Thread: Issues with SSL

Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Join Date
    Oct 2011
    Posts
    29
    Plugin Contributions
    0

    Default Issues with SSL

    I set up a cart with 1.5.4 then added the SSL. I've configured the .htaccess file to force SSL and edited /YOURADMIN/includes/configure.php as directed
    here. Yet I'm still getting security errors when attempting to login. This is my /admin/includes/configure.php file:

    define('HTTP_SERVER', 'https://www.pbl**.com');
    define('HTTPS_SERVER', 'https://www.plb**.com');
    define('HTTP_CATALOG_SERVER', 'https://www.pbl**.com');
    define('HTTPS_CATALOG_SERVER', 'https://www.pbl**.com');
    define('ENABLE_SSL_CATALOG', 'true');

    // secure webserver for admin? Valid choices are 'true' or 'false' (including quotes).
    define('ENABLE_SSL_ADMIN', 'false');

    // secure webserver for storefront? Valid choices are 'true' or 'false' (including quotes).
    define('ENABLE_SSL_CATALOG', 'false');

    define('DIR_WS_ADMIN', preg_replace('#^' . str_replace('-', '\-', zen_parse_url(HTTP_SERVER, '/path')) . '#', '', dirname($_SERVER['SCRIPT_NAME'])) . '/');
    define('DIR_WS_CATALOG', '/shop/');
    define('DIR_WS_HTTPS_ADMIN', preg_replace('#^' . str_replace('-', '\-', zen_parse_url(HTTPS_SERVER, '/path')) . '#', '', dirname($_SERVER['SCRIPT_NAME'])) . '/');
    define('DIR_WS_HTTPS_CATALOG', '/shop/');



    What am I missing?

  2. #2
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Issues with SSL

    You've quoted admin stuff. Is it correct to assume your "security errors while attempting to login" are on the Admin side?
    And ONLY on the Admin side?

    What's the actual error?
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Oct 2011
    Posts
    29
    Plugin Contributions
    0

    Default Re: Issues with SSL

    Quote Originally Posted by DrByte View Post
    You've quoted admin stuff. Is it correct to assume your "security errors while attempting to login" are on the Admin side?
    And ONLY on the Admin side?

    What's the actual error?
    Actually just the opposite. The admin side works perfectly.

    The error comes with the customer tries to sign in. Take a look : https://www.planerboardlights.com

  4. #4
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Issues with SSL

    It's down-for-maintenance so can't get to login screen from here.

    What's different about the URLs in your non-admin /includes/configure.php file?
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  5. #5
    Join Date
    Jul 2012
    Posts
    16,718
    Plugin Contributions
    17

    Default Re: Issues with SSL

    Additional to that, it would appear that Zen Cart hasn't been told to expect SSL because both ENABLE_SSL_ADMIN and ENABLE_SSL_CATALOG are set to 'false'.

    There are some further considerations such as whether the SSL certificate is truly for www.pbl**.com or for pbl**.com (where the *s represent whatever remains of the domain name).

    This would be identified by review of the SSL certificate information.
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  6. #6
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Issues with SSL

    Quote Originally Posted by mc12345678 View Post
    Additional to that, it would appear that Zen Cart hasn't been told to expect SSL because both ENABLE_SSL_ADMIN and ENABLE_SSL_CATALOG are set to 'false'.
    Perhaps may be relevant in OP's older 1.5.4 version, yes.
    In newer versions that's not always needed admin-side. There are only a few legacy-related situations where that's needed.

    More relevant may be that they mentioned one of those defines twice, so there's duplication.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  7. #7
    Join Date
    Oct 2011
    Posts
    29
    Plugin Contributions
    0

    Default Re: Issues with SSL

    Quote Originally Posted by DrByte View Post
    It's down-for-maintenance so can't get to login screen from here.

    What's different about the URLs in your non-admin /includes/configure.php file?
    My apologies. Try now

  8. #8
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Issues with SSL

    Ya, two possible causes, the first is most likely the real one:

    1. Your non-admin /includes/configure.php file probably doesn't have an https:// URL in the HTTP_SERVER define. Remember it's probably been flipped to be a read-only file as well, so you'll have to make it not-read-only before you can save changes to it.
    This file is the central place for all URLs your storefront generates for customer-use. (The admin version of the file is the central place for all admin-related URLs)

    2. Your template might not be telling it to actually use SSL (older templates didn't always do that on all forms).
    Notice here the use of 'SSL' as one of the parameters: https://github.com/zencart/zencart/b...efault.php#L67
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  9. #9
    Join Date
    Jan 2004
    Location
    N of San Antonio TX
    Posts
    9,106
    Plugin Contributions
    11

    Default Re: Issues with SSL

    Your link does work for the site but, the certificate says it's set to the non-www of your site. So none of the links to your site should try to go to https://www.yoursite.com

    What you seem to be missing is the VERY important "true" settings called for in https://docs.zen-cart.com/user/insta...rt-in-zen-cart

    Still, I wonder why the 1.5.4?

  10. #10
    Join Date
    Oct 2011
    Posts
    29
    Plugin Contributions
    0

    Default Re: Issues with SSL

    Quote Originally Posted by dbltoe View Post
    Your link does work for the site but, the certificate says it's set to the non-www of your site. So none of the links to your site should try to go to https://www.yoursite.com

    What you seem to be missing is the VERY important "true" settings called for in https://docs.zen-cart.com/user/insta...rt-in-zen-cart

    Still, I wonder why the 1.5.4?

    Is there a central place to edit the links to point to the proper url?

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. v154 Issues with SSL Certificate
    By anysigns in forum General Questions
    Replies: 3
    Last Post: 5 Dec 2019, 12:30 AM
  2. v151 Login Issues With Subdomain after installing SSL
    By ckelley in forum Basic Configuration
    Replies: 9
    Last Post: 1 May 2013, 02:55 AM
  3. Issues with SSL
    By jsiegmund in forum Managing Customers and Orders
    Replies: 4
    Last Post: 8 Jan 2008, 02:57 PM
  4. SSL issues with Network Solutions Anyone?
    By firstimpression in forum General Questions
    Replies: 15
    Last Post: 26 Jan 2007, 05:48 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR