Post by The Alchemist » Wed Dec 14, 2011 3:08 am

I have a certificate for Https:// on my server

however all the pages are still displaying as http off google.

User avatar
Active Member

Posts

Joined
Sun Nov 22, 2009 11:04 am

Post by uksitebuilder » Wed Dec 14, 2011 4:40 am

OpenCart is set-up to use the https address on sensitive pages such as login, my account and checkout

All other pages still use the standard http address. After all, you aren't running a banking site ;-)

Also, due to the nature of SSL, pages that are run through it will load slower than on SSL pages.

To use SSL in OpenCart 1.5.x

Turn on SSL in admin System - Settings - Server tab

Edit your config.php and admin/config.php files and change the HTTPS defines to read your https address.

You should then be good to go.

ImageImageImageImageImage

For Friendly Professional Support - Click Here


User avatar
Guru Member

Posts

Joined
Thu Jun 09, 2011 11:37 pm
Location - United Kindgom

Post by victorj » Wed Dec 14, 2011 5:08 am

For some sites customers findt it a nice idea to surf protected, it also gives a safe feeling to a website that it is displaying the padlock.
I invested in a servercertificates on multiple stores and turnover went up inmediatly on all "affected" stores, out of cost within less than a week so using ssl throughout the entire sites defenitly pays off

If you want your entire site under SSL as i do as wel you will have to add teh following lines to your htaccess

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomein.com/$1 [R=301,L]

it will force your site to run under https

It took me quiet some time to take out all the non https sent items but i succeeded.
If you run in problems you can check your site at

http://www.whynopadlock.com/

it will tell you where the faults are so you can adress them more easily

suc6 Victor

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Eigen productie en snelle levering.
https://123-deurrubbers.com


User avatar
Expert Member
Online

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by The Alchemist » Wed Dec 14, 2011 5:19 pm

uksitebuilder wrote:OpenCart is set-up to use the https address on sensitive pages such as login, my account and checkout

All other pages still use the standard http address. After all, you aren't running a banking site ;-)

Also, due to the nature of SSL, pages that are run through it will load slower than on SSL pages.

To use SSL in OpenCart 1.5.x

Turn on SSL in admin System - Settings - Server tab

Edit your config.php and admin/config.php files and change the HTTPS defines to read your https address.

You should then be good to go.
My site I have is 1.4.8
This is the .config file minus all the passwords

Code: Select all

<?php
// created 2010.08.05 14:44:42
// DIR
define( 'DIR_APPLICATION', '/home/content/a/x/i/axidworks/html/catalog/' );
define( 'DIR_SYSTEM', '/home/content/a/x/i/axidworks/html/system/' );
define( 'DIR_DATABASE', '/home/content/a/x/i/axidworks/html/system/database/' );
define( 'DIR_LANGUAGE', '/home/content/a/x/i/axidworks/html/catalog/language/' );
define( 'DIR_TEMPLATE', '/home/content/a/x/i/axidworks/html/catalog/view/theme/' );
define( 'DIR_CONFIG', '/home/content/a/x/i/axidworks/html/system/config/' );
define( 'DIR_IMAGE', '/home/content/a/x/i/axidworks/html/image/' );
define( 'DIR_CACHE', '/home/content/a/x/i/axidworks/html/system/cache/' );
define( 'DIR_DOWNLOAD', '/home/content/a/x/i/axidworks/html/download/' );
define( 'DIR_LOGS', '/home/content/a/x/i/axidworks/html/system/logs/' );
This is the admin .config

Code: Select all

<?php
// created 2010.08.05 14:44:42

// HTTP
define( 'HTTP_SERVER', 'http://localhost/shops/_customer/axidworks/admin/' );
define( 'HTTP_CATALOG', 'http://localhost/shops/_customer/axidworks/' );
define( 'HTTP_IMAGE', 'http://localhost/shops/_customer/axidworks/image/' );

// HTTPS
define( 'HTTPS_SERVER', 'http://localhost/shops/_customer/axidworks/admin/' );
define( 'HTTPS_IMAGE', 'http://localhost/shops/_customer/axidworks/image/' );

// DIR
define( 'DIR_APPLICATION', 'D:\server\xampp\htdocs\shops\_customer\axidworks\admin\\' );
define( 'DIR_SYSTEM', 'D:\server\xampp\htdocs\shops\_customer\axidworks\system\\' );
define( 'DIR_DATABASE', 'D:\server\xampp\htdocs\shops\_customer\axidworks\system\database\\' );
define( 'DIR_LANGUAGE', 'D:\server\xampp\htdocs\shops\_customer\axidworks\admin\language\\' );
define( 'DIR_TEMPLATE', 'D:\server\xampp\htdocs\shops\_customer\axidworks\admin\view\template\\' );
define( 'DIR_CONFIG', 'D:\server\xampp\htdocs\shops\_customer\axidworks\system\config\\' );
define( 'DIR_IMAGE', 'D:\server\xampp\htdocs\shops\_customer\axidworks\image\\' );
define( 'DIR_CACHE', 'D:\server\xampp\htdocs\shops\_customer\axidworks\system\cache\\' );
define( 'DIR_DOWNLOAD', 'D:\server\xampp\htdocs\shops\_customer\axidworks\download\\' );
define( 'DIR_LOGS', 'D:\server\xampp\htdocs\shops\_customer\axidworks\system\logs\\' );
define( 'DIR_CATALOG', 'D:\server\xampp\htdocs\shops\_customer\axidworks\catalog\\' );
I have tried before to play with this files to enable the https before but got caught up in errors. But my site does go to https mode when checking out in the shopping cart.

I do Suppose that I would like to run the whole site in https just as a piece of mind for the customers.
victorj wrote:For some sites customers findt it a nice idea to surf protected, it also gives a safe feeling to a website that it is displaying the padlock.
I invested in a servercertificates on multiple stores and turnover went up inmediatly on all "affected" stores, out of cost within less than a week so using ssl throughout the entire sites defenitly pays off

If you want your entire site under SSL as i do as wel you will have to add teh following lines to your htaccess

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomein.com/$1 [R=301,L]

it will force your site to run under https

It took me quiet some time to take out all the non https sent items but i succeeded.
If you run in problems you can check your site at

http://www.whynopadlock.com/

it will tell you where the faults are so you can adress them more easily

suc6 Victor
I liked this very much. It worked right away. But when I tried to log into my admin section, it would force it to run through the https and I would get a not protected sign on my web bar, and it also would not let me log into the admin section. Also I was not able to add in any products into my shopping cart as well.

User avatar
Active Member

Posts

Joined
Sun Nov 22, 2009 11:04 am

Post by Xsecrets » Wed Dec 14, 2011 9:05 pm

I never understood the force the whole site to https thing. People act like it's something customers expect, but try to browse amazon or newegg with https, you can't, so I wouldn't say it's something customers are expecting.

OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter


Guru Member

Posts

Joined
Sun Oct 25, 2009 3:51 am
Location - FL US

Post by victorj » Thu Dec 15, 2011 3:50 am

Xsecrets wrote:I never understood the force the whole site to https thing. People act like it's something customers expect, but try to browse amazon or newegg with https, you can't, so I wouldn't say it's something customers are expecting.
It probaly has to do where in the world you do your businiss.
I live in Holland and online shopping is relative new here compared to the states.
Also there is a lot going on to the general publit abour secure shopping, can shops be trusted and so on.
So over here investing in a shop witch runs entirely under SSL is a good investment since the great public immediatly sees that your shop is protected.
As I stated the cost to give the shops SSL including investment in dedi server, ipadresses and certificates payed back within 1 week.
So over here it certainly does the trick, mind you in about 1 to 1.5 years from now it will be law to run the part where client log in or create a acoount has to be protected.

regards Victor

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Eigen productie en snelle levering.
https://123-deurrubbers.com


User avatar
Expert Member
Online

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by victorj » Thu Dec 15, 2011 3:56 am

[quote=]I liked this very much. It worked right away. But when I tried to log into my admin section, it would force it to run through the https and I would get a not protected sign on my web bar, and it also would not let me log into the admin section. Also I was not able to add in any products into my shopping cart as well.[/quote]

Put a new htaccess in your admin
just use these lines

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ http://www.yourdomein.com/$1 [R=301,L]

If you get errors there are non ssl parts parsed most likely the grafics so checking the source of the page will reveal witch parts are not sent throug ssl.
Running external stats programs are interfering use the link provided it gives very usefull information where the misstakes are

make sure that in the admin of your shop config you set up the right url to your site.

victor

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Eigen productie en snelle levering.
https://123-deurrubbers.com


User avatar
Expert Member
Online

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by The Alchemist » Fri Dec 16, 2011 2:06 am

victorj wrote: Put a new htaccess in your admin
just use these lines

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ http://www.yourdomein.com/$1 [R=301,L]

If you get errors there are non ssl parts parsed most likely the grafics so checking the source of the page will reveal witch parts are not sent throug ssl.
Running external stats programs are interfering use the link provided it gives very usefull information where the misstakes are

make sure that in the admin of your shop config you set up the right url to your site.

victor
Okay well I uploaded it again and to the admin section. The admin Section worked fine now. I used that URL on the home page and got rid of all the errors. Now the product pages are still the same. I will try and run that on product pages themselves and see what errors I get.

User avatar
Active Member

Posts

Joined
Sun Nov 22, 2009 11:04 am

Post by rgoerg » Fri Dec 16, 2011 9:00 pm

I just wanted to let you know that this thread has really helped me to configure my OpenCart site quickly.

A big Thank You to victorj and The Alchemist!

Newbie

Posts

Joined
Fri Dec 16, 2011 8:49 pm

Post by weddingcoo » Fri Dec 16, 2011 10:21 pm

thanks for the code~~ :)

User avatar
Newbie

Posts

Joined
Fri Dec 16, 2011 10:13 pm
Location - California

Post by peakto » Mon Jan 09, 2012 6:59 am

Hi Everyone!

I need a little help!

I'd like my whole OpenCart shop to be SSL protected, but here is a little problem.

I using OpenCart 1.4.9.6. and SEO enabled.

I put this code the the .htaccess file:

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

It works fine, I got all pages https secured, BUT... it messing to the SEO URL-s :-(

Like:

SEO URL before the forced SSL:
http://www.mywebshop.com/goodstuff.html

and after forcing the SSL by the code:
https://www.mywebshop.com/index.php?_route_=goodstuff.html

Is anybody knows, how to fix this problem?

Thank You very much!

Newbie

Posts

Joined
Mon Jan 09, 2012 6:37 am

Post by amit_sr » Wed May 30, 2012 3:06 pm

hi,
i am using opencart for last one year and it has been very great experience,
I want to ask a few questions to the Experienced users and developers:
> my site https://coolbeanbags.co.in is there now for almost 6/7 months. Now the situation is that earlier i was using HTTP:// protocol and the website was on 1st page of google India of certain Key-Words.

>Now we have installed a SSL certificate {COMODO- Positive SSL} and turned my whole site on HTTPS:// protocol.

>I have redirected whole website from HTTP to HTTPS protocol. everything is working fine. below are the changes i made:
1> in .htaccess file

Code: Select all

RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=feed/google_base [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^coolbeanbags\.co\.in$ [OR]
RewriteCond %{HTTP_HOST} ^www\.coolbeanbags\.co\.in$
RewriteRule ^(.*) https\:\/\/coolbeanbags\.co\.in\/$1 [R=301,L]
2> In /config.php

Code: Select all

<?php
// HTTP
define('HTTP_SERVER', 'https://www.coolbeanbags.co.in/');
define('HTTP_IMAGE', 'https://www.coolbeanbags.co.in/image/');
define('HTTP_ADMIN', 'https://www.coolbeanbags.co.in/admin/');

// HTTPS
define('HTTPS_SERVER', 'https://www.coolbeanbags.co.in/');
define('HTTPS_IMAGE', 'https://www.coolbeanbags.co.in/image/');
3> In /admin/config.php

Code: Select all

<?php
// HTTP
define('HTTP_SERVER', 'https://www.coolbeanbags.co.in/admin/');
define('HTTP_CATALOG', 'https://www.coolbeanbags.co.in/');
define('HTTP_IMAGE', 'https://www.coolbeanbags.co.in/image/');

// HTTPS
define('HTTPS_SERVER', 'https://www.coolbeanbags.co.in/admin/');
define('HTTPS_IMAGE', 'https://www.coolbeanbags.co.in/image/');
> its been more than 2 weeks since i am using these settings, Now my site still on page 1 on google india, but indexed as HTTPS, as https://coolbeanbags.co.in

> and today when i saw my WebMaster tools account for backlinks to my site, most of my links hav vanished....from 800 to 250+.....

> i want to know why this happened and what should be the right thing to do from all aspects including SEO.

Thanks

Cool Bean Bags India
Bean Bags Online


Newbie

Posts

Joined
Tue May 29, 2012 12:56 am
Location - Pune

Post by Qphoria » Wed May 30, 2012 9:38 pm

why would you convert your whole site into https tho? Only the sensitive pages are meant to be https and that is done automatically. No htaccess change needed.

Image
Donate!|OpenCart Basics|GeoZones
Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by victorj » Wed May 30, 2012 10:00 pm

Qphoria wrote:why would you convert your whole site into https tho? Only the sensitive pages are meant to be https and that is done automatically. No htaccess change needed.
I live in Holland and the governement has done some big campains to make everyone aware of internet fraude.
They explicitly informed bij big television campains that shopping should be done safely and preferebaly in shops that usses SSL protection.
Bij forcing your site to run SSL the customer inmediately sees the padlock so it gives confidence.
In my casr it increased sales with 30% so it was a good investment.

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Eigen productie en snelle levering.
https://123-deurrubbers.com


User avatar
Expert Member
Online

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by amit_sr » Thu May 31, 2012 10:29 pm

Well frankly speaking i was interested in keeping only my home page and other important page under HTTPS, but was not able to do so......so i found it easier to convert whole site to HTTPS.....just to make my customers aware that this site is protected....

> My question to the GURU is ...Except for the speed part of website is there any other disadvantage of using whole site HTTPS...........i think my host is good enough and the confidence of the visitor will be boosted....

> From SEO point of view i want my site to be indexed as http... How to do that

Thanks

Cool Bean Bags India
Bean Bags Online


Newbie

Posts

Joined
Tue May 29, 2012 12:56 am
Location - Pune

Post by appsfinder » Wed Dec 24, 2014 7:02 pm

thanks this helped me move from http to https on godaddy server :D

:) open cart 2.3.0.2


New member

Posts

Joined
Fri Feb 08, 2013 4:12 am

Post by lipstick villian » Sat Jan 03, 2015 10:49 am

Re the :why would you want/convert entire site to https?"
Too many fake websites, too many scams, too many hackers...A protected site gives people more assurance you are not dodgy.
Facebook is https and they dont even sell anything lol...well they do, but you know what I mean.
I guess as mentioned already it does depend on which country you live in. I also live in a small country and people are very security conscious due to buying off overseas sites and getting scammed so often, or not receiving their products.
I struggled for 6 months to get any sales on my website...Ive had SSL for a matter of days, my entire site is https including my admin....the way my business is regarded has pretty much instantly changed, for the better.


Posts

Joined
Sat Jan 03, 2015 7:30 am

Post by jdiai » Sun Nov 26, 2017 8:56 pm

victorj wrote:
Wed Dec 14, 2011 5:08 am
For some sites customers findt it a nice idea to surf protected, it also gives a safe feeling to a website that it is displaying the padlock.
I invested in a servercertificates on multiple stores and turnover went up inmediatly on all "affected" stores, out of cost within less than a week so using ssl throughout the entire sites defenitly pays off

If you want your entire site under SSL as i do as wel you will have to add teh following lines to your htaccess

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomein.com/$1 [R=301,L]

it will force your site to run under https

It took me quiet some time to take out all the non https sent items but i succeeded.
If you run in problems you can check your site at

http://www.whynopadlock.com/

it will tell you where the faults are so you can adress them more easily

suc6 Victor
This worked so well for me!!!!! All links on my opencart 1.5.6 url store even my admin page is on https now. i actually did the standard setting for config and admin config files but didnt show the ssl green padlock. but after this setting everything is green lol i am so greatful
. thank you so much for sharing

Newbie

Posts

Joined
Tue Nov 12, 2013 11:30 pm

Post by MrPhil » Tue Dec 12, 2017 1:44 am

Most sites also want to force (or remove) "www." in the domain name, so it's a good idea to combine that with forcing https in one redirect, rather than two separate redirects:

Code: Select all

RewriteEngine On
RewriteCond  %{HTTPS}  !on  [OR]
RewriteCond  %{HTTP_HOST}  !^www\.  [NC]
RewriteRule  ^(.*)$  https://www.mydomain.com/$1  [R=301,L]
It can be modified to force https off (only if you have no SSL pages), or force no www. It may even be possible to do a third redirect if you want, by adding another OR clause. Note that you should use a hard-coded domain name, rather than %{HTTP_HOST}, in the rewrite rule, because you want to force the www. version, and HTTP_HOST contains whatever was typed into the browser! Also, put all your 30x redirects up top, to only show URL changes that you want a user or search engine to see (and remember). Internal rewrites (such as for SEO implementation) should not be sent back to the browser or search engine, so make sure you don't put any 30x redirects after internal rewrites!

Search engines will ding you (penalize you) for having multiple round trips due to 30x redirects, so it's best to reduce them to just one round trip. With careful .htaccess coding, you can often do this with multiple redirects:

Code: Select all

RewriteEngine On
RewriteCond  %{HTTPS}  !on
RewriteRule  ^(.*)$  https://www.mydomain.com/$1  [R=301,L]
# if the URL came in http://mydomain.com, we're done because we already changed the host to www
# and the following rule will NOT be triggered
RewriteCond  %{HTTP_HOST}  !^www\.  [NC]
RewriteRule  ^(.*)$  https://www.%{HTTP_HOST}/$1  [R=301,L]
# if the URL came in https://mydomain.com, this one would have triggered INSTEAD
but it's usually easier just to do it in one go.

User avatar
Active Member

Posts

Joined
Wed May 10, 2017 11:52 pm

Post by personalisedparty » Thu Dec 28, 2017 10:40 am

Hi, I have a certificate for Https:// on my server however all the pages are still displaying as http only when logged into admin panel it is displayed https://
I added code to .httaccess as below but it is not work. Please help.

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://www.balloonprint.ie/$1 [R=301,L]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]


Posts

Joined
Wed Dec 20, 2017 4:49 am
Who is online

Users browsing this forum: No registered users and 46 guests