ssl problems

[christinefred]

I am blind and clueless and confused!
I'm getting the "This page contains both secure and nonsecure items... " as well as the issue of not being able to log on as a customer - security warning.
I have a shared ssl certificate from my host. I have another site with them where I have encountered no problems although I see that the shared address is slightly different.
I have just changed my configure.php files reflecting the shared certificate url that my host supplied.
As far as I can see (although feeling very blind) I have the images correct and secure......??
The thing I do notice is that the page source reveals that the
<base href="http://name of shop here/" /> I notice there is no https
Having spent the day trying to read forums etc. I am offically embarrassed and confused.

I am using v1.3.9f and my site can be viewed as below url under /store

Please help


// Define the webserver and path parameters
// HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
// HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
define('HTTP_SERVER', 'http://www.e-urns.com.au');
define('HTTPS_SERVER', 'https://shared certificate name/~eurns');

// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'true');


*/
define('HTTP_SERVER', 'http://www.e-urns.com.au');
define('HTTPS_SERVER', 'https://shared certificate name/~eurns');
define('HTTP_CATALOG_SERVER', 'http://www.e-urns.com.au');
define('HTTPS_CATALOG_SERVER', 'https://shared certificate name/~eurns');

// Use secure webserver for catalog module and/or admin areas?
define('ENABLE_SSL_CATALOG', 'false');
define('ENABLE_SSL_ADMIN', 'false');


Thanks for anyone to view and help!!!!!!!!

[frank18]

Check your configure.php files and this thread:

http://www.zen-cart.com/forum/showthread.php?t=147054

Also check that your images are being called via https and not via http

[christinefred]

Thank you - I have read this thread but am still non the wiser about the secure, unsecure message or about the 'there was a security issue' warning on log in - still not able to log in when I have 'true' in the config php. If "false" log on is successful.
Any other suggestions????

[schoolboy]

The "insecure item" warning is generated by the brower on the visitor's computer, and is a result (usually) of there being an ABSOLUTE URL embedded on the zencart SSL page.

So, for example, if you have a sidebox of some sort that is calling a resource (perhaps an image) from an absolute URL - ie: http://www.thiswebsite.com/images/picture.jpg - when that sidebox renders on a zencart SECURE page - https://... there will be one element on your SSL page that is coming from a http source, and not a https source.

To find out what element is causing this, when the browser asks if you want to display the insecure element, choose NO, and then load the page.

The "rogue" element will not display, or show up as a place-holder icon.

You can then fix the issue by either removing that absolute URL, (changing it to https://..). or putting the element in your folder(s) and calling using a RELATIVE URL rather than an ABSOLUTE URL.

You can only change the absolute URL to https, if the remote server offering the element is itself https.

[christinefred]

Hi. I am using v1.3.9f. I changed to configure files for shared ssl and am now having all sorts of problems!
my site is here
On trying to check out, I get the 'whoops. your session has expired' message
On log in, it just loops back to the main page without logging in
On supposed 'secure' pages it shows the ' secure and non secure items' message. If select show only secure, I loose everything except the basic text.

I have changed the configure.php files -
includes/configure.php

define('HTTP_SERVER', 'http://www.domain name);
define('HTTPS_SERVER', 'https://confirmed shared cert address/~eurns');

// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');

also admin/includes/cofigure

define('HTTP_SERVER', 'http://www.domain name);
define('HTTPS_SERVER', 'https://shared cert adress which I confirmed~eurns');
define('HTTP_CATALOG_SERVER', 'http://www.domain name);
define('HTTPS_CATALOG_SERVER', 'https://shared cert adress which I confirmed~eurns');

// Use secure webserver for catalog module and/or admin areas?
define('ENABLE_SSL_CATALOG', 'true');
define('ENABLE_SSL_ADMIN', 'true');

I have viewed the page source but cant see if there are any hard coded links that shouldnt be there.
I notice that the base href is not https
Have read forum and found DrBytes ssltest file, tried that but it didnt do anything. There was no output.
Don't know what to try next and am going cross eyed searching the forums
Any help would be appreciated!!

[kobra]

Don't know who your hosted wiith or your business intentions?
A private ssl cert looks much more professional, takes away these issues and can be purchased for about $15 USD or $1.25/mo
How much is your time worth?

May be that your host will charge you to install if not purchased through them?? And this could make it something for later

[christinefred]

Thanks I will look into a priv cert. I do have another site with my host using the shared cert and have no problems so I am thinking it might be something I have done. My hosts are very fast with their support and willing to help as long as it is not a coding prob.

[christinefred]

just tested the cert in a fresh download of v1.3.9g with no changes apart from the includes/configure file

STILL cannot check out - goes to whoops session expired

tested the url for the shared certification
https://aus36.unlimited-space.com/~eurns
and that went to the page

will look at getting my own but would like to get this working in the mean time

Any suggestions
thanks

[kobra]

Try downloading a new copy of your configure.php file and inspect it's contents....

Might be that you believe you uploaded an edited one BUT if permissions are set to 444 it can not be overridden

[christinefred]

Thanks but i already did that and also sent a copy to my hosting comp who confirmed that they were correct.

It is not working in my orginal v1.3.9f
or the classic template there
or the fresh download of v1.3.9g

does that indicate that is an issue with my web host even though the https url took me to my home page

I am CONFUSED