Page 1 of 1

SSL Setup

Posted: Fri Oct 28, 2011 7:36 pm
by strobes
Hi All

I am about to setup SSL for the site i have using opencart.. i have purchased an ssl certificate (not shared) and my hosts are asking me... do i want the ssl set up for... www.mysite.com or mysite.com or secure.mysite.com ?

can anyone advise me with this? I didnt think i was going to need an ssl certificate to start with as all transactions were going to take place away from the site, but now i am setting up the payment gateway to operate from within my site

As far as i am aware i click yes to the SSl in the admin and then i have to update the config files in catalog and admin with the ssl info

does this mean i put the address (as questioned above) n there and the site will work out the rest? or do i have to add all the different urls that will need to use ssl?

sorry for the noobness of this question

thanks very much for any help you can give

Steve

Re: SSL Setup

Posted: Fri Oct 28, 2011 8:45 pm
by Moggin
Answering Q1 - it depends what address you want for your site. If you're running it from http://mysite.com the SSL cert must be set up for that: if you're using http://www.mysite.com the SSL must be set up for that instead. The two aren't interchangeable.

OC is not configured to work with secure pages in a subdomain such as secure.mysite.com - and this would need a more expensive certificate anyway. So I'd guess you won't want to use that.

For Q2: to activate SSL in Opencart you need to 1) select 'Use SSL: yes' in the admin settings, and
2) alter the HTTPS section only in the two config files, config.php and admin/config.php, so that they show https: paths.
eg

Code: Select all

// HTTPS
define('HTTPS_SERVER', 'https://www.mysite.com/');
define('HTTPS_IMAGE', 'https://www.mysite.com/image/');
This is assuming you're using 1.5x series. Hope that helps!

Re: SSL Setup

Posted: Fri Oct 28, 2011 9:08 pm
by strobes
Thank you very much for your detailed response, i really appreciate you taking the time to help

with regard to the www.mysite or just mysite...

my site works either way, as you say the ssl will only work one or the other, is it a concern that the site will work both ways? is there something i should do to prevent this? sorry if this seems like a really stupid question.. this side of web development is completely new to me

As for the lines to add to the config files.. i assume opencart will then apply the ssl to the relevantpages on its own... ?

thanks you very much once again

Steve

Re: SSL Setup

Posted: Fri Oct 28, 2011 10:49 pm
by Moggin
No worries... I've had one or two problems with SSL myself, hence have learned what can go wrong :D

Re http:// and http:// www ... try checking your configs. Your SSL cert should reflect the URL structure entered there. Your site will then work properly in checkout.

Yes, once you've selected 'use ssl: yes' and altered your configs, OC will secure the checkout and account pages on the shopfront, and admin, without any further input. Nice and easy.

Re: SSL Setup

Posted: Sun Oct 30, 2011 7:31 am
by wallacecomputer
Moggin wrote:Answering Q1 - it depends what address you want for your site. If you're running it from http://mysite.com the SSL cert must be set up for that: if you're using http://www.mysite.com the SSL must be set up for that instead. The two aren't interchangeable.

OC is not configured to work with secure pages in a subdomain such as secure.mysite.com - and this would need a more expensive certificate anyway. So I'd guess you won't want to use that.

For Q2: to activate SSL in Opencart you need to 1) select 'Use SSL: yes' in the admin settings, and
2) alter the HTTPS section only in the two config files, config.php and admin/config.php, so that they show https: paths.
eg

Code: Select all

// HTTPS
define('HTTPS_SERVER', 'https://www.mysite.com/');
define('HTTPS_IMAGE', 'https://www.mysite.com/image/');
This is assuming you're using 1.5x series. Hope that helps!
Thanks, solved my problems. Thought it was because Nginx or rather "cPanelNginx" proxy server. After uninstalling my paid cPanel cPanelNginx-Addon and still having SSL problems, I found this thread.
After paying all that my money for a secure cert, and still having to confirm the cert and it was still red instead of green, I was starting to get a little angry....lol

Thanks & God Bless, Brian R. Wallace

Re: SSL Setup

Posted: Sun Oct 30, 2011 11:11 pm
by Moggin
Glad to help :)
If something goes wrong with an SSL cert, it can be a pain trying to chase down the cause :crazy:

Re: SSL Setup

Posted: Mon May 14, 2012 1:10 am
by Shadowsong
I am using opencart version 1.5.2.1. I am having some https errors in google chrome and just so I can eliminate the SSL certificate as a problem I wanted to quickly ask your advice.

I had the SSL cert set validated for mysite.com, however in the cart software and config files it is set for www.mysite.com. I contacted hostgator, where I have the store setup, and they reinstalled the SSL cert for www.mysite.com and said that they prviously had it setup for the IP and it would include www.mysite.com and mysite.com URL structures. Do I need Comodo, the place that issued the SSL, reissue an SSL for www.mysite.com and not mysite.com? Or if I am only receiving errors in google chrome browser do I simply need to address those? The errors seem to be theme specific as when I switch to the default opencart theme the HTTPS is green in the address bar and only when I use a custom theme does the HTTPS have a red line through it.

I'm guessing it's an issue with the theme but before I dug into the code I wanted to ask to see if the SSL certificate being originally issued to mysite.com rather than www.mysite.com would be an issue.

The 2 errors reported in chrome when hitting shift-ctrl-J are :

checkout ran insecure content from http://fonts.googleapis.com/css?family=Droid+Sans&v1

checkout displayed insecure content from http://themes.googleusercontent.com/sta ... 1cLG0.woff

Re: SSL Setup

Posted: Mon May 14, 2012 1:42 am
by Shadowsong
I removed the line

<link href='http://fonts.googleapis.com/css?family=Droid+Sans&v1' rel='stylesheet' type='text/css'>

from the header.tpl file and the HTTPS is showing green now in the chrome browser.

Another possible solution is to add an "s" to http in that line making it look like

<link href='https://fonts.googleapis.com/css?family=Droid+Sans&v1' rel='stylesheet' type='text/css'>

So should I worry about the whole original SSL certificate URL structure and what hostgator did to have it reinstalled to http://www.mysite.com or if it shows green everywhere I am fine?

Re: SSL Setup

Posted: Mon May 14, 2012 4:46 am
by Moggin
If your shop is working as you expect, I can see no reason to worry.

You can check somewhere like this to ensure your SSL cert is installed correctly:
http://www.sslshopper.com/ssl-checker.html - Though problems with cert installation are rare. More common is insecure content. There are various ways round that.

When it comes to http://www.yoursite.com and http://yoursite.com, I got a red 'do not proceed' notice on my site because a cert was issued for http://site.com and not http://www.site.com.

My host (good guys) said the two weren't the same and I needed a new cert or new configs. So I tend to counsel caution on that.

If you're not seeing any problems and the host is happy, no worries.

Re: SSL Setup

Posted: Mon May 14, 2012 5:32 am
by GoGo OpenCart
strobes wrote:with regard to the http://www.mysite or just mysite...

my site works either way
It works, but the "Add to Cart" button will not work with one of those :)
Moggin wrote:Re http:// and http:// www ... try checking your configs. Your SSL cert should reflect the URL structure entered there. Your site will then work properly in checkout.
Exactly ;)

Re: SSL Setup

Posted: Tue May 15, 2012 5:21 am
by Shadowsong
Moggin wrote:If your shop is working as you expect, I can see no reason to worry.
Thanks. As far as I can tell, things are working. And thanks for the link. At the link my website shows the following, replacing my actual domain name with "mysite.com"

Common name: mysite.com
SANs: mysite.com, www.mysite.com
Valid from May 12, 2012 to May 13, 2013

So it looks like SAN allows an SSL to apply to more than one URL structure. So I guess that's what Hostgator was telling me.

Re: SSL Setup

Posted: Wed May 16, 2012 3:07 am
by Moggin
..
Shadowsong wrote:
Moggin wrote:If your shop is working as you expect, I can see no reason to worry.
Thanks. As far as I can tell, things are working. And thanks for the link. At the link my website shows the following, replacing my actual domain name with "mysite.com"

Common name: mysite.com
SANs: mysite.com, http://www.mysite.com
Valid from May 12, 2012 to May 13, 2013

So it looks like SAN allows an SSL to apply to more than one URL structure. So I guess that's what Hostgator was telling me.


Can you add to cart and check out OK? See GoGo's warning above.
--I've seen every SSL problem in the book, but GoGo understands the code much better than I do. 8)

Re: SSL Setup

Posted: Fri May 18, 2012 3:14 am
by Shadowsong
Moggin wrote:..Can you add to cart and check out OK? See GoGo's warning above.
--I've seen every SSL problem in the book, but GoGo understands the code much better than I do. 8)
I can add to cart on all the products and I did a test order and it processed and went through and I received an order email and it showed up in the admin panel under orders. So I would guess all is well. I'll cross my fingers that is the case. :) I like figuring things out myself or researching things and it's nice to know people like you are helpful.

Re: SSL Setup

Posted: Wed May 23, 2012 9:21 pm
by bruceamo123
I do not have a secure site, I need to know how to change my browser to https ? I have open cart 1.5.2.1
thanks Bruce

Re: SSL Setup

Posted: Tue Dec 25, 2012 1:15 pm
by kampong
I have setup a dedicated IP and dedicated SSL on my OC. Everything that should be HTTPS in my domain works fine except the admin panel which is still HTTP. I have changed the config.php in /admin but still unable to get it to run in HTTPS. If I use force HTTPS in /public_html/.htaccess, the admin panel does not allow me to to log it. It just re-loops back to the admin log in page.

Here's my /admin/config.php

Code: Select all

<?php
// HTTP
define('HTTP_SERVER', 'http://kampongshop.com/admin/');
define('HTTP_CATALOG', 'http://kampongshop.com/');
define('HTTP_IMAGE', 'http://kampongshop.com/image/');

// HTTPS
define('HTTPS_SERVER', 'https://kampongshop.com/admin/');
define('HTTPS_IMAGE', 'https://kampongshop.com/image/');
I can't seem to find anything wrong with the codes after reading through the forum threads.

This is a small issue but I have a small OCD about this sort of things. I mean I've paid good money for SSL but it only works for half the webstore and I'm tearing my hair out on Christmas Day(I'm in UTC+8)

Re: SSL Setup

Posted: Wed Dec 26, 2012 9:55 am
by MarketInSG
your htaccess might be coded wrongly. Try removing what you added in and try again.

Re: SSL Setup

Posted: Fri Jan 30, 2015 4:39 pm
by sprite98
Hi, thx for veery helpful post! Can u hepl me to, i have same problem too. I did everything according to instructions but https is only in admin area and during the order phase. In main page https is not full (with yellow triangle), google chrome blocks some scripts from untrusted sources. Need a help! Here is my files:

config.php:
// HTTP
define('HTTP_SERVER', 'http://24slim.biz/');

// HTTPS
define('HTTPS_SERVER', 'https://24slim.biz/');

// DIR
define('DIR_APPLICATION', '/xxx/xxx/xxx/htdocs/www/catalog/');
define('DIR_SYSTEM', '/xxx/xxx/xxx/htdocs/www/system/');
define('DIR_DATABASE', '/xxx/xxx/xxx/htdocs/www/system/database/');
define('DIR_LANGUAGE', '/xxx/xxx/xxx/htdocs/www/catalog/language/');
define('DIR_TEMPLATE', '/xxx/xxx/xxx/htdocs/www/catalog/view/theme/');
define('DIR_CONFIG', '/xxx/xxx/xxx/htdocs/www/system/config/');
define('DIR_IMAGE', '/xxx/xxx/xxx/htdocs/www/image/');
define('DIR_CACHE', '/xxx/xxx/xxx/htdocs/www/system/cache/');
define('DIR_DOWNLOAD', '/xxx/xxx/xxx/htdocs/www/download/');
define('DIR_LOGS', '/xxx/xxx/xxx/htdocs/www/system/logs/');

admin/config.php:
// HTTP
define('HTTP_SERVER', 'http://24slim.biz/admin/');
define('HTTP_CATALOG', 'http://24slim.biz/');

// HTTPS
define('HTTPS_SERVER', 'https://24slim.biz/admin/');
define('HTTPS_CATALOG', 'https://24slim.biz/');

// DIR
define('DIR_APPLICATION', '/xxx/xxx/xxx/htdocs/www/admin/');
define('DIR_SYSTEM', '/xxx/xxx/xxx/htdocs/www/system/');
define('DIR_DATABASE', '/xxx/xxx/xxx/htdocs/www/system/database/');
define('DIR_LANGUAGE', '/xxx/xxx/xxx/htdocs/www/admin/language/');
define('DIR_TEMPLATE', '/xxx/xxx/xxx/htdocs/www/admin/view/template/');
define('DIR_CONFIG', '/xxx/xxx/xxx/htdocs/www/system/config/');
define('DIR_IMAGE', '/xxx/xxx/xxx/htdocs/www/image/');
define('DIR_CACHE', '/xxx/xxx/xxx/htdocs/www/system/cache/');
define('DIR_DOWNLOAD', '/xxx/xxx/xxx/htdocs/www/download/');
define('DIR_LOGS', '/xxx/xxx/xxx/htdocs/www/system/logs/');
define('DIR_CATALOG', '/xxx/xxx/xxx/htdocs/www/catalog/');

.htaccess:
RewriteCond %{HTTP_HOST} ^www.24slim.biz$ [NC]
RewriteRule ^(.*)$ http://24slim.biz/$1 [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\ HTTP/
RewriteRule ^index\.html$ / [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ / [R=301,L]
RewriteCond %{QUERY_STRING} ^route=common/home$
RewriteCond %{REQUEST_METHOD} !^POST$
RewriteRule ^index\.php$ http://%{HTTP_HOST}? [R=301,L]
RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=feed/google_base [L]
RewriteRule ^download/(.*) /index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]

what am I doing wrong?

Re: SSL Setup

Posted: Fri Feb 27, 2015 3:17 am
by markjacks
Hi Sprite, have you checked the thread below already?

http://forum.opencart.com/viewtopic.php?f=138&t=64685