I've had a good search around Google on how to solve this problem, but so far come up empty...
I would like to (ideally) have the entire OpenCart installation run in SSL, however the best I can get is part of the page encrypted (not all) and that does not work in Firefox, the whole page is unencrypted.
We do have our own SSL installed, which worked fine with OSCommerce before.
Things I've tried:
- Turning on SSL in "Settings/Server/Use SSL".. this doesn't seem to do anything at all. No pages are encrypted if this is turned on.
- Changed config.php in the admin folder to have "https" in both HTTPS_SERVER and HTTPS_IMAGE.
- Added the following to the .htaccess file in the OpenCart root folder:
#Force https redirect
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(checkout|account|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=off
This partially works in Google Chrome (some parts of pages are using SSL, others are not), and does not seem to work at all with Firefox (reports that page is not encrypted).
Surely I'm missing something easy?
I would like to (ideally) have the entire OpenCart installation run in SSL, however the best I can get is part of the page encrypted (not all) and that does not work in Firefox, the whole page is unencrypted.
We do have our own SSL installed, which worked fine with OSCommerce before.
Things I've tried:
- Turning on SSL in "Settings/Server/Use SSL".. this doesn't seem to do anything at all. No pages are encrypted if this is turned on.
- Changed config.php in the admin folder to have "https" in both HTTPS_SERVER and HTTPS_IMAGE.
- Added the following to the .htaccess file in the OpenCart root folder:
#Force https redirect
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(checkout|account|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=off
This partially works in Google Chrome (some parts of pages are using SSL, others are not), and does not seem to work at all with Firefox (reports that page is not encrypted).
Surely I'm missing something easy?
SSL for OpenCart should be set as follows:
Turn on SSL in admin System Settings
Edit config.php and admin/config.php and enter SSl address in the HTTPS defines
Reset your htaccess to the default OC htaccess at least as a test to see if SSL is working.
Then it should work
--
I see no reason why the entire site should be run through SSL - It will slow down your site due to the encryption/decryption
There is no reason for product pages, category pages etc to be encrypted.
Turn on SSL in admin System Settings
Edit config.php and admin/config.php and enter SSl address in the HTTPS defines
Reset your htaccess to the default OC htaccess at least as a test to see if SSL is working.
Then it should work
--
I see no reason why the entire site should be run through SSL - It will slow down your site due to the encryption/decryption
There is no reason for product pages, category pages etc to be encrypted.
Here's a thread about checkout/account/admin:mruffin wrote:Things I've tried:
- Turning on SSL in "Settings/Server/Use SSL".. this doesn't seem to do anything at all. No pages are encrypted if this is turned on.
- Changed config.php in the admin folder to have "https" in both HTTPS_SERVER and HTTPS_IMAGE.
- Added the following to the .htaccess file in the OpenCart root folder:
#Force https redirect
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(checkout|account|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=off
This partially works in Google Chrome (some parts of pages are using SSL, others are not), and does not seem to work at all with Firefox (reports that page is not encrypted).
http://forum.opencart.com/viewtopic.php?f=20&t=36641
Thanks a lot guys, i was getting this problem to... SSL when activated on Admin just doesnt work..
What i did
Edit config.php on public_html and config.php from admin area as follows:
// HTTPS
define('HTTPS_SERVER', 'https://www.mydomain.com.br/');
define('HTTPS_IMAGE', 'https://www.mydomain.com.br/image/');
// HTTPS
define('HTTPS_SERVER', 'https://www.mydomain.com.br/bnw-admin/');
define('HTTPS_CATALOG', 'https://www.mydomain.com.br/');
define('HTTPS_IMAGE', 'https://www.mydomain.com.br/image/');
Then, add the this part to your .htaccess file
#Force https redirect
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(checkout|account|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=off
Just dont forget to buy and install the SSL before trying this heheheheh
Thanks a lot!
What i did
Edit config.php on public_html and config.php from admin area as follows:
// HTTPS
define('HTTPS_SERVER', 'https://www.mydomain.com.br/');
define('HTTPS_IMAGE', 'https://www.mydomain.com.br/image/');
// HTTPS
define('HTTPS_SERVER', 'https://www.mydomain.com.br/bnw-admin/');
define('HTTPS_CATALOG', 'https://www.mydomain.com.br/');
define('HTTPS_IMAGE', 'https://www.mydomain.com.br/image/');
Then, add the this part to your .htaccess file
#Force https redirect
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(checkout|account|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=off
Just dont forget to buy and install the SSL before trying this heheheheh
Thanks a lot!
Hi,
I'm hoping someone can help me put this SSL (which has been installed on the server) on the pages that count.
I've changed it in the config.php and the admin/config.php, and set the store settings to SSL. However, my site is slow enough and I don't want it to be any slower due to encryption (which a previous post in this thread mentioned).
I just want the SSL to be where users submit their information: account register and login.
1. If I only want a few pages under SSL - do I need to change the config.php files and the settings at all? Does this need to be done or is changing the .htaccess file enough?
2. Is this the proper code for .htacces then?
#Force https redirect
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(checkout|account|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=off
Thank you very much
I'm hoping someone can help me put this SSL (which has been installed on the server) on the pages that count.
I've changed it in the config.php and the admin/config.php, and set the store settings to SSL. However, my site is slow enough and I don't want it to be any slower due to encryption (which a previous post in this thread mentioned).
I just want the SSL to be where users submit their information: account register and login.
1. If I only want a few pages under SSL - do I need to change the config.php files and the settings at all? Does this need to be done or is changing the .htaccess file enough?
2. Is this the proper code for .htacces then?
#Force https redirect
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(checkout|account|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=off
Thank you very much
I have followed all this instructions (which make perfect sense to me) and yet still my checkout pages are not redirecting to https. There's no error message, the checkout page just gets shown as normal. Any ideas?
Web Developer ( & Firefighter)
Web Development, Web Content Management, Mobile Web Design, Android Apps
www.webdesign-plus.co.uk
I found the solution:
.htaccess file with this in
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
.htaccess file with this in
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Web Developer ( & Firefighter)
Web Development, Web Content Management, Mobile Web Design, Android Apps
www.webdesign-plus.co.uk
Hi, I have SSL installed and OC SSL use is On. But the site never switch to https. Just normal www.
// HTTPS (config.php)
define('HTTPS_SERVER', 'https://www.domain.com/store/');
define('HTTPS_IMAGE', 'https://www.domain.com/store/image/');
// HTTPS (admin/config.php)
define('HTTPS_SERVER', 'https://www.domain.com/store/admin/');
define('HTTPS_CATALOG', 'https://www.domain.com/store/');
define('HTTPS_IMAGE', 'https://www.domain.com/store/image/');
When I modify htaccess with Jez's solution (above), the the Add to Cart button stop functioning. No item is added to the shopping cart. I thus switched to the default htaccess but have no secured pages.
Can anyone update me with appropriate setup? I am on 1.5.4.1
// HTTPS (config.php)
define('HTTPS_SERVER', 'https://www.domain.com/store/');
define('HTTPS_IMAGE', 'https://www.domain.com/store/image/');
// HTTPS (admin/config.php)
define('HTTPS_SERVER', 'https://www.domain.com/store/admin/');
define('HTTPS_CATALOG', 'https://www.domain.com/store/');
define('HTTPS_IMAGE', 'https://www.domain.com/store/image/');
When I modify htaccess with Jez's solution (above), the the Add to Cart button stop functioning. No item is added to the shopping cart. I thus switched to the default htaccess but have no secured pages.
Can anyone update me with appropriate setup? I am on 1.5.4.1
Using v1.5.4.1
Try to click on the my account page to check is it secured? i reckon OC just use SSL for login and checkout page mainly but not the whole site..plus are you using sub domain?odi2000 wrote:Hi, I have SSL installed and OC SSL use is On. But the site never switch to https. Just normal www.
// HTTPS (config.php)
define('HTTPS_SERVER', 'https://www.domain.com/store/');
define('HTTPS_IMAGE', 'https://www.domain.com/store/image/');
// HTTPS (admin/config.php)
define('HTTPS_SERVER', 'https://www.domain.com/store/admin/');
define('HTTPS_CATALOG', 'https://www.domain.com/store/');
define('HTTPS_IMAGE', 'https://www.domain.com/store/image/');
When I modify htaccess with Jez's solution (above), the the Add to Cart button stop functioning. No item is added to the shopping cart. I thus switched to the default htaccess but have no secured pages.
Can anyone update me with appropriate setup? I am on 1.5.4.1
btw i am having SSL issue on my page as well, so gd luck.
Have you also selected 'Use SSL' in the admin?
Web Developer ( & Firefighter)
Web Development, Web Content Management, Mobile Web Design, Android Apps
www.webdesign-plus.co.uk
ver 1.5.4
1) Edit both config.php (root and admin) files, in //HTTPS section, add/verify 'https' to all URLs in section.
2) In Admin, System, Setting, Server; enabled SSL
-----------------
In shopping cart; 1)add any item to cart, 2)click to check-out. Website will go secure. Ta-da...
No need to edit .htaccess file.
1) Edit both config.php (root and admin) files, in //HTTPS section, add/verify 'https' to all URLs in section.
2) In Admin, System, Setting, Server; enabled SSL
-----------------
In shopping cart; 1)add any item to cart, 2)click to check-out. Website will go secure. Ta-da...
No need to edit .htaccess file.
When I have my SSL turned on, it works, but the image manager stops working.
Any ideas on this?
Version 1.5.2.2.r990
Any ideas on this?
Version 1.5.2.2.r990
SSL may have strange effects on javascript which is not specifically written to work in a secure environment. Worse, the requirements which need to be met there have changed quite a bit lately. Look at the PHP settings for the httponly and secure cookie flags....
David
David
Specializing in secure Hosting 4 OpenCart based eCommerce websites.
HELP! I'm stumped. Will gladly pay/donate to someone that can fix this..
-I have a valid certificate
-I have changed the SSL setting in admin->store
-I have changed the config.php settings in root and admin to reflect the HTTPS urls.
-I've even brought a clean install version of .htaccess
none of this causes any of my pages, checkout/cart/account to go secure
I've even tried adding:
#RewriteCond %{HTTPS} off
#RewriteCond %{QUERY_STRING} checkout|account
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
to my .htaccess file and it puts checkout into "partial" secure - with a warning saying not all links are secure..
AND causes ADD TO CART not to work - so took them out.
Put my cart url into http://whynopadlock.com and got the following.
ANY HELP APPRECIATED! Hate to be desperate!
Note:
I'm currently using just paypal standard so I know that the payment gets redirected to a paypal secure page but I am going to add paypal advanced with Qphorias checkout module. It adds a iframe in the page that processes through paypal but I still want my page to show "secured" so I don't scare off customers that don't know this.
-I have a valid certificate
-I have changed the SSL setting in admin->store
-I have changed the config.php settings in root and admin to reflect the HTTPS urls.
-I've even brought a clean install version of .htaccess
none of this causes any of my pages, checkout/cart/account to go secure
I've even tried adding:
#RewriteCond %{HTTPS} off
#RewriteCond %{QUERY_STRING} checkout|account
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
to my .htaccess file and it puts checkout into "partial" secure - with a warning saying not all links are secure..
AND causes ADD TO CART not to work - so took them out.
Put my cart url into http://whynopadlock.com and got the following.
ANY HELP APPRECIATED! Hate to be desperate!
Note:
I'm currently using just paypal standard so I know that the payment gets redirected to a paypal secure page but I am going to add paypal advanced with Qphorias checkout module. It adds a iframe in the page that processes through paypal but I still want my page to show "secured" so I don't scare off customers that don't know this.
Thanks for the reply derek. I don't think my IP is dedicated but I purchased the SSL through my host- I guess I'm just assuming they would have let me know that.
I have no idea where else to look for redirects..? Do you have suggestions?
I have no idea where else to look for redirects..? Do you have suggestions?
Hmmm.. another issue with Geotrust and Opencart SSl.. any resolution to this from anyone? Having a similar issue with Checkout.. just redirects back to cart adn does not go into SSL.. clicking on account does but only for that page.. clicking cart again will drop anything added onto cart while at that SSL page .. problem was intermittent now seems to be getting worse. Had to put the entire site into SSL until figured out.
There is no need to edit the .htaccess file at all.
Restore .htaccess to it's default if possible or remove any code you have added to it for SSL.
OpenCart should auto switch to SSL for the pages that should be secure (ie. Checkout/account etc)
As long as you have made the correct changes in your config.php and admin/config.php and have enabled SSL in your admin System -> Settings -> Server tab it should work.
Restore .htaccess to it's default if possible or remove any code you have added to it for SSL.
OpenCart should auto switch to SSL for the pages that should be secure (ie. Checkout/account etc)
As long as you have made the correct changes in your config.php and admin/config.php and have enabled SSL in your admin System -> Settings -> Server tab it should work.
Who is online
Users browsing this forum: No registered users and 280 guests