Enable SSL

[firstcapitalfirearms]

I am wanting to know if I have to enable my private SSL certificate in the Admin on ZC. I edited the two configure.php files and uploaded them. I only ask because when I go to Dr. Bytes MYSql Backup I get the message that states "NOTE: You do not have SSL enabled. Any downloads you do from this page will not be encrypted. Doing backups and restores will be fine, but download/upload of files from/to the server presents a security risk.".

Any help is greatly appreciated.

Thanks
Mark

[kobra]

Post your admin configure.php file leaving out the database details

[DrByte]

If you want your entire admin to run under SSL protection, copy your HTTPS_SERVER value to your HTTP_SERVER value in your admin configure.php file.
This is explained inside that file if you built it using v1.5.0 or newer. It's also explained in fine print in this FAQ article on setting up SSL: http://www.zen-cart.com/content.php?...alled-zen-cart

But, if your concern is just that you're getting that warning, then read the warning and understand that doing backups will be fine. The problem it's referring to is only triggered if you attempt to download a copy of the backup by clicking the download link on that page, since that download would not be done over SSL if your admin isn't entirely in SSL. The other alternative is to make sure your FTP is running in secure mode and download it that way instead. Your hosting company can help you make sure your FTP is encrypted.

[firstcapitalfirearms]

Thanks for the help, I made my whole admin SSL which is what I wanted to do. I do have another question about SSL. On the catalog site how do I make the whole site SSL secured if possible. I can type https://www.firstcapitalfirearms.com and it shows it is secure but as soon as I click on anything it is not secure anymore.

Thanks
Mark

[kobra]

the catalog site how do I make the whole site SSL secured if possible

You do not want to do that because it will slow your site down - having all data encrypted

ZenCart is smart enough to switch to https when sensitive info is to be exchanged

Try selecting login (assumes you have ssl = true in the store side configure.php file)

[firstcapitalfirearms]

Thanks. I am currently having trouble logging in to my admin now. I keep getting the error message "There was a security error when trying to login.
Sorry, your new password was rejected. Passwords must contain both letters and numbers, must be at least 7 characters long, and must not be the same as the last 4 passwords used. Passwords expire every 90 days, after which you will be prompted to choose a new password". I have tried requesting a new password and everything that I enter for a new password I keep getting the above message. I am not sure what I did if anything. How do I get back into my admin since I have tried to create numerous new passwords and keep getting the same above message.

[DrByte]

On the catalog site how do I make the whole site SSL secured if possible.

WHY do you believe you need that?
Is there something specifically confidential being displayed or collected on your site that requires encryption at all times? If not, Zen Cart already uses SSL on pages that handle sensitive information.

(Hint: to do it requires that you do the same step as you did in your admin file ... but it would be very useful to understand why you think you need it on YOUR site.)

[DrByte]

Thanks. I am currently having trouble logging in to my admin now. I keep getting the error message "There was a security error when trying to login.
Sorry, your new password was rejected. Passwords must contain both letters and numbers, must be at least 7 characters long, and must not be the same as the last 4 passwords used. Passwords expire every 90 days, after which you will be prompted to choose a new password". I have tried requesting a new password and everything that I enter for a new password I keep getting the above message. I am not sure what I did if anything. How do I get back into my admin since I have tried to create numerous new passwords and keep getting the same above message.

If that message appeared WITHOUT you first requesting a password reset by email, then it means it is ASKING you to CHANGE your password for one of various reasons. Simply provide your previous password and then choose a new password by typing it in twice where requested, following the rules for what passwords must contain.
Then for all future logins you will then use that new password to gain access.

[firstcapitalfirearms]

No, there is nothing confidential. I just thought the whole site had to be SSL secured. I can't even login to my admin right now though please read the above problem.

[DrByte]

No, there is nothing confidential. I just thought the whole site had to be SSL secured.

No. As long as you've configured Zen Cart to know what the correct SSL details are, it will automatically enable SSL on login/checkout/my-account pages, since those are where sensitive information is handled: http://www.zen-cart.com/content.php?...alled-zen-cart