SSL warning in admin after upgrade to 1.5.4

[earmsby]

Hello,

I successfully (almost) upgraded a client's zencart from 1.5.3 to 1.5.4 over the weekend. All appeared fine but we are seeing the warning:

ALERT: For security reasons, Editing of this module is disabled until your Admin is configured for SSL.

in payment modules.

I know that usually this would indicate that "ENABLE_SSL_ADMIN" was set to false or that "HTTPS_SERVER" or "HTTPS_CATALOG_SERVER" was incorrectly set. I have checked that these values are all correct in admin/includes/config.

I did notice that the client's SSL certificate has a yellow triangle instead of the green padlock and that the cert is using older encryption (SH1). Would that kind of thing cause the alert to show in admin>payment modules?

I have already let the client know that they should work with their hosting company to address the SSL issue I'm seeing but I was curious whether this will "fix" the issue in zen cart or whether the two things are coincidental.

Thoughts? (and thanks!)

[earmsby]

I should add that the SSL cert has not changed since prior to the upgrade to v1.5.4 and that this error was not showing prior to v1.5.4 (was on 1.5.3 before) So I was wondering whether something in the latest version detects a problem with the SSL cert and throws the alert to prevent a security problem.

[DrByte]

It's simple (and explained in the configure.php file):

For the Admin, to make the entire Admin operate in SSL, change the HTTP_SERVER define from http://yoursite.com to https://yoursite.com.
Yes, that's defining HTTP_SERVER with an https URL.
Just for the admin file.

[earmsby]

Thanks Dr. Byte. I will change that and see if that solves it. I think I knew that somewhere but forgot! :)

[earmsby]

Yup. That was it. Still reccomending the client update their SSL cert though. :)