Another Base HREF https issue

[blarney]

I have a site http://store.harc-ct.org/ that is giving me fits over the broken padlock. I've researched the forums and tried everything I can think of.

When you go to the secure address, https://harc-store.securesites.com, you get the broken padlock and the "Connection partially encrypted" error.

I'm running Zen Cart 1.3.8a with PHP Version 5.2.9 on a Linux server.

Here's what I know:

• I have other ZC's running successfully on the same server without issue.
• There is no broken lock error in the admin area so I assume the certificate is set up correctly.
• The base file shows "base href="http://store.harc-ct.org/"" even when it is supposed to be secure.
• The config file settings are:

Code:

  define('HTTP_SERVER', 'http://store.harc-ct.org');
  define('HTTPS_SERVER', 'https://harc-store.securesites.com');

  // Use secure webserver for checkout procedure?
  define('ENABLE_SSL', 'true');

• I tried swapping back to the default template to no avail.
• I WinMerged the init_file_db_names.php & html_header.php just in case they got changed without my knowledge but they are original and unmodified.

Any other suggestions or places I should check?

Thanks.

[DrByte]

Do this and report back the results: http://www.zen-cart.com/forum/showpo...87&postcount=4

[blarney]

Thanks. I sent the results to you in a private message. Will post back here if/when we figure this out.

Jim

[DrByte]

I received your PM with the details.

Your site's SSL is poorly configured.

SSL is supposed to be run over port 443, not port 80. Yours is on port 80.
SSL's protocol is "SSL", but yours is showing up as "HTTP"
Properly configured SSL will send an "HTTPS=ON" or similar SERVER parameter. Yours does not.
And, even your SCRIPT_URI parameter shows as "http://blah" when using an HTTPS URL. ie: there's NO difference in the output whether you use http or https. (save for request-time and report-port, which are irrelevant here). You can try it yourself. Just use https:// instead of http:// and vice-versa, and you'll see it.

Your server is completely hiding that it's running in SSL. As such, the system can't switch back and forth intelligently for you.

[blarney]

Thanks for the reply. However, that secure certificate works fine with a regular non-zencart file. No errors. You can run
https://harc-store.securesites.com/hello.php and the secure cert works. Port 443.

My server guy has checked the cert and deemed it a ZC issue (of course).

Something in my ZC files seems to not respond to the base href. If I change the html_header.php file to

Code:

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER . DIR_WS_HTTPS_CATALOG : HTTPS_SERVER . DIR_WS_CATALOG ); ?>" />

(with HTTPS_SERVER for both secure and non-secure) it works fine. But I don't think the base should be set that way.

Any other suggestions or things I can look at to try to track this down? I appreciate the help.

Jim

[blarney]

Hold off on more testing. My server guy thinks he found it. More details coming...

js

[blarney]

Ok, first, thanks to DrByte for your prompt help. You were right on target (once we found where that target led).
To close the loop, apparently the SSL was set up on the server for that domain and then there was a line in the apache config that shut it back down again.

Been a long day of sleuthing! Thanks again.

Jim

[DrByte]

Glad you got it sorted, and that your server guy confirmed that it was indeed a server configuration problem ... as it usually is