SSL - PLEASE somebody help?

[red_fraggle]

add an index.html file to /admin with a redirect to https://yourdomain.com/catalog/admin or whatever your path to admin is. If your on cpanel this is fine, if your on plesk and not using symlinked httpdocs and httpsdocs folders then you will also need to copy all admin files to your httpsdocs folder.

[groggory]

I tried and I tried but it just isn't quite working.

Forget the automatic SSL for now. I'm just trying to get it to work in the admin.

Note: I'm using shared SSL right now
Note: I turned off all redirects

if I go to 'https://myURL.com/catalog/admin' I am prompted for the certificate. I click OK and am taken to the admin page. It is NOT encrypted.

I login....I am taken to my admin page. It is not encrypted.

I change the URL to https instead of http. It IS encrypted.

-------

So I guess my question is, how to I get the login to admin to be encrypted, and how do I get it to stay encrypted once I login?

Thanks

[red_fraggle]

whats "myURL.com" ? send me an email with login details to cmurphy@hyperactivehosting.com and ill take a look for you. include ftp address username and password so i can look at your config files.

[michael_s]

In the admin configure.php file, simply change the HTTP_SERVER to your https url and the admin will always use your SSL path.

For instance, if your http url is https://some-site.com, change the following HTTP_SERVER define to look like the code below :

Code:

define('HTTP_SERVER', 'https://some-site.com'); // eg, http://localhost - should not be empty for productive servers

That is all there is to it. Now the admin login and all pages of the admin will work using SSL.

[groggory]

That worked perfectly!

Thank you! I just updated the wiki with the changes

http://www.oscdox.com/modules.php?op...p;pagename=SSL

[groggory]

whats "myURL.com" ? send me an email with login details to cmurphy@hyperactivehosting.com and ill take a look for you. include ftp address username and password so i can look at your config files.

'myURL.com' is just a make-believe URL. I was trying to make this an anonymous case. I don't know why you need my login details to look at my config files either being that I included them in my post.

[red_fraggle]

didnt see that you had posted them, many apologies. Take a look at my posts, you'll see i help people not erase their hard drives, no need to get paranoid on me

[DrHBR]

My experience with ixwebhosting was excellent. I just moved my website to ixwebhosting and now have my OSCommerce store up and running. I used to have a Mercantec store at a different webhost.

I found that ixwebhosting's control panel made it very easy to install the mysql data base, the OSCommerce store, and the shared SSL with some occasional help from the always available online chats or by submitting a trouble ticket.

I was especially impressed by the way ixwebhosting routinely solves the shared-SSL pop-ups problem. They give you a virtual address which ends with ixwebhosting.com so that the shared SSL does not generate the security alert, "The name of the security certificate ... does not match the name of the site." I don't know whether this is now common, but it wasn't an option at my old webhost.

It took me a while to get my configurations correct in the configuration.php files (there are two of them in the ixwebhosting implementation of OSCommerce):

define('HTTP_SERVER', 'http://pahomeschoolers.c2.ixwebhosting.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://pahomeschoolers.c2.ixwebhosting.com'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'pahomeschoolers.c2.ixwebhosting.com');
define('HTTPS_COOKIE_DOMAIN', 'pahomeschoolers.c2.ixwebhosting.com');

I go right into the secure server when I enter my store from www.pahomeschoolers.com through the following URL:

https://pahomeschoolers.c2.ixwebhost...alog/index.php

Howard