SSL suggestion

[enzo-ita]

Hi,
may be these are dumb questions but I really can't find proper answers around.
I have v1.5.4 with ssl configured.
SSL works and gets activated when logging in or checking out but is not active when browsing.

I see many sites that are automatically redirect to https even at the home page.

The questions are:
1) Is it better for some reason (and if so why) to run under https starting from home page?
2) To activate https immediately when accessing the site should I mod the includes/configure.php so that
define('HTTP_SERVER', 'http://www.mysite.it');
reads
define('HTTP_SERVER', 'https://www.mysite.it');
3) If I apply what in point 2) would this have any consequence aboutn google indexing and or adwords google merchant settings?

Thanks.
ciao from Italy
enzo

[kobra]

There is actually no reason that I can think of for your site to be under SSL the whole time as only sensitive information requires encryption and ZenCart is smart enough to envoke it when required

But the answer to your question of "How" is correct

Code:

define('HTTP_SERVER', 'https://www.mysite.it');

Will cause your site to be under SSL the whole time

[enzo-ita]

This is exactlywhat I thought.
Thanks

[DrByte]

Nevertheless, some search engines, including the big G, give better search-result ranking to sites which are entirely SSL.

If you want to make your site run entirely under SSL, there are two pieces to that:

a) Zen Cart side:
- HTTP_SERVER should use your https:// address instead of an http:// address
- ENABLE_SSL should be set to 'false' (because ENABLE_SSL is only set to 'true' when you want ZC to switch back and forth between http and https for certain secured pages)
*NOTE: Some people have reported that setting ENABLE_SSL to 'false' in this case may cause confusion to some payment module configurations which expect SSL and rely on the ENABLE_SSL setting to confirm it. Thus, in some cases it may still be wise to leave ENABLE_SSL set to 'true' even when using https on all pages.

b) Server side:
You might want to also make some Apache configurations to redirect any non-SSL URLs to the SSL equivalent. Often this is done in .htaccess. Consult your hosting company for the best way to do this on your particular server. (There are lots of possible approaches posted all over the internet, but your hosting company knows the best way for your particular server.)

[enzo-ita]

WOW!
Thank a lot!
Ciao from Italy

[enzo-ita]

I did it, and I added this to the .htaccess

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]

It seems to work prefectly.
May be is too much, but I pay for the ssl so why not use it?
Thanks again.
ciao from Italy
enzo

[enzo-ita]

I found a little problem with ssl on admin.
CKEDITOR is not loaded, whle HTML area is.
How can I fix this?
I can use HTML area, but I am used to ckeditor, so....

[kobra]

What is in your 2 configure.php files?

[enzo-ita]

Here they are.
Thanks
enzo

/*************** NOTE: This file is similar, but DIFFERENT from the "admin" version of configure.php. ***********/
/*************** The 2 files should be kept separate and not used to overwrite each other. ***********/

// Define the webserver and path parameters
// HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
// HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
define('HTTP_SERVER', 'https://www.mysite.it');
define('HTTPS_SERVER', 'https://www.mysite.it');
define('HTTP_SERVER_ALTERNATIVE', 'http://www.m.mysite.it');
define('HTTPS_SERVER_ALTERNATIVE', 'https://www.m.mysite.it');
// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'false');

/*************** NOTE: This file is similar, but DIFFERENT from the "store" version of configure.php. ***********/
/*************** The 2 files should be kept separate and not used to overwrite each other. ***********/

/**
* WE RECOMMEND THAT YOU USE SSL PROTECTION FOR YOUR ENTIRE ADMIN:
* To do that, make sure you use a "https:" URL for BOTH the HTTP_SERVER and HTTPS_SERVER entries:
*/
define('HTTP_SERVER', 'https://www.mysite.it');
define('HTTPS_SERVER', 'https://www.mysite.it');
define('HTTP_CATALOG_SERVER', 'https://www.mysite.it');
define('HTTPS_CATALOG_SERVER', 'https://www.mysite.it');

// secure webserver for admin? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_ADMIN', 'true');

// secure webserver for storefront? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_CATALOG', 'true');

[kobra]

What about the rest of these files??

And where did these come from??

define('HTTP_SERVER_ALTERNATIVE', 'http://www.m.mysite.it');
define('HTTPS_SERVER_ALTERNATIVE', 'https://www.m.mysite.it');