5. Replies: 0
    Last Post: 29 Feb 2012, 05:29 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR