Results 1 to 7 of 7
  1. #1
    Join Date
    Feb 2008
    Posts
    6
    Plugin Contributions
    0

    Default v1.3.7.1 - is it possible to enable SSL ??

    Hello,

    I use 1.3.7.1 version of Zen Cart. Is it possible to enable SSL (https...) in this version? Can I use this tutorial? https://www.zen-cart.com/content.php...alled-zen-cart

    Thank you.

  2. #2
    Join Date
    Nov 2007
    Location
    Sunny Coast, Australia
    Posts
    3,443
    Plugin Contributions
    9

    Default Re: Zen Cart 1.3.7.1 - is it possible to enable SSL ??

    Quote Originally Posted by moskyt View Post
    Hello,

    I use 1.3.7.1 version of Zen Cart. Is it possible to enable SSL (https...) in this version? Can I use this tutorial? https://www.zen-cart.com/content.php...alled-zen-cart

    Thank you.
    Ummmm.... you are using ZC 1.3.7.1 ????

    You are leaving yourself wide open to malicious subjects, regardless of SSL or not.

  3. #3
    Join Date
    Jan 2007
    Location
    Australia
    Posts
    6,186
    Plugin Contributions
    7

    Default Re: Zen Cart 1.3.7.1 - is it possible to enable SSL ??

    Quote Originally Posted by moskyt View Post
    I use 1.3.7.1 version of Zen Cart. Is it possible to enable SSL (https...) in this version? Can I use this tutorial? https://www.zen-cart.com/content.php...alled-zen-cart
    Yes, sure it is. SSL is *server* related, not *application* related. Zencart being an application. Those instructions will work - but there is a *far* easier method to SSL enable your site.

    The problem is - I don't wish to start yet another public war/argument about it

    All I can say if that you can do it the 'hard' way (follow the zencart official instructions) - or you can do it the *easy* way.

    This thread
    https://www.zen-cart.com/showthread.php?221807
    ... contains the easy method - fully SSL enabled - meets all current SSL requirements and standards - Doesn't require the purchase, creation or installation of any SSL certificates, doesn't need a dedicated IP address - and for good measure will increase your site load times, reduce bandwidth, provides resilience against DNS failures - provides protection against many forms of hacking, and costs absolutely nothing.

    Alas, some folk have chosen to place a 'spin' on things and indicate that there are problems that don't exist, or have 'personal reasons' for not adopting my suggestions (probably because I'm an arrogant opinionated bistard, and they would argue with me over the colour of a white picket fence) so you may find it difficult to get past this when reading the thread.

    I'm hoping that if you follow the instructions *I've* given in various posts in the thread, you won't have any problems - but if you do find it a little much, please PM me, and I'll repeat the relevant instructions. - Nah fckit......

    If you trust that I'm doing this for your benefit, and that I am not gaining a single thing out of this. Do this.

    1) Go to cloudlfare.com and create an accoumt,
    2) Add your domain name to the account.
    3) When instructed (by cloudflare) go to the *registrar* for your domain name (may or may not be the same as your webhost), and delegate the domain name to the cloudflare servers. DO NOT CHANGE DNS RECORDS. RE-DELEGATE ONLY.
    4) Go back to cloudflare and wait (a few minutes - tops) for your DNS records to appear in the cloudflare DNS records.
    5) Ensure that your domainmame and the 'www' record have an 'orange cloud' - If other records (such as mail or ftp) have an orange cloud - click on them so they turn 'grey'
    6) point your web browser to https://yourdomain.com

    At this point you will either see your site just as it always has been, but this time, it will indicate it is either fully secure or partly insecure. The important thing being that the site will load (probably a little faster) just as it always has done.

    7) using FTP or the cpanel file manager locate the two zencart config files (one for the cart, one for the admin) - load them into a *text* editor, and change the lines
    define('HTTP_SERVER', 'http://yourdomain.com'
    to
    define('HTTP_SERVER', 'https://yourdomain.com'

    Save the changes - Your site will now be fully enabled with 'SSL everywhere' (as well as the other benefits I've mentioned)

    If you get an 'SSL warning' when browsing your site at this point, it will be due to 'hard coded' links to 'http://' content -- You now have two choices - you can either identify these links and change them to 'https://' (which at this stage is my recommendation) OR, you can log back into cloudflare, find the setting 'automatic https rewrites' and set to 'on'
    The only reason I don't recommend this option at this stage is because I haven't used it on enough sites to allow me to say with 100% confidence that it will solve the issue without any unforeseen fallout) . It is a relatively new option, so I don't want to recommend something that I wouldn't be confident in using myself).

    This entire process will probably take less than 15 minutes.

    I will *not* involve myself in any further discussion about any of this in this thread.

    Should you happen to run into any problems (and I can't see any reason why you should) or if you have any further questions - please PM me.

    I *promise* that I will see you through to the conclusion of this so that your site is fully SSL enabled, to the satisfaction of the Google/Chrome requirements - even if I have to do everything for you. No charge, Nothing expected in return. The reason for this seemingly generous offer - is because I know that everything I claim is true, On my own, I can't seem to convince the detractors of the benefits on offer here, so my hope (now) is that if I can 'convert' as many folk as I can to appreciate the benefits are *real* - with *zero* negative consequences - then *perhaps* our numbers (with your help) will have them having second thoughts about their preconceived ideas, so that in future I can avoid the current 'debates' on the matter - which is actually taking up far more of my time than if I made this same offer and 'converted' a 100 sites for a hundred different people. On my own, I am (apparently) unconvincing. With a 100+ us, all being convinced the benefits are real then they *may* listen, and in the long term, is going to save me a lot of time and frustration.

    OK, so now that I've covered all that - the 'bad news' - Your site, being so old, is at risk of being hacked. SSL is not going to prevent that. It is not going to mitigate any risks in any capacity. You really should consider an upgrade - and No. I am *not* interested in doing that (even as a paid job). The only thing on offer here is that your site will be SSL enabled (so that Google/Chrome won't create any scary 'insecure' alerts) - and that the site will be faster, and a little more resilient to some of the known exploits.

    Cheers
    RodG
    Ozpost - The Ultimate Shipping module for Australian Merchants. Click these links for its Homepage, or Download from Zen-Cart.com.

  4. #4
    Join Date
    Jan 2007
    Location
    Australia
    Posts
    6,186
    Plugin Contributions
    7

    Default Re: Zen Cart 1.3.7.1 - is it possible to enable SSL ??

    Correction. I Wrote "increase your load times".. i actually meant improve (or decrease)

    Thanks for pointing that out mc1-8)

    Cheers
    Rod
    Ozpost - The Ultimate Shipping module for Australian Merchants. Click these links for its Homepage, or Download from Zen-Cart.com.

  5. #5
    Join Date
    Jan 2007
    Location
    Australia
    Posts
    6,186
    Plugin Contributions
    7

    Default Re: Zen Cart 1.3.7.1 - is it possible to enable SSL ??

    IMPORTANT UPDATE.

    Before anyone (OP included) considers cloudflare for the SSL only, please point your webbrowser to your website then change the URL (in the address bar) to "https://....". If the page displays at all, your site is already SSL capable (all you need do is change the zencart config files to use utilise it.

    This piece of "magic" is the result of Googles massive investment in "lets encrypt" and agreements with most major hosting providers.

    3 of our 4 current hosting providers have already implemented these certs over the last few months, and the 3 or 4 new providers we've looked into since just b4 xmas have all had the lets encrytpt SNI certs deployed for all clients site wide.

    The hosting providers may not advertise this anywhere, but you have nothing to lose by trying it.

    Cheers
    RodG
    Ozpost - The Ultimate Shipping module for Australian Merchants. Click these links for its Homepage, or Download from Zen-Cart.com.

  6. #6
    Join Date
    Jan 2004
    Posts
    65,318
    Blog Entries
    7
    Plugin Contributions
    228

    Default Re: v1.3.7.1 - is it possible to enable SSL ??

    If you do it by following the easy instructions at https://www.zen-cart.com/content.php...alled-zen-cart then you will also have access to the support of the community.

    If you choose to go the route of CloudFlare, please contact RodG directly for support, because that is entirely his recommendation, not Zen Cart's.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  7. #7
    Join Date
    Oct 2006
    Location
    Alberta, Canada
    Posts
    4,606
    Plugin Contributions
    1

    Default Re: Zen Cart 1.3.7.1 - is it possible to enable SSL ??

    Quote Originally Posted by RodG View Post
    I will *not* involve myself in any further discussion about any of this in this thread.
    Then why in hell did you bring up???

    The majority of your answer has nothing to do with the question asked by the OP and is totally off-topic. Makes me wonder why you are suddenly recommending CloudFlare SSL, saying all good things but not stating any of the downside.

    And in answer to the original question, yes it can be done but why bother? The 1.3.7x version is so old you are opening yourself up to a world of pain. Best to use/upgrade to the current version and use a much better and secure version. It too can use an SSL Cert but get one on your own as it is much better that way.
    The learning is in the doing.

    Potent Products

 

 

Similar Threads

  1. v151 Enable SSL
    By firstcapitalfirearms in forum General Questions
    Replies: 11
    Last Post: 26 Feb 2013, 05:08 AM
  2. Enable SSL
    By Glock1 in forum Basic Configuration
    Replies: 2
    Last Post: 15 Jan 2012, 10:08 PM
  3. ssl can't enable
    By bloomingvine in forum General Questions
    Replies: 1
    Last Post: 5 Feb 2011, 05:05 AM
  4. Is it possible to enable https after zencart installation?
    By rapid564 in forum Installing on a Linux/Unix Server
    Replies: 2
    Last Post: 30 Sep 2006, 08:10 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR