Post by strobes » Fri Oct 28, 2011 7:36 pm

Hi All

I am about to setup SSL for the site i have using opencart.. i have purchased an ssl certificate (not shared) and my hosts are asking me... do i want the ssl set up for... www.mysite.com or mysite.com or secure.mysite.com ?

can anyone advise me with this? I didnt think i was going to need an ssl certificate to start with as all transactions were going to take place away from the site, but now i am setting up the payment gateway to operate from within my site

As far as i am aware i click yes to the SSl in the admin and then i have to update the config files in catalog and admin with the ssl info

does this mean i put the address (as questioned above) n there and the site will work out the rest? or do i have to add all the different urls that will need to use ssl?

sorry for the noobness of this question

thanks very much for any help you can give

Steve


Posts

Joined
Fri Sep 02, 2011 7:13 pm

Post by Moggin » Fri Oct 28, 2011 8:45 pm

Answering Q1 - it depends what address you want for your site. If you're running it from http://mysite.com the SSL cert must be set up for that: if you're using http://www.mysite.com the SSL must be set up for that instead. The two aren't interchangeable.

OC is not configured to work with secure pages in a subdomain such as secure.mysite.com - and this would need a more expensive certificate anyway. So I'd guess you won't want to use that.

For Q2: to activate SSL in Opencart you need to 1) select 'Use SSL: yes' in the admin settings, and
2) alter the HTTPS section only in the two config files, config.php and admin/config.php, so that they show https: paths.
eg

Code: Select all

// HTTPS
define('HTTPS_SERVER', 'https://www.mysite.com/');
define('HTTPS_IMAGE', 'https://www.mysite.com/image/');
This is assuming you're using 1.5x series. Hope that helps!


Posts

Joined
Wed May 05, 2010 4:56 am

Post by strobes » Fri Oct 28, 2011 9:08 pm

Thank you very much for your detailed response, i really appreciate you taking the time to help

with regard to the www.mysite or just mysite...

my site works either way, as you say the ssl will only work one or the other, is it a concern that the site will work both ways? is there something i should do to prevent this? sorry if this seems like a really stupid question.. this side of web development is completely new to me

As for the lines to add to the config files.. i assume opencart will then apply the ssl to the relevantpages on its own... ?

thanks you very much once again

Steve


Posts

Joined
Fri Sep 02, 2011 7:13 pm

Post by Moggin » Fri Oct 28, 2011 10:49 pm

No worries... I've had one or two problems with SSL myself, hence have learned what can go wrong :D

Re http:// and http:// www ... try checking your configs. Your SSL cert should reflect the URL structure entered there. Your site will then work properly in checkout.

Yes, once you've selected 'use ssl: yes' and altered your configs, OC will secure the checkout and account pages on the shopfront, and admin, without any further input. Nice and easy.


Posts

Joined
Wed May 05, 2010 4:56 am

Post by wallacecomputer » Sun Oct 30, 2011 7:31 am

Moggin wrote:Answering Q1 - it depends what address you want for your site. If you're running it from http://mysite.com the SSL cert must be set up for that: if you're using http://www.mysite.com the SSL must be set up for that instead. The two aren't interchangeable.

OC is not configured to work with secure pages in a subdomain such as secure.mysite.com - and this would need a more expensive certificate anyway. So I'd guess you won't want to use that.

For Q2: to activate SSL in Opencart you need to 1) select 'Use SSL: yes' in the admin settings, and
2) alter the HTTPS section only in the two config files, config.php and admin/config.php, so that they show https: paths.
eg

Code: Select all

// HTTPS
define('HTTPS_SERVER', 'https://www.mysite.com/');
define('HTTPS_IMAGE', 'https://www.mysite.com/image/');
This is assuming you're using 1.5x series. Hope that helps!
Thanks, solved my problems. Thought it was because Nginx or rather "cPanelNginx" proxy server. After uninstalling my paid cPanel cPanelNginx-Addon and still having SSL problems, I found this thread.
After paying all that my money for a secure cert, and still having to confirm the cert and it was still red instead of green, I was starting to get a little angry....lol

Thanks & God Bless, Brian R. Wallace


Posts

Joined
Sun Oct 30, 2011 7:25 am

Post by Moggin » Sun Oct 30, 2011 11:11 pm

Glad to help :)
If something goes wrong with an SSL cert, it can be a pain trying to chase down the cause :crazy:


Posts

Joined
Wed May 05, 2010 4:56 am

Post by Shadowsong » Mon May 14, 2012 1:10 am

I am using opencart version 1.5.2.1. I am having some https errors in google chrome and just so I can eliminate the SSL certificate as a problem I wanted to quickly ask your advice.

I had the SSL cert set validated for mysite.com, however in the cart software and config files it is set for www.mysite.com. I contacted hostgator, where I have the store setup, and they reinstalled the SSL cert for www.mysite.com and said that they prviously had it setup for the IP and it would include www.mysite.com and mysite.com URL structures. Do I need Comodo, the place that issued the SSL, reissue an SSL for www.mysite.com and not mysite.com? Or if I am only receiving errors in google chrome browser do I simply need to address those? The errors seem to be theme specific as when I switch to the default opencart theme the HTTPS is green in the address bar and only when I use a custom theme does the HTTPS have a red line through it.

I'm guessing it's an issue with the theme but before I dug into the code I wanted to ask to see if the SSL certificate being originally issued to mysite.com rather than www.mysite.com would be an issue.

The 2 errors reported in chrome when hitting shift-ctrl-J are :

checkout ran insecure content from http://fonts.googleapis.com/css?family=Droid+Sans&v1

checkout displayed insecure content from http://themes.googleusercontent.com/sta ... 1cLG0.woff


Posts

Joined
Mon May 14, 2012 12:56 am

Post by Shadowsong » Mon May 14, 2012 1:42 am

I removed the line

<link href='http://fonts.googleapis.com/css?family=Droid+Sans&v1' rel='stylesheet' type='text/css'>

from the header.tpl file and the HTTPS is showing green now in the chrome browser.

Another possible solution is to add an "s" to http in that line making it look like

<link href='https://fonts.googleapis.com/css?family=Droid+Sans&v1' rel='stylesheet' type='text/css'>

So should I worry about the whole original SSL certificate URL structure and what hostgator did to have it reinstalled to http://www.mysite.com or if it shows green everywhere I am fine?


Posts

Joined
Mon May 14, 2012 12:56 am

Post by Moggin » Mon May 14, 2012 4:46 am

If your shop is working as you expect, I can see no reason to worry.

You can check somewhere like this to ensure your SSL cert is installed correctly:
http://www.sslshopper.com/ssl-checker.html - Though problems with cert installation are rare. More common is insecure content. There are various ways round that.

When it comes to http://www.yoursite.com and http://yoursite.com, I got a red 'do not proceed' notice on my site because a cert was issued for http://site.com and not http://www.site.com.

My host (good guys) said the two weren't the same and I needed a new cert or new configs. So I tend to counsel caution on that.

If you're not seeing any problems and the host is happy, no worries.


Posts

Joined
Wed May 05, 2010 4:56 am

Post by GoGo OpenCart » Mon May 14, 2012 5:32 am

strobes wrote:with regard to the http://www.mysite or just mysite...

my site works either way
It works, but the "Add to Cart" button will not work with one of those :)
Moggin wrote:Re http:// and http:// www ... try checking your configs. Your SSL cert should reflect the URL structure entered there. Your site will then work properly in checkout.
Exactly ;)

See all my extensions: http://www.opencart.com/index.php?route ... 20OpenCart


User avatar

Posts

Joined
Mon Nov 14, 2011 11:30 pm

Post by Shadowsong » Tue May 15, 2012 5:21 am

Moggin wrote:If your shop is working as you expect, I can see no reason to worry.
Thanks. As far as I can tell, things are working. And thanks for the link. At the link my website shows the following, replacing my actual domain name with "mysite.com"

Common name: mysite.com
SANs: mysite.com, www.mysite.com
Valid from May 12, 2012 to May 13, 2013

So it looks like SAN allows an SSL to apply to more than one URL structure. So I guess that's what Hostgator was telling me.


Posts

Joined
Mon May 14, 2012 12:56 am

Post by Moggin » Wed May 16, 2012 3:07 am

..
Shadowsong wrote:
Moggin wrote:If your shop is working as you expect, I can see no reason to worry.
Thanks. As far as I can tell, things are working. And thanks for the link. At the link my website shows the following, replacing my actual domain name with "mysite.com"

Common name: mysite.com
SANs: mysite.com, http://www.mysite.com
Valid from May 12, 2012 to May 13, 2013

So it looks like SAN allows an SSL to apply to more than one URL structure. So I guess that's what Hostgator was telling me.


Can you add to cart and check out OK? See GoGo's warning above.
--I've seen every SSL problem in the book, but GoGo understands the code much better than I do. 8)


Posts

Joined
Wed May 05, 2010 4:56 am

Post by Shadowsong » Fri May 18, 2012 3:14 am

Moggin wrote:..Can you add to cart and check out OK? See GoGo's warning above.
--I've seen every SSL problem in the book, but GoGo understands the code much better than I do. 8)
I can add to cart on all the products and I did a test order and it processed and went through and I received an order email and it showed up in the admin panel under orders. So I would guess all is well. I'll cross my fingers that is the case. :) I like figuring things out myself or researching things and it's nice to know people like you are helpful.


Posts

Joined
Mon May 14, 2012 12:56 am

Post by bruceamo123 » Wed May 23, 2012 9:21 pm

I do not have a secure site, I need to know how to change my browser to https ? I have open cart 1.5.2.1
thanks Bruce


Posts

Joined
Thu May 10, 2012 4:34 am

Post by kampong » Tue Dec 25, 2012 1:15 pm

I have setup a dedicated IP and dedicated SSL on my OC. Everything that should be HTTPS in my domain works fine except the admin panel which is still HTTP. I have changed the config.php in /admin but still unable to get it to run in HTTPS. If I use force HTTPS in /public_html/.htaccess, the admin panel does not allow me to to log it. It just re-loops back to the admin log in page.

Here's my /admin/config.php

Code: Select all

<?php
// HTTP
define('HTTP_SERVER', 'http://kampongshop.com/admin/');
define('HTTP_CATALOG', 'http://kampongshop.com/');
define('HTTP_IMAGE', 'http://kampongshop.com/image/');

// HTTPS
define('HTTPS_SERVER', 'https://kampongshop.com/admin/');
define('HTTPS_IMAGE', 'https://kampongshop.com/image/');
I can't seem to find anything wrong with the codes after reading through the forum threads.

This is a small issue but I have a small OCD about this sort of things. I mean I've paid good money for SSL but it only works for half the webstore and I'm tearing my hair out on Christmas Day(I'm in UTC+8)


Posts

Joined
Fri Aug 24, 2012 9:15 am

Post by MarketInSG » Wed Dec 26, 2012 9:55 am

your htaccess might be coded wrongly. Try removing what you added in and try again.


User avatar

Posts

Joined
Wed Nov 16, 2011 11:53 am
Location - Singapore

Post by sprite98 » Fri Jan 30, 2015 4:39 pm

Hi, thx for veery helpful post! Can u hepl me to, i have same problem too. I did everything according to instructions but https is only in admin area and during the order phase. In main page https is not full (with yellow triangle), google chrome blocks some scripts from untrusted sources. Need a help! Here is my files:

config.php:
// HTTP
define('HTTP_SERVER', 'http://24slim.biz/');

// HTTPS
define('HTTPS_SERVER', 'https://24slim.biz/');

// DIR
define('DIR_APPLICATION', '/xxx/xxx/xxx/htdocs/www/catalog/');
define('DIR_SYSTEM', '/xxx/xxx/xxx/htdocs/www/system/');
define('DIR_DATABASE', '/xxx/xxx/xxx/htdocs/www/system/database/');
define('DIR_LANGUAGE', '/xxx/xxx/xxx/htdocs/www/catalog/language/');
define('DIR_TEMPLATE', '/xxx/xxx/xxx/htdocs/www/catalog/view/theme/');
define('DIR_CONFIG', '/xxx/xxx/xxx/htdocs/www/system/config/');
define('DIR_IMAGE', '/xxx/xxx/xxx/htdocs/www/image/');
define('DIR_CACHE', '/xxx/xxx/xxx/htdocs/www/system/cache/');
define('DIR_DOWNLOAD', '/xxx/xxx/xxx/htdocs/www/download/');
define('DIR_LOGS', '/xxx/xxx/xxx/htdocs/www/system/logs/');

admin/config.php:
// HTTP
define('HTTP_SERVER', 'http://24slim.biz/admin/');
define('HTTP_CATALOG', 'http://24slim.biz/');

// HTTPS
define('HTTPS_SERVER', 'https://24slim.biz/admin/');
define('HTTPS_CATALOG', 'https://24slim.biz/');

// DIR
define('DIR_APPLICATION', '/xxx/xxx/xxx/htdocs/www/admin/');
define('DIR_SYSTEM', '/xxx/xxx/xxx/htdocs/www/system/');
define('DIR_DATABASE', '/xxx/xxx/xxx/htdocs/www/system/database/');
define('DIR_LANGUAGE', '/xxx/xxx/xxx/htdocs/www/admin/language/');
define('DIR_TEMPLATE', '/xxx/xxx/xxx/htdocs/www/admin/view/template/');
define('DIR_CONFIG', '/xxx/xxx/xxx/htdocs/www/system/config/');
define('DIR_IMAGE', '/xxx/xxx/xxx/htdocs/www/image/');
define('DIR_CACHE', '/xxx/xxx/xxx/htdocs/www/system/cache/');
define('DIR_DOWNLOAD', '/xxx/xxx/xxx/htdocs/www/download/');
define('DIR_LOGS', '/xxx/xxx/xxx/htdocs/www/system/logs/');
define('DIR_CATALOG', '/xxx/xxx/xxx/htdocs/www/catalog/');

.htaccess:
RewriteCond %{HTTP_HOST} ^www.24slim.biz$ [NC]
RewriteRule ^(.*)$ http://24slim.biz/$1 [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\ HTTP/
RewriteRule ^index\.html$ / [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ / [R=301,L]
RewriteCond %{QUERY_STRING} ^route=common/home$
RewriteCond %{REQUEST_METHOD} !^POST$
RewriteRule ^index\.php$ http://%{HTTP_HOST}? [R=301,L]
RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=feed/google_base [L]
RewriteRule ^download/(.*) /index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]

what am I doing wrong?


Posts

Joined
Fri Jan 30, 2015 4:30 pm

Post by markjacks » Fri Feb 27, 2015 3:17 am

Hi Sprite, have you checked the thread below already?

http://forum.opencart.com/viewtopic.php?f=138&t=64685

User avatar

Posts

Joined
Sun Nov 30, 2014 1:48 pm