SSL Issue

**Scott_C** · 11 Jan 2010, 02:33 PM

Hi, unfortunately Im having a problem with our SSL certificate and Zen Cart.

We already have a live store and a working SSL cert here; www.crushcosmetics.com.au

Im currently moving our store over to zen cart, ive been developing it in a sub-directory here; http://www.crushcosmetics.com.au/sTor3/

The problem is, when I enable SSL in the config files, Im getting errors about the images not being secure.

Im not using absolute links, the image paths are; images/ or; ../images

The kicker is, there's a Paypal image being piped in by this link; https://www.paypal.com/en_US/i/btn/b...ssCheckout.gif - and even THAT is being reported as insecure.

Here's the code to my config files;

includes;

PHP Code:


define('HTTP_SERVER', 'http://www.crushcosmetics.com.au');

define('HTTPS_SERVER', 'https://www.crushcosmetics.com.au');



// Use secure webserver for checkout procedure?

define('ENABLE_SSL', 'true');



// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!



// * DIR_WS_* = Webserver directories (virtual/URL)

// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)

define('DIR_WS_CATALOG', '/sTor3/');

define('DIR_WS_HTTPS_CATALOG', '/sTor3/');

admin/includes;

PHP Code:


* If you desire your *entire* admin to be SSL-protected, make sure you use a "https:" URL for all 4 of the following:

   */

  define('HTTP_SERVER', 'https://www.crushcosmetics.com.au');

  define('HTTPS_SERVER', 'https://www.crushcosmetics.com.au');

  define('HTTP_CATALOG_SERVER', 'https://www.crushcosmetics.com.au');

  define('HTTPS_CATALOG_SERVER', 'https://www.crushcosmetics.com.au');



  // Use secure webserver for catalog module and/or admin areas?

  define('ENABLE_SSL_CATALOG', 'true');

  define('ENABLE_SSL_ADMIN', 'true');

My ISP informs me that the SSL cert is our own and is not shared. He suggested hardcoding all image links to include https but that seems rather clunky. (I also wonder if having all images in https would be a performance hit?)

Anyone have any ideas? Im stumped.

THanks,

Scott.

**misty** · 11 Jan 2010, 02:35 PM

He suggested hardcoding all image links to include https

Correct...any link or image on your ssl site, that is not stored in your SSL doman, will cause errors.

**Scott_C** · 11 Jan 2010, 02:38 PM

Hi, thanks for replying, I thought Zen Cart took care of images provided they had relative links? Or am I wrong?

its going to be a doozy combing through all the pages and finding which images need to be hardcoded.

**misty** · 11 Jan 2010, 02:42 PM

I thought Zen Cart took care of images provided they had relative links? Or am I wrong?

SSL certs are to show that your website is who it says it is..
the moment you start linking to websites/images outside your website/domain is when warnings occur, becuase those are outside the protection of your SSL cert...zencart does protect your files/folders/urls IF in your domain, NOT outside it.

**Scott_C** · 11 Jan 2010, 02:46 PM

Originally Posted by misty

SSL certs are to show that your website is who it says it is..
the moment you start linking to websites/images outside your website/domain is when warnings occur, becuase those are outside the protection of your SSL cert...zencart does protect your files/folders/urls IF in your domain, NOT outside it.

Ok, that makes sense then in the example of the paypal image being piped in externally...

But my images ARE inside my domain, and as mentioned above, they are not using absolute paths, they are relative..

And this is my issue; these images are being reported as insecure.

Just as a point of interest, the backend is working just fine under SSL and this includes images in the admin directory.

-Scott.

**Vger** · 11 Jan 2010, 02:48 PM

You should not hardcode any images to https pathways. Zen Cart should correctly handle images, and switch between http and https addresses for them, according to which page you are on. It appears to be doing that just fine. It's not images which are causing the problem.

It's links like these:

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>

and you've also got off-site http links to Twitter and YouTube as well.

Vger

**Scott_C** · 11 Jan 2010, 02:54 PM

THanks Vger, thats what I thought.

I was aware of the Ajax link and was getting to that

I thought the images were a problem as they are being reported in the media tab of firefox (after clicking on the padlock)

Hmmm.. maybe its just reporting the images being that are shown on the page - not that they are the culprits?

Ill try taking out the external links first and report back.

**Scott_C** · 11 Jan 2010, 02:59 PM

Taking out those links worked. Thank you.

Its interesting though, as our current live store with the same SSL cert has links to youtube etc and the checkout procedure is not breaking there... for example;

https://www.crushcosmetics.com.au/index.php

Note the youtube and twitter icons have external links.

Thread: SSL Issue

Thread Tools

Search Thread

Display

Hybrid View

SSL Issue

Re: SSL Issue

Re: SSL Issue

Re: SSL Issue

Re: SSL Issue

Re: SSL Issue

Re: SSL Issue

Re: SSL Issue

Similar Threads

SSL issue

Posting Permissions