Post by cutlerycuts » Sat Oct 28, 2017 3:06 am

Just installed my wildcard SSL certificate and I am unable to figure out how to only secure the checkout page.
I changed the root config file to reflect a secure URL and applied the use SSL in the settings of my cart but still isn't working.
It shows the https://www. but there is no lock nor wording "Secure" in the address bar.

Anyone know what I have to do to just allow the checkout page to show secure?

User avatar
New member

Posts

Joined
Sun Oct 04, 2015 11:01 pm
Location - Harlingen, TX

Post by yodapt » Sat Oct 28, 2017 3:50 am

https links arent showing to me at all.

Opencart Developer - My Extension Showcase
Contact me at aeon.yoda@gmail.com


User avatar
Active Member
Online

Posts

Joined
Fri Jun 17, 2011 6:39 pm


Post by MrPhil » Sat Oct 28, 2017 8:47 pm

cutlerycuts wrote:
Sat Oct 28, 2017 3:06 am
Anyone know what I have to do to just allow the checkout page to show secure?
Before you get too far down the road, is there some reason that you're not securing the entire site? That could be a lot easier than just trying to do specific pages, and will make you look better in the eyes of Google.

If your SSL cert is properly installed and configured, can you make a test .html file to see if it shows up under https? Obviously, something is very wrong if you can't even get that far. When you attempt to load a store page under https, what happens? Does it just display in http? Do you get any browser messages/icons, such as that there is insecure (http) content on the page? You may have to try several browsers if your usual one doesn't display such messages. If there is insecure content (images, javascript files, css files, other resources), you've got some cleanup to do to remove it, or switch it over to https. And of course, you have your configure.php files properly set up to indicate the https domain and that SSL is enabled.

If you do go to all-SSL, don't forget to add a redirect to your .htaccess to change incoming http addresses to https.

Active Member

Posts

Joined
Wed May 10, 2017 11:52 pm

Post by cutlerycuts » Mon Oct 30, 2017 1:34 am

Hi, thanks for replying.

Just so you know, I am using OC version 1.5.6.4 (for now). I will eventually upgrade.

Yeah, it seems to not be installed correctly or I have to do something on the cpanel side to make it work. Not sure.
The server techs told me it usually takes 24 to 48 hours for a SSL certificate to kick in. I installed it on Friday 27th.
I will check again in the morning and call them again to figure this out. I may have to re-install it again.

How do I change the .htaccess file to change incoming http address to https?

If you see my attachments, the rvj-ventures.com is not showing that it is secure and that is thru out the site.
These are the settings on the frontend config.php file:
// HTTPS
define('HTTPS_SERVER', 'https://www.rvj-ventures.com/store/');
define('HTTPS_CATALOG', 'https://www.rvj-ventures.com/store/');
define('HTTPS_IMAGE', 'https://www.rvj-ventures.com/store/image/');

Attachments

rvjventures.JPG

rvjventures.JPG (17.61 KiB) Viewed 267 times


User avatar
New member

Posts

Joined
Sun Oct 04, 2015 11:01 pm
Location - Harlingen, TX

Post by MrPhil » Mon Oct 30, 2017 2:03 am

If I look at your store home page in SSL, I get the message that the page is not entirely secure. For instance, there is an image with http: protocol. Everything needs to be https: on a page if you want it to be shown as secure.

How do I change the .htaccess file to change incoming http address to https?

Code: Select all

# force both https and www. in one go
RewriteEngine On
RewriteCond   %{HTTPS}  !on  [OR]
RewriteCond   %{HTTP_HOST}  !^www\.
RewriteRule  ^(.*)$  https://www.rvj-ventures.com/$1  [R=301,L]

Active Member

Posts

Joined
Wed May 10, 2017 11:52 pm

Post by cutlerycuts » Mon Oct 30, 2017 2:28 am

okay, I added in the info you gave me to the .htaccess file and now the website is going to a secure page until you add an item into the cart and go to checkout and the page isn't secure anymore.
Is there something else I'm forgetting.

User avatar
New member

Posts

Joined
Sun Oct 04, 2015 11:01 pm
Location - Harlingen, TX

Post by cutlerycuts » Mon Oct 30, 2017 2:31 am

Well that was weird. Now it's gone.
I was looking at it again and hit the back button and the secure vanished.
I don't know whats going on.

User avatar
New member

Posts

Joined
Sun Oct 04, 2015 11:01 pm
Location - Harlingen, TX

Post by cutlerycuts » Mon Oct 30, 2017 4:49 am

UPDATE!!!!
Okay, I just called my server tech and got some interesting info that I didn't know.
Some techs won't give this sort of info if it doesn't benefit them as far as purchasing products from them.
Anyways, I told him my situation and asked him if I had my sub-domains correctly entered into my server package.
He told me that what I have are registered domains as sub-domains. They are not actual sub-domains which is the reason why I'm getting
the error I'm getting on the SSL Certificate. It will not recognize my "sub-domains" because they are registered domains and I have
to get what is called a UCC SSL Certificate which covers up to 4 or 5 domains.
And the reason I have my registered domains as sub domains was to save money and don't have to pay for hosting fees when you have them
set up as sub-domains. I only have 1 other as a sub domain that I need to use the SSL Certificate because this one is much more lucrative.
As for the my domain, rvj-ventures.com, I thought that just changing the front end config.php file would recognize all items on each page as secure but only if it is integrated into the Open cart system. If just one link/image isn't pointed to secure (https) then that page will not convert to secure status. And my header/footer and menu are custom made so I have to go in and change it all and that helped alot. Anywhere that you have to manually change an image or link must have (https) added to it to make that page secure.
Wow, what a lesson. I hope this will help someone out there.
Thanks for all your help.

User avatar
New member

Posts

Joined
Sun Oct 04, 2015 11:01 pm
Location - Harlingen, TX

Post by MrPhil » Tue Oct 31, 2017 10:06 pm

That's rather confusing. I think the standard terminology is "primary domain" for the domain that an account is originally set up for (with or without www subdomain), e.g., mydomain.com and www.mydomain.com. Most hosts then have "subdomains" you can add for free, replacing "www." with various subdomain names, e.g., store.mydomain.com, blog.mydomain.com. Finally, "add-on domains" are totally separate from the primary domain (but included in the account), but have to be purchased from a registrar, e.g., myblog.org.

Now, SSL certificates come in several forms. The cheapest is usually for one set up for one specific domain, such as mydomain.com or www.mydomain.com (but not both). You can pay more for a "wildcard" SSL cert which permits some number of subdomains. If you have add-on domains, you normally have to buy an SSL cert for each domain name.

It sounds like you fell into the last case, with one or more add-on domains (different domain than your primary) that would each require their own SSL cert. Is there some reason that you have a different domain at the checkout? Normally, a store is the same domain throughout. Do you have a payment service tied to one specific domain?

By the way, I was also confused by your subject line. It sounded like you wanted to apply SSL only to the checkout page, when in fact, you were unable to get it to apply to that one page. Do I understand it correctly now?

Active Member

Posts

Joined
Wed May 10, 2017 11:52 pm
Who is online

Users browsing this forum: No registered users and 28 guests