SSL Security warning when using HTTPS

[xpman]

So i"ve been searching around the forums and have not been able to fix my problem with https. Basically when a customer goes to checkout the page switches to https however they get that warning about some stuff on page is not https.

In IE7 even worse, won't even take you to the page without clicking a ok link.

My site I'm trying to get up is : http://store.baltind.com

Anyhow, here is my configure:

// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://store.baltind.com'); // eg, h
define('HTTPS_SERVER', 'https://www.store.baltind.com'); //
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'baltind.com');
define('HTTPS_COOKIE_DOMAIN', 'store.baltind.com');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '/');
define('DIR_WS_HTTP_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
define('DIR_FS_CATALOG', '/baltind/newstore/catalog/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');


?>


my ssl certifcate is registered to 'www.store.baltind.com' and the main store catalog is under 'store.baltind.com'. Both those domains point to the directory "/baltind/newstore/catalog" on the server.

Anyhow, if anyone has any hints I would greatly appreciate. I'm just using a slightly mod'ed aabox template which I'm gonna be changing out in the new year. Just trying to get something up for the next two weeks for a sale we are doing.

[xpman]

PS> I know the problem is with the darn images on the page. Seems that every image loads from the http page rather https. However, I'm fairly certain I have the image settings in configure correct.

[michael_s]

First, change this:

PHP Code:

   define('HTTP_COOKIE_DOMAIN', 'baltind.com'); 


to this:

PHP Code:

  define('HTTP_COOKIE_DOMAIN', 'store.baltind.com'); 


But I do not think that is going to fix your issue. Let me know if it does...

I think the issue is that your server is not sending what osCMax expects as a response to the ssl checking. This is the issue. I will have to look around for the way I fixed it before...

[xpman]

Thanks for the quick reply. That did not help, I typoed it at some point when trying to figure this out last few days.

I think the problem is with the base href setting. I'm using 1&1 Internet Inc. - Web Hosting Services and Domain Name Registration for hosting and found this post just a bit ago on it:

osCommerce: 1and1 SSL Fix

When I do a view source on the page it shows the base href as http not https. So I'm trying to read thru these oscommerce thread on how to fix this. If this rings any bells let me know thou

[michael_s]

Yep, 1&1 has their own quirky ssl setup. That osCommerce fix you posted will resolve your problems. Follow the instructions and your ssl will start working for you...

[xpman]

Well...sure enough, as soon as I post a topic I figure it out. Been trying to get this working for like 4 days now!

Got it working thou. I followed the steps in the above link from oscommerce for 1and1 hosting.

I have a dedicated SSL cert so I did the following:
---------------------------
BACKUP YOUR FILES FIRST!!!

DEDICATED SSL WITH 1AND1 HOSTING
*************************************************
1. Change:
(getenv('HTTPS') == 'on')
to
(getenv('HTTPS') == '1')
in
includes/application_top.php
includes/functions/general.php
admin/index.php

2. The correct relative address html code for images using the dedicated ssl would be for example src="/images/logo_background_default.gif" with the '/' in the front.This is for either using your own html pages in the site or using the ever popular WYSIWYG HTML Editor which does not normally format the code in this way. Therefor you will need to manually change it.




-----------------------

I did not have to do step two. Seems 1and1 has some screwed up hosting settings. I think they are my cause of slowness on the overall site as well, crappy ass database server or webserver, not sure which is slowing things down yet.

Thanks for your help thou. Maybe at least this will help someone else in the future