Suddenly getting SSL Security Warning

[katco]

I have 6 images that are calling this warning when a customer tries to log in.

Yes, I have read all of the related threads about this that I could find. yes, I understand that I am supposedly having this problem because of how something is calling to a some of my images.

What I don't understand is why this was working fine a week ago and now its not. And I have looked through my codes and cannot find anything that is hard coded to these images. Totally confused by now. Thanks for any help.

*** removed URL ***
it happens when you click Log In at the top of the page.

[DrByte]

Who is your hosting company?
It appears as though they've changed something in the configuration of the shared-SSL certificate you're using, or how the server handles SSL, and now Zen Cart is no longer able to detect that the visitor is on an SSL page.

You can see proof of this by clicking your login link, then right-clicking in your browser and choosing "View Source", and look at the <base href=xxxxxxx> tag. That xxxxxx value will automatically change to your https (SSL) address if the server is properly configured. If it shows your http address instead, then the server's SSL isn't properly configured.

You need to log a ticket with them.

[katco]

Who is your hosting company?
It appears as though they've changed something in the configuration of the shared-SSL certificate you're using, or how the server handles SSL, and now Zen Cart is no longer able to detect that the visitor is on an SSL page.

You can see proof of this by clicking your login link, then right-clicking in your browser and choosing "View Source", and look at the <base href=xxxxxxx> tag. That xxxxxx value will automatically change to your https (SSL) address if the server is properly configured. If it shows your http address instead, then the server's SSL isn't properly configured.

You need to log a ticket with them.

Thank you! I KNEW that was the problem in some way or another. I already opened a ticket with them but they insisted it was on this end. Now that I have your info to share with them, hopefully they will get this fixed for me.

Again thanks!

[katco]

Can you tell me if you think it is possible that this could have anything to do with a change in PHP? That's the only thing that has really changed that I know of and they are tellling me that there has been no changes in the shared cert on their end.

[DrByte]

PHP change, maybe.
Apache change, definitely.

[DrByte]

I really hate having to teach hosting companies how to configure their servers. Especially when it comes to SSL. If they can't do it right, they ought not to be doing it in the first place.

This post has a tool they can use to keep testing things to determine when they've fixed the problem they created: http://www.zen-cart.com/forum/showpo...87&postcount=4

[katco]

Is that something that I can use too? Can I try it before I send it to them, or could I mess up something with it?

Thank you!

[DrByte]

You can certainly try it yourself.

If it's working properly, when you access it using an https URL it should say Protocol: SSL. Otherwise it'll say Protocol: NONSSL.

I might suggest putting the file in your /extras/ folder, and maybe giving it a slightly different filename, just so snoopers don't go using the file and gleaning information about your server that they've got no business knowing.

[katco]

Or I could just delete it when I am done? I usually dont leave stuff like that on my server.....

[DrByte]

Or I could just delete it when I am done? I usually dont leave stuff like that on my server.....

most definitely ... it should never be left on the server
use it only when needed