SSL - PLEASE somebody help?

[lil-raskals]

I purchased ssl certificate, installed on my server host. My host company can not redirect the site from https://www.lil-raskals.com to HTTPS://www.lil-raskals.com. Because they have 1 redirect from them to catalog/index.php and can not do another.
I have tried every suggestion on this forum to get my site to switch from non-secure to secure. It just isn't happening. Can someone please suggest exactly which file to change? I'm pretty new to this still, I am getting pretty desperate here.

Thanks so much!

this is copy of my /lil-raskals.com/catalog/includes/configure.php


// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://lil-raskals.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://www.lil-raskals.com'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', '');
define('HTTPS_COOKIE_DOMAIN', '');
define('HTTP_COOKIE_PATH', '');
define('HTTPS_COOKIE_PATH', '');
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']));
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers
define('DB_SERVER_USERNAME', '');
define('DB_SERVER_PASSWORD', '');
define('DB_DATABASE', 'osCommerce');
define('USE_PCONNECT', 'false'); // use persistent connections?
define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'
?>

[jasonabc]

I just recently did the same thing - my host company installed a security certificate that I purchased from them - as well as install it they also reconfigured the site's IP address at the same time. All I did then was change the https:// path in my configure.php file from shared to the new one. Perhaps you forgot to do the IP config when you installed the certificate?

[lil-raskals]

Thanks Jayson for anwering. My host company ixwebhosting.com showed me where to upload the certif. and I was basicaly on my own. They never informed about the IP having to be modified. When I go to them for support on this, they play STUPID with me. I am getting no help on this AT ALL from them. I am paying all these fees, bought my own SSL, and now I have a website that I can not take any credit card orders on. I am about to go CRAZY - COL (crying out loud) What do I do. I will copy any file to this form nessessary for someone to look at and tell me If I am doing something wrong. But I have printed EVERY subject matter on here and 1 by1 done them ALL. Something is wrong.

[909]

lil-raskals, problem 1 is that you double posted the same quetion in the same forum, you get a slap on the hand for that one. 2nd, your certificate doesn't show up as 100% valid. Check the install of the cert as well as the site content is coming from WITHIN the same secured site, nothing from the outside world or it'll throw errors out to the users. The next thing is that it is unnecessary to secure the entire site. You CAN do that simply by removing the redirect from /catalog/index.php over to a standard index.html, from there you can do a redirect to any page you'd like to throw the users to. You can also set this sort of thing if you have server root access in your own directory and can create a .htaccess file there. There are good tutorials here on this. Most important, you need to set your http and https cookie domains in your configure.php. The true statement under ssl enable is only referring to the checkout procedure, not the entire site so try not to confuse the 2.

[lil-raskals]

909, Thanks for your reply, my mistake for posting twice, Had to modify my question. Any way, I can not get to htaccess. I have since made changes to configure.php . When I visit my site I don't get any error messages. It just not secure when I do a purchase. Here is the chain of events that took place to better understand what has happened.
1. I started out using the shared ssl from host company. Which didn't work either, but I knew a little less than I know about this stuff. Then I read forum and found a post that said using your own ssl was by far better than shared. So I thought If I purchased my own, things would be less complicated. I was wrong.

2. I purchased my own ssl, then I was getting the "Name does not match error" I'm new, so I called the company I purchased the ssl from, they said I left of the "www" in the request so that's why name don't match. So they told me to purchase another one, did that. Now I don't have the message, but the check-out process is not secured still. During all this I found where you have to make the cookie domains match. So I think I have done that correct.

3. Now in the file below, it shows a line with the "www" and the rest do not. Could that be a problem? And also, should I have to do a redirect, if the ssl should "kick" in like I understand that it should? If you think or "KNOW" my certificate has a problem, I should need to know for sure, being that I only have now a couple of days now to refund it for another, OR would things be "better" if I just use the shared one? My host company told me that if I used the shared one I would have to have this long bulky address: lil-raskals.ixwebhosting.com True or not True?
Last thing: I also change the lil-raskals.com/admin/includes/configure.php to define server too. should I have?

Thanks
carla

******/lil-raskals.com/catalog/includes/configure.php****** file below:

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://lil-raskals.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://www.lil-raskals.com'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'http://lil-raskals.com');
define('HTTPS_COOKIE_DOMAIN', 'https://lil-raskals.com');
define('HTTP_COOKIE_PATH', '');
define('HTTPS_COOKIE_PATH', '');
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']));
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers
define('DB_SERVER_USERNAME', '');
define('DB_SERVER_PASSWORD', '');
define('DB_DATABASE', 'osCommerce');
define('USE_PCONNECT', 'false'); // use persistent connections?
define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'
?>



*****lil-raskals.com/admin/includes/configure.php**** file below:

// define our webserver variables
// FS = Filesystem (physical)
// WS = Webserver (virtual)
define('HTTP_SERVER', ''); // eg, http://localhost or - https://localhost should not be NULL for productive servers
define('HTTP_CATALOG_SERVER', 'http://lil-raskals.com');
define('HTTPS_CATALOG_SERVER', 'https://lil-raskals.com');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)
define('DIR_WS_ADMIN', '/admin/');
define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);
define('DIR_WS_CATALOG', '/catalog/');
define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

// define our database connection
define('DB_SERVER', '');
define('DB_SERVER_USERNAME', 'mysql');
define('DB_SERVER_PASSWORD', '');
define('DB_DATABASE', 'osCommerce');
define('USE_PCONNECT', 'false');
define('STORE_SESSIONS', '');
?>

[jasonabc]

you don't have to to any redirects - it will automatically 'kick in' as you say - as long as you've set the path up and it's all configured properly. You *must* take the 'www' out of the https:// address in HTTPS_CATALOG_SERVER in /catalog/includes/configure.php. Some of your variables (HTTP_COOKIE_PATH for e.g.) are missing or wrong - cookie_path should be '/catalog/' not blank. Your database name, username and pwd are blank (although I realise you might have taken these out for the purpose of your post!)

Try that - let us know how you get on

[michael_s]

Also, your http and https cookie domains are incorrect.

They should be :

define('HTTP_COOKIE_DOMAIN', 'lil-raskals.com');
define('HTTPS_COOKIE_DOMAIN', 'lil-raskals.com');

Your cookie path is incorrect as jason stated. They should be:

define('HTTP_COOKIE_PATH', '/catalog/');
define('HTTPS_COOKIE_PATH', '/catalog/');

In your /admin/includes/configure.php, also change your http server to :
define('HTTP_CATALOG_SERVER', 'https://lil-raskals.com');

Changing this will secure your admin using SSL.

That should fix it for you...

[lil-raskals]

Hi, Thanks, Here it is.... I changed it. still not secure that I can tell. When I go to check out and give a credit card # I look for the "lock" at bottom, and for the "https" in the address bar. Not there. Am I wrong to look for that?
Thanks
Carla

***catalog/includes/configure.php***

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'https://lil-raskals.com'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://lil-raskals.com'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'lil-raskals.com');
define('HTTPS_COOKIE_DOMAIN', 'lil-raskals.com');
define('HTTP_COOKIE_PATH', '/catalog/');
define('HTTPS_COOKIE_PATH', '/catalog/');
define('DIR_WS_HTTP_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']));
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers
define('DB_SERVER_USERNAME', '');
define('DB_SERVER_PASSWORD', '');
define('DB_DATABASE', 'osCommerce');
define('USE_PCONNECT', 'false'); // use persistent connections?
define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'
?>


***admin/includes/configure.php***

// define our webserver variables
// FS = Filesystem (physical)
// WS = Webserver (virtual)
define('HTTP_SERVER', 'https://lil-raskals.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers
define('HTTP_CATALOG_SERVER', 'https://lil-raskals.com');
define('HTTPS_CATALOG_SERVER', 'https://lil-raskals.com');
define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)
define('DIR_WS_ADMIN', '/admin/');
define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);
define('DIR_WS_CATALOG', '/catalog/');
define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

// define our database connection
define('DB_SERVER', '');
define('DB_SERVER_USERNAME', 'mysql');
define('DB_SERVER_PASSWORD', '');
define('DB_DATABASE', 'osCommerce');
define('USE_PCONNECT', 'false');
define('STORE_SESSIONS', '');
?>

[909]

your ssl cert is still showing up as www.lil-raskals.com, this should be the first thing fixed. Without this working properly, i'm afraid we'll all be chaising our tails here trying to figure all this out. If you go through the checkout procedure, the site never kicks you over to https, probably beause the cert name doesn't match. When you get to the check out page, go up to your URL bar and insert the "s" and the cert warning will pop up. I do believe however, you should be using the www. in front just to make the site easier to find out there. Your host has it in their DNS so why not just change it to go there and forget about messing with the name change on the cert?

Second, change your cookie domains to include the www.
Lastly, your "http" server should read http://www.lil-raskals.com
"https" should read https://www.lil-raskals.com

This should fix the problems but we're still here if not. Please post if this works so it's documented for the next person in your shoes.

I also created a test user to check this stuff out for your site. email is a@a.com pw: 123456 if anyone else wants to check it out.

[909]

1 more observation, your table rate for shipping has shown $0 for products under your $99 minimum stated in your shipping policies. Might want to look into this!