Post by mruffin » Wed Apr 04, 2012 10:38 pm

I've had a good search around Google on how to solve this problem, but so far come up empty...


I would like to (ideally) have the entire OpenCart installation run in SSL, however the best I can get is part of the page encrypted (not all) and that does not work in Firefox, the whole page is unencrypted.

We do have our own SSL installed, which worked fine with OSCommerce before.

Things I've tried:
- Turning on SSL in "Settings/Server/Use SSL".. this doesn't seem to do anything at all. No pages are encrypted if this is turned on.
- Changed config.php in the admin folder to have "https" in both HTTPS_SERVER and HTTPS_IMAGE.
- Added the following to the .htaccess file in the OpenCart root folder:

#Force https redirect
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(checkout|account|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=off

This partially works in Google Chrome (some parts of pages are using SSL, others are not), and does not seem to work at all with Firefox (reports that page is not encrypted).

Surely I'm missing something easy?

Newbie

Posts

Joined
Wed Apr 04, 2012 10:32 pm

Post by uksitebuilder » Wed Apr 04, 2012 10:51 pm

SSL for OpenCart should be set as follows:

Turn on SSL in admin System Settings
Edit config.php and admin/config.php and enter SSl address in the HTTPS defines

Reset your htaccess to the default OC htaccess at least as a test to see if SSL is working.

Then it should work

--

I see no reason why the entire site should be run through SSL - It will slow down your site due to the encryption/decryption

There is no reason for product pages, category pages etc to be encrypted.

ImageImageImageImageImage

For Friendly Professional Support - Click Here


User avatar
Guru Member

Posts

Joined
Thu Jun 09, 2011 11:37 pm
Location - United Kindgom

Post by mruffin » Wed Apr 04, 2012 10:56 pm

Thanks Simon, marvellous job.

I was missing the edits to the config.php file in the root directory (should've seen that, but it's currently 1am).

Thanks for the help!

Newbie

Posts

Joined
Wed Apr 04, 2012 10:32 pm

Post by scanreg » Mon May 14, 2012 3:32 am

mruffin wrote:Things I've tried:
- Turning on SSL in "Settings/Server/Use SSL".. this doesn't seem to do anything at all. No pages are encrypted if this is turned on.
- Changed config.php in the admin folder to have "https" in both HTTPS_SERVER and HTTPS_IMAGE.
- Added the following to the .htaccess file in the OpenCart root folder:

#Force https redirect
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(checkout|account|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=off

This partially works in Google Chrome (some parts of pages are using SSL, others are not), and does not seem to work at all with Firefox (reports that page is not encrypted).
Here's a thread about checkout/account/admin:

http://forum.opencart.com/viewtopic.php?f=20&t=36641

Active Member

Posts

Joined
Thu May 06, 2010 12:15 am

Post by luizeduardo » Fri Oct 26, 2012 8:50 pm

Thanks a lot guys, i was getting this problem to... SSL when activated on Admin just doesnt work..

What i did

Edit config.php on public_html and config.php from admin area as follows:

// HTTPS
define('HTTPS_SERVER', 'https://www.mydomain.com.br/');
define('HTTPS_IMAGE', 'https://www.mydomain.com.br/image/');


// HTTPS
define('HTTPS_SERVER', 'https://www.mydomain.com.br/bnw-admin/');
define('HTTPS_CATALOG', 'https://www.mydomain.com.br/');
define('HTTPS_IMAGE', 'https://www.mydomain.com.br/image/');

Then, add the this part to your .htaccess file

#Force https redirect
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(checkout|account|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=off


Just dont forget to buy and install the SSL before trying this heheheheh

Thanks a lot! :)

New member

Posts

Joined
Tue Jul 03, 2012 4:01 am

Post by jackie » Wed Nov 21, 2012 2:08 pm

Hi,
I'm hoping someone can help me put this SSL (which has been installed on the server) on the pages that count.

I've changed it in the config.php and the admin/config.php, and set the store settings to SSL. However, my site is slow enough and I don't want it to be any slower due to encryption (which a previous post in this thread mentioned).

I just want the SSL to be where users submit their information: account register and login.

1. If I only want a few pages under SSL - do I need to change the config.php files and the settings at all? Does this need to be done or is changing the .htaccess file enough?


2. Is this the proper code for .htacces then?

#Force https redirect
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(checkout|account|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=off

Thank you very much

New member

Posts

Joined
Thu Mar 01, 2012 11:26 pm

Post by Jez D » Wed Dec 05, 2012 6:12 pm

I have followed all this instructions (which make perfect sense to me) and yet still my checkout pages are not redirecting to https. There's no error message, the checkout page just gets shown as normal. Any ideas?

Web Developer ( & Firefighter)
Web Development, Web Content Management, Mobile Web Design, Android Apps

www.webdesign-plus.co.uk


New member

Posts

Joined
Mon Nov 14, 2011 5:20 pm
Location - United Kingdom

Post by Jez D » Wed Dec 05, 2012 6:48 pm

I found the solution:
.htaccess file with this in

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Web Developer ( & Firefighter)
Web Development, Web Content Management, Mobile Web Design, Android Apps

www.webdesign-plus.co.uk


New member

Posts

Joined
Mon Nov 14, 2011 5:20 pm
Location - United Kingdom

Post by odi2000 » Wed Jan 02, 2013 6:40 pm

Hi, I have SSL installed and OC SSL use is On. But the site never switch to https. Just normal www.


// HTTPS (config.php)
define('HTTPS_SERVER', 'https://www.domain.com/store/');
define('HTTPS_IMAGE', 'https://www.domain.com/store/image/');

// HTTPS (admin/config.php)
define('HTTPS_SERVER', 'https://www.domain.com/store/admin/');
define('HTTPS_CATALOG', 'https://www.domain.com/store/');
define('HTTPS_IMAGE', 'https://www.domain.com/store/image/');


When I modify htaccess with Jez's solution (above), the the Add to Cart button stop functioning. No item is added to the shopping cart. I thus switched to the default htaccess but have no secured pages.

Can anyone update me with appropriate setup? I am on 1.5.4.1

Using v1.5.4.1


New member

Posts

Joined
Sat Apr 09, 2011 2:13 pm

Post by kakataj » Fri Jan 04, 2013 7:47 pm

deleted, repost
Last edited by kakataj on Sun Jan 06, 2013 11:52 am, edited 1 time in total.

Newbie

Posts

Joined
Fri Jan 04, 2013 7:37 pm

Post by kakataj » Fri Jan 04, 2013 7:48 pm

odi2000 wrote:Hi, I have SSL installed and OC SSL use is On. But the site never switch to https. Just normal www.


// HTTPS (config.php)
define('HTTPS_SERVER', 'https://www.domain.com/store/');
define('HTTPS_IMAGE', 'https://www.domain.com/store/image/');

// HTTPS (admin/config.php)
define('HTTPS_SERVER', 'https://www.domain.com/store/admin/');
define('HTTPS_CATALOG', 'https://www.domain.com/store/');
define('HTTPS_IMAGE', 'https://www.domain.com/store/image/');


When I modify htaccess with Jez's solution (above), the the Add to Cart button stop functioning. No item is added to the shopping cart. I thus switched to the default htaccess but have no secured pages.

Can anyone update me with appropriate setup? I am on 1.5.4.1
Try to click on the my account page to check is it secured? i reckon OC just use SSL for login and checkout page mainly but not the whole site..plus are you using sub domain?
btw i am having SSL issue on my page as well, so gd luck.

Newbie

Posts

Joined
Fri Jan 04, 2013 7:37 pm

Post by Jez D » Fri Jan 11, 2013 9:14 pm

Have you also selected 'Use SSL' in the admin?

Web Developer ( & Firefighter)
Web Development, Web Content Management, Mobile Web Design, Android Apps

www.webdesign-plus.co.uk


New member

Posts

Joined
Mon Nov 14, 2011 5:20 pm
Location - United Kingdom

Post by rbuckthal » Thu Jan 17, 2013 6:41 am

ver 1.5.4

1) Edit both config.php (root and admin) files, in //HTTPS section, add/verify 'https' to all URLs in section.
2) In Admin, System, Setting, Server; enabled SSL
-----------------
In shopping cart; 1)add any item to cart, 2)click to check-out. Website will go secure. Ta-da...

No need to edit .htaccess file.

Newbie

Posts

Joined
Tue Dec 09, 2008 2:38 am

Post by KensGiftShop » Thu Jan 17, 2013 11:02 am

When I have my SSL turned on, it works, but the image manager stops working.
Any ideas on this?
Version 1.5.2.2.r990

New member

Posts

Joined
Fri Dec 14, 2012 3:15 am

Post by Nimitz1061 » Thu Jan 17, 2013 11:18 pm

SSL may have strange effects on javascript which is not specifically written to work in a secure environment. Worse, the requirements which need to be met there have changed quite a bit lately. Look at the PHP settings for the httponly and secure cookie flags....

David

Specializing in secure Hosting 4 OpenCart based eCommerce websites.


New member

Posts

Joined
Sat Mar 24, 2012 7:49 pm
Location - United States

Post by desertdogdecals » Mon Feb 18, 2013 4:42 am

HELP! I'm stumped. Will gladly pay/donate to someone that can fix this..

-I have a valid certificate
-I have changed the SSL setting in admin->store
-I have changed the config.php settings in root and admin to reflect the HTTPS urls.
-I've even brought a clean install version of .htaccess

none of this causes any of my pages, checkout/cart/account to go secure

I've even tried adding:
#RewriteCond %{HTTPS} off
#RewriteCond %{QUERY_STRING} checkout|account
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
to my .htaccess file and it puts checkout into "partial" secure - with a warning saying not all links are secure..
AND causes ADD TO CART not to work - so took them out.

Put my cart url into http://whynopadlock.com and got the following.
no_padlock.jpg

no_padlock.jpg (49.54 KiB) Viewed 24073 times

ANY HELP APPRECIATED! Hate to be desperate!
Note:
I'm currently using just paypal standard so I know that the payment gets redirected to a paypal secure page but I am going to add paypal advanced with Qphorias checkout module. It adds a iframe in the page that processes through paypal but I still want my page to show "secured" so I don't scare off customers that don't know this.

http://www.desertdogdecals.com


New member

Posts

Joined
Sat Oct 24, 2009 4:11 am


Post by derek412 » Mon Feb 18, 2013 4:46 am

Most hosts require a dedicated IP on your hosting account for SSL to fully work, do you have this as well?

Also, it appears the https is being redirected for some reason, do you have any redirects set up anywhere?

Newbie

Posts

Joined
Sat Feb 02, 2013 11:21 pm

Post by desertdogdecals » Mon Feb 18, 2013 5:14 am

Thanks for the reply derek. I don't think my IP is dedicated but I purchased the SSL through my host- I guess I'm just assuming they would have let me know that.

I have no idea where else to look for redirects..? Do you have suggestions?

http://www.desertdogdecals.com


New member

Posts

Joined
Sat Oct 24, 2009 4:11 am


Post by sdynak » Fri Mar 01, 2013 6:07 am

Hmmm.. another issue with Geotrust and Opencart SSl.. any resolution to this from anyone? Having a similar issue with Checkout.. just redirects back to cart adn does not go into SSL.. clicking on account does but only for that page.. clicking cart again will drop anything added onto cart while at that SSL page .. problem was intermittent now seems to be getting worse. Had to put the entire site into SSL until figured out.

New member

Posts

Joined
Wed Jan 02, 2013 8:52 am
Location - Bayville, New Jersey

Post by uksitebuilder » Sat Mar 02, 2013 9:50 pm

There is no need to edit the .htaccess file at all.

Restore .htaccess to it's default if possible or remove any code you have added to it for SSL.

OpenCart should auto switch to SSL for the pages that should be secure (ie. Checkout/account etc)

As long as you have made the correct changes in your config.php and admin/config.php and have enabled SSL in your admin System -> Settings -> Server tab it should work.

ImageImageImageImageImage

For Friendly Professional Support - Click Here


User avatar
Guru Member

Posts

Joined
Thu Jun 09, 2011 11:37 pm
Location - United Kindgom
Who is online

Users browsing this forum: No registered users and 53 guests