Thread: I'm in SSL Hell

Results 1 to 8 of 8
  1. #1
    Join Date
    Feb 2010
    Posts
    205
    Plugin Contributions
    0

    Default I'm in SSL Hell

    Ok, so I purchased a Positive SSL certificate from my hosting company (hostgator) for cheapsheetmusic.com I changed the config.php files in both my admin and includes directories, where everything hppts shows "true" Once I did that I was able to type in https://www.cheapsheetmusic.com and it shows that the site is secure.

    The last step was to modify the htaccess file so it automatically redirects to the https url. But once that was done, the website will only redirect to the main page, no matter what link I click on. Here's what I added to the htaccess file:

    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.cheapsheetmusic.com/$1 [R=301,L]

    My htaccess file also has a lot of rewrite info from the CEON URI app and I'm not sure if that is where I need to be looking ?

    One thing I read about shared hosting is that I may need somewhere to designate the actual shared location of my website, and not the cheapsheetmusic.com designation ?

    Any suggestions are really appreciated.

  2. #2
    Join Date
    Oct 2006
    Location
    Alberta, Canada
    Posts
    4,571
    Plugin Contributions
    1

    Default Re: I'm in SSL Hell

    What you used is correct and should be placed at the very top of the .htaccess file.

    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.cheapsheetmusic.com/$1 [R=301,L]


    Also check these settings:

    Admin -> Configuration -> Sessions
    Cookie Domain
    Force Cookie Use
    - make sure they both say True

  3. #3
    Join Date
    Nov 2005
    Location
    los angeles
    Posts
    2,668
    Plugin Contributions
    11

    Default Re: I'm in SSL Hell

    i would NOT use .htaccess for what you want to do. which frankly i am really unclear....

    there are 3 constants in the includes files that you need to concern yourself with. for example:

    Code:
    /**
     * Enter the domain for your store
     * HTTP_SERVER is your Main webserver: eg-http://www.yourdomain.com
     * HTTPS_SERVER is your Secure/SSL webserver: eg-https://www.yourdomain.com
     */
    define('HTTP_SERVER', 'http://la155.com');
    define('HTTPS_SERVER', 'https://la155.com');
    
    /**
     *  If you want to tell Zen Cart to use your HTTPS URL on sensitive pages like login and checkout, set this to 'true'. Otherwise 'false'. (Keep the quotes)
     */
    define('ENABLE_SSL', 'true');
    that configuration should work fine (changing to your domain names).

    now there has been a lot of discussion about making the WHOLE site use https. if you want to do that, you would change the first constant to:

    Code:
    define('HTTP_SERVER', 'https://la155.com');
    again, it is my opinion to NOT do a redirect in htaccess for making the whole site https. i will not rehash the whole discussion about whether it is of value to do so.

    good luck.
    author of square Webpay.
    mxWorks has premium plugins. donations: venmo or paypal accepted.
    premium consistent excellent support. available for hire.

  4. #4
    Join Date
    Feb 2010
    Posts
    205
    Plugin Contributions
    0

    Default Re: I'm in SSL Hell

    Thank you all for your advice. The main reason I am installing the SSL function is not for security but to adhere to google's new standards. From what I understand, sites that do not have the https feature will be tagged to show they are not a secure site. Also, I understand that my website will climb higher in rankings against the sites that are not https. Who the heck knows if this is really the case but it's my job to use every tool I can to get better rankings.

    I like the fact that now my website shows as an https secure site on the home page. But once you start searching the listings, the pages are all not secured. Once you click on the add to cart link, it goes to the https. So I guess my question is if Google is really expecting us to have https on every one of our pages OR is what I have now acceptable to them ?

    Thx again.

  5. #5
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: I'm in SSL Hell

    Quote Originally Posted by mrcastle View Post
    I like the fact that now my website shows as an https secure site on the home page. But once you start searching the listings, the pages are all not secured. Once you click on the add to cart link, it goes to the https.
    That's because you have your configure.php set for:

    HTTP_SERVER: http://example.com
    HTTPS_SERVER: https://example.com

    If you want Zen Cart to treat ALL your pages as SSL, then:
    HTTP_SERVER: https://example.com
    HTTPS_SERVER: https://example.com


    You may still want to sort out (via your hosting company's experts) how to properly get your custom-added .htaccess to "force" visitors to SSL. But that's beyond the scope of Zen Cart itself.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  6. #6
    Join Date
    Feb 2010
    Posts
    205
    Plugin Contributions
    0

    Default Re: I'm in SSL Hell

    Well, it's interesting how Firefox & Google Chrome treat my homepage. Google Chrome shows it as secure, but Firefox does not and actually brings it up as http://www.cheapsheetmusic.com BUT when you go into the shopping cart, it switches to https I did put the .htaccess commands in there (at the top) and I also updated the config.php files to the recommended settings. I'm actually happy with everything BUT I'd like Firefox to show my homepage as an https Is there any way to do this without setting all of my pages as https ? Google Chrome is perfect.... home page shows the lock and when you do searches on products, it goes back to http mode. Go to the shopping cart, it switches to https That's what I want but I don't know if Firefox will acommodate me. Thx

  7. #7
    Join Date
    Oct 2006
    Location
    Alberta, Canada
    Posts
    4,571
    Plugin Contributions
    1

    Default Re: I'm in SSL Hell

    At the top of your .htaccess file:

    Replace
    Code:
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.cheapsheetmusic.com/$1 [R=301,L]
    With
    Code:
    #############################
    ##  General Settings
    
    Options  +SymLinksIfOwnerMatch -FollowSymlinks -Indexes
    
    RewriteEngine ON
    
    # Define the default Character Set for Browsers
    AddDefaultCharset utf-8
    
    # if an https URL is not used then redirect to use https
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.cheapsheetmusic.com/$1 [R=301,L]
    
    # regardless of whether an https URL is used,
    # if a URL is used without www then redirect to an https URL that does use www
    RewriteCond %{HTTP_HOST} ^example.com [NC]
    RewriteRule ^(.*)$ https://www.cheapsheetmusic.com/$1 [R=301,L]

  8. #8
    Join Date
    Jul 2012
    Posts
    16,718
    Plugin Contributions
    17

    Default Re: I'm in SSL Hell

    Quote Originally Posted by mrcastle View Post
    Well, it's interesting how Firefox & Google Chrome treat my homepage. Google Chrome shows it as secure, but Firefox does not and actually brings it up as http://www.cheapsheetmusic.com BUT when you go into the shopping cart, it switches to https I did put the .htaccess commands in there (at the top) and I also updated the config.php files to the recommended settings. I'm actually happy with everything BUT I'd like Firefox to show my homepage as an https Is there any way to do this without setting all of my pages as https ? Google Chrome is perfect.... home page shows the lock and when you do searches on products, it goes back to http mode. Go to the shopping cart, it switches to https That's what I want but I don't know if Firefox will acommodate me. Thx
    Must remember that the includes/configure.php file is set to Read only (444) until that is modified to permit writing (644). It would appear that the guidance of DrByte (setting both HTTP_SERVER and HTTPS_SERVER to https://) has not been stored as complete. If it had, then all links after initially arriving at the website would be presented as https:// and not just those that have been designed to be served securely when SSL is enabled. So, it may seem like the file has been changed, but it can be seen that overall those constants are not set that way.
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

 

 

Similar Threads

  1. Header Hell
    By clareclive in forum Templates, Stylesheets, Page Layout
    Replies: 3
    Last Post: 20 Nov 2011, 06:01 PM
  2. Switching Server Hell
    By Lost and Confused in forum Installing on a Linux/Unix Server
    Replies: 11
    Last Post: 15 Apr 2010, 01:00 AM
  3. Stylesheet hell
    By dochsa in forum Templates, Stylesheets, Page Layout
    Replies: 9
    Last Post: 4 Jan 2009, 09:32 PM
  4. Crystaltech email hell
    By trev in forum General Questions
    Replies: 8
    Last Post: 14 Nov 2006, 08:40 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR