Page 1 of 2
How to enable Https instead of http
Posted: Wed Dec 14, 2011 3:08 am
by The Alchemist
I have a certificate for Https:// on my server
however all the pages are still displaying as http off google.
Re: How to enable Https instead of http
Posted: Wed Dec 14, 2011 4:40 am
by uksitebuilder
OpenCart is set-up to use the https address on sensitive pages such as login, my account and checkout
All other pages still use the standard http address. After all, you aren't running a banking site ;-)
Also, due to the nature of SSL, pages that are run through it will load slower than on SSL pages.
To use SSL in OpenCart 1.5.x
Turn on SSL in admin System - Settings - Server tab
Edit your config.php and admin/config.php files and change the HTTPS defines to read your https address.
You should then be good to go.
Re: How to enable Https instead of http
Posted: Wed Dec 14, 2011 5:08 am
by victorj
For some sites customers findt it a nice idea to surf protected, it also gives a safe feeling to a website that it is displaying the padlock.
I invested in a servercertificates on multiple stores and turnover went up inmediatly on all "affected" stores, out of cost within less than a week so using ssl throughout the entire sites defenitly pays off
If you want your entire site under SSL as i do as wel you will have to add teh following lines to your htaccess
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$
https://www.yourdomein.com/$1 [R=301,L]
it will force your site to run under https
It took me quiet some time to take out all the non https sent items but i succeeded.
If you run in problems you can check your site at
http://www.whynopadlock.com/
it will tell you where the faults are so you can adress them more easily
suc6 Victor
Re: How to enable Https instead of http
Posted: Wed Dec 14, 2011 5:19 pm
by The Alchemist
uksitebuilder wrote:OpenCart is set-up to use the https address on sensitive pages such as login, my account and checkout
All other pages still use the standard http address. After all, you aren't running a banking site ;-)
Also, due to the nature of SSL, pages that are run through it will load slower than on SSL pages.
To use SSL in OpenCart 1.5.x
Turn on SSL in admin System - Settings - Server tab
Edit your config.php and admin/config.php files and change the HTTPS defines to read your https address.
You should then be good to go.
My site I have is 1.4.8
This is the .config file minus all the passwords
Code: Select all
<?php
// created 2010.08.05 14:44:42
// DIR
define( 'DIR_APPLICATION', '/home/content/a/x/i/axidworks/html/catalog/' );
define( 'DIR_SYSTEM', '/home/content/a/x/i/axidworks/html/system/' );
define( 'DIR_DATABASE', '/home/content/a/x/i/axidworks/html/system/database/' );
define( 'DIR_LANGUAGE', '/home/content/a/x/i/axidworks/html/catalog/language/' );
define( 'DIR_TEMPLATE', '/home/content/a/x/i/axidworks/html/catalog/view/theme/' );
define( 'DIR_CONFIG', '/home/content/a/x/i/axidworks/html/system/config/' );
define( 'DIR_IMAGE', '/home/content/a/x/i/axidworks/html/image/' );
define( 'DIR_CACHE', '/home/content/a/x/i/axidworks/html/system/cache/' );
define( 'DIR_DOWNLOAD', '/home/content/a/x/i/axidworks/html/download/' );
define( 'DIR_LOGS', '/home/content/a/x/i/axidworks/html/system/logs/' );
This is the admin .config
Code: Select all
<?php
// created 2010.08.05 14:44:42
// HTTP
define( 'HTTP_SERVER', 'http://localhost/shops/_customer/axidworks/admin/' );
define( 'HTTP_CATALOG', 'http://localhost/shops/_customer/axidworks/' );
define( 'HTTP_IMAGE', 'http://localhost/shops/_customer/axidworks/image/' );
// HTTPS
define( 'HTTPS_SERVER', 'http://localhost/shops/_customer/axidworks/admin/' );
define( 'HTTPS_IMAGE', 'http://localhost/shops/_customer/axidworks/image/' );
// DIR
define( 'DIR_APPLICATION', 'D:\server\xampp\htdocs\shops\_customer\axidworks\admin\\' );
define( 'DIR_SYSTEM', 'D:\server\xampp\htdocs\shops\_customer\axidworks\system\\' );
define( 'DIR_DATABASE', 'D:\server\xampp\htdocs\shops\_customer\axidworks\system\database\\' );
define( 'DIR_LANGUAGE', 'D:\server\xampp\htdocs\shops\_customer\axidworks\admin\language\\' );
define( 'DIR_TEMPLATE', 'D:\server\xampp\htdocs\shops\_customer\axidworks\admin\view\template\\' );
define( 'DIR_CONFIG', 'D:\server\xampp\htdocs\shops\_customer\axidworks\system\config\\' );
define( 'DIR_IMAGE', 'D:\server\xampp\htdocs\shops\_customer\axidworks\image\\' );
define( 'DIR_CACHE', 'D:\server\xampp\htdocs\shops\_customer\axidworks\system\cache\\' );
define( 'DIR_DOWNLOAD', 'D:\server\xampp\htdocs\shops\_customer\axidworks\download\\' );
define( 'DIR_LOGS', 'D:\server\xampp\htdocs\shops\_customer\axidworks\system\logs\\' );
define( 'DIR_CATALOG', 'D:\server\xampp\htdocs\shops\_customer\axidworks\catalog\\' );
I have tried before to play with this files to enable the https before but got caught up in errors. But my site does go to https mode when checking out in the shopping cart.
I do Suppose that I would like to run the whole site in https just as a piece of mind for the customers.
victorj wrote:For some sites customers findt it a nice idea to surf protected, it also gives a safe feeling to a website that it is displaying the padlock.
I invested in a servercertificates on multiple stores and turnover went up inmediatly on all "affected" stores, out of cost within less than a week so using ssl throughout the entire sites defenitly pays off
If you want your entire site under SSL as i do as wel you will have to add teh following lines to your htaccess
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$
https://www.yourdomein.com/$1 [R=301,L]
it will force your site to run under https
It took me quiet some time to take out all the non https sent items but i succeeded.
If you run in problems you can check your site at
http://www.whynopadlock.com/
it will tell you where the faults are so you can adress them more easily
suc6 Victor
I liked this very much. It worked right away. But when I tried to log into my admin section, it would force it to run through the https and I would get a not protected sign on my web bar, and it also would not let me log into the admin section. Also I was not able to add in any products into my shopping cart as well.
Re: How to enable Https instead of http
Posted: Wed Dec 14, 2011 9:05 pm
by Xsecrets
I never understood the force the whole site to https thing. People act like it's something customers expect, but try to browse amazon or newegg with https, you can't, so I wouldn't say it's something customers are expecting.
Re: How to enable Https instead of http
Posted: Thu Dec 15, 2011 3:50 am
by victorj
Xsecrets wrote:I never understood the force the whole site to https thing. People act like it's something customers expect, but try to browse amazon or newegg with https, you can't, so I wouldn't say it's something customers are expecting.
It probaly has to do where in the world you do your businiss.
I live in Holland and online shopping is relative new here compared to the states.
Also there is a lot going on to the general publit abour secure shopping, can shops be trusted and so on.
So over here investing in a shop witch runs entirely under SSL is a good investment since the great public immediatly sees that your shop is protected.
As I stated the cost to give the shops SSL including investment in dedi server, ipadresses and certificates payed back within 1 week.
So over here it certainly does the trick, mind you in about 1 to 1.5 years from now it will be law to run the part where client log in or create a acoount has to be protected.
regards Victor
Re: How to enable Https instead of http
Posted: Thu Dec 15, 2011 3:56 am
by victorj
[quote=]I liked this very much. It worked right away. But when I tried to log into my admin section, it would force it to run through the https and I would get a not protected sign on my web bar, and it also would not let me log into the admin section. Also I was not able to add in any products into my shopping cart as well.[/quote]
Put a new htaccess in your admin
just use these lines
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$
http://www.yourdomein.com/$1 [R=301,L]
If you get errors there are non ssl parts parsed most likely the grafics so checking the source of the page will reveal witch parts are not sent throug ssl.
Running external stats programs are interfering use the link provided it gives very usefull information where the misstakes are
make sure that in the admin of your shop config you set up the right url to your site.
victor
Re: How to enable Https instead of http
Posted: Fri Dec 16, 2011 2:06 am
by The Alchemist
victorj wrote:
Put a new htaccess in your admin
just use these lines
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$
http://www.yourdomein.com/$1 [R=301,L]
If you get errors there are non ssl parts parsed most likely the grafics so checking the source of the page will reveal witch parts are not sent throug ssl.
Running external stats programs are interfering use the link provided it gives very usefull information where the misstakes are
make sure that in the admin of your shop config you set up the right url to your site.
victor
Okay well I uploaded it again and to the admin section. The admin Section worked fine now. I used that URL on the home page and got rid of all the errors. Now the product pages are still the same. I will try and run that on product pages themselves and see what errors I get.
Re: How to enable Https instead of http
Posted: Fri Dec 16, 2011 9:00 pm
by rgoerg
I just wanted to let you know that this thread has really helped me to configure my OpenCart site quickly.
A big Thank You to victorj and The Alchemist!
Re: How to enable Https instead of http
Posted: Fri Dec 16, 2011 10:21 pm
by weddingcoo
thanks for the code~~
Re: How to enable Https instead of http
Posted: Mon Jan 09, 2012 6:59 am
by peakto
Hi Everyone!
I need a little help!
I'd like my whole OpenCart shop to be SSL protected, but here is a little problem.
I using OpenCart 1.4.9.6. and
SEO enabled.
I put this code the the .htaccess file:
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
It works fine, I got all pages https secured, BUT... it messing to the SEO URL-s :-(
Like:
SEO URL before the forced SSL:
http://www.mywebshop.com/goodstuff.html
and after forcing the SSL by the code:
https://www.mywebshop.com/
index.php?_route_=goodstuff.html
Is anybody knows, how to fix this problem?
Thank You very much!
Re: How to enable Https instead of http
Posted: Wed May 30, 2012 3:06 pm
by amit_sr
hi,
i am using opencart for last one year and it has been very great experience,
I want to ask a few questions to the Experienced users and developers:
> my site
https://coolbeanbags.co.in is there now for almost 6/7 months. Now the situation is that earlier i was using HTTP:// protocol and the website was on 1st page of google India of certain Key-Words.
>Now we have installed a SSL certificate {COMODO- Positive SSL} and turned my whole site on HTTPS:// protocol.
>I have redirected whole website from HTTP to HTTPS protocol. everything is working fine. below are the changes i made:
1> in .htaccess file
Code: Select all
RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=feed/google_base [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^coolbeanbags\.co\.in$ [OR]
RewriteCond %{HTTP_HOST} ^www\.coolbeanbags\.co\.in$
RewriteRule ^(.*) https\:\/\/coolbeanbags\.co\.in\/$1 [R=301,L]
2> In
/config.php
Code: Select all
<?php
// HTTP
define('HTTP_SERVER', 'https://www.coolbeanbags.co.in/');
define('HTTP_IMAGE', 'https://www.coolbeanbags.co.in/image/');
define('HTTP_ADMIN', 'https://www.coolbeanbags.co.in/admin/');
// HTTPS
define('HTTPS_SERVER', 'https://www.coolbeanbags.co.in/');
define('HTTPS_IMAGE', 'https://www.coolbeanbags.co.in/image/');
3> In
/admin/config.php
Code: Select all
<?php
// HTTP
define('HTTP_SERVER', 'https://www.coolbeanbags.co.in/admin/');
define('HTTP_CATALOG', 'https://www.coolbeanbags.co.in/');
define('HTTP_IMAGE', 'https://www.coolbeanbags.co.in/image/');
// HTTPS
define('HTTPS_SERVER', 'https://www.coolbeanbags.co.in/admin/');
define('HTTPS_IMAGE', 'https://www.coolbeanbags.co.in/image/');
> its been more than 2 weeks since i am using these settings, Now my site still on page 1 on google india, but indexed as
HTTPS, as
https://coolbeanbags.co.in
> and today when i saw my WebMaster tools account for backlinks to my site, most of my links hav vanished....from 800 to 250+.....
> i want to know why this happened and what should be the right thing to do from all aspects including SEO.
Thanks
Re: How to enable Https instead of http
Posted: Wed May 30, 2012 9:38 pm
by Qphoria
why would you convert your whole site into https tho? Only the sensitive pages are meant to be https and that is done automatically. No htaccess change needed.
Re: How to enable Https instead of http
Posted: Wed May 30, 2012 10:00 pm
by victorj
Qphoria wrote:why would you convert your whole site into https tho? Only the sensitive pages are meant to be https and that is done automatically. No htaccess change needed.
I live in Holland and the governement has done some big campains to make everyone aware of internet fraude.
They explicitly informed bij big television campains that shopping should be done safely and preferebaly in shops that usses SSL protection.
Bij forcing your site to run SSL the customer inmediately sees the padlock so it gives confidence.
In my casr it increased sales with 30% so it was a good investment.
Re: How to enable Https instead of http
Posted: Thu May 31, 2012 10:29 pm
by amit_sr
Well frankly speaking i was interested in keeping only my home page and other important page under HTTPS, but was not able to do so......so i found it easier to convert whole site to HTTPS.....just to make my customers aware that this site is protected....
> My question to the GURU is ...Except for the speed part of website is there any other disadvantage of using whole site HTTPS...........i think my host is good enough and the confidence of the visitor will be boosted....
> From SEO point of view i want my site to be indexed as http... How to do that
Thanks
Re: How to enable Https instead of http
Posted: Wed Dec 24, 2014 7:02 pm
by appsfinder
thanks this helped me move from http to https on godaddy server
Re: How to enable Https instead of http
Posted: Sat Jan 03, 2015 10:49 am
by lipstick villian
Re the :why would you want/convert entire site to https?"
Too many fake websites, too many scams, too many hackers...A protected site gives people more assurance you are not dodgy.
Facebook is https and they dont even sell anything lol...well they do, but you know what I mean.
I guess as mentioned already it does depend on which country you live in. I also live in a small country and people are very security conscious due to buying off overseas sites and getting scammed so often, or not receiving their products.
I struggled for 6 months to get any sales on my website...Ive had SSL for a matter of days, my entire site is https including my admin....the way my business is regarded has pretty much instantly changed, for the better.
Re: How to enable Https instead of http
Posted: Sun Nov 26, 2017 8:56 pm
by jdiai
victorj wrote: ↑Wed Dec 14, 2011 5:08 am
For some sites customers findt it a nice idea to surf protected, it also gives a safe feeling to a website that it is displaying the padlock.
I invested in a servercertificates on multiple stores and turnover went up inmediatly on all "affected" stores, out of cost within less than a week so using ssl throughout the entire sites defenitly pays off
If you want your entire site under SSL as i do as wel you will have to add teh following lines to your htaccess
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$
https://www.yourdomein.com/$1 [R=301,L]
it will force your site to run under https
It took me quiet some time to take out all the non https sent items but i succeeded.
If you run in problems you can check your site at
http://www.whynopadlock.com/
it will tell you where the faults are so you can adress them more easily
suc6 Victor
This worked so well for me!!!!! All links on my opencart 1.5.6 url store even my admin page is on https now. i actually did the standard setting for config and admin config files but didnt show the ssl green padlock. but after this setting everything is green lol i am so greatful
. thank you so much for sharing
Re: How to enable Https instead of http
Posted: Tue Dec 12, 2017 1:44 am
by MrPhil
Most sites also want to force (or remove) "www." in the domain name, so it's a good idea to combine that with forcing https in
one redirect, rather than two separate redirects:
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L]
It can be modified to force https
off (only if you have
no SSL pages), or force
no www. It may even be possible to do a third redirect if you want, by adding another OR clause. Note that you should use a hard-coded domain name, rather than %{HTTP_HOST}, in the rewrite rule, because you want to force the www. version, and HTTP_HOST contains whatever was typed into the browser! Also, put all your 30x redirects up top, to only show URL changes that you
want a user or search engine to see (and remember). Internal rewrites (such as for SEO implementation) should not be sent back to the browser or search engine, so make sure you don't put any 30x redirects after internal rewrites!
Search engines will ding you (penalize you) for having multiple round trips due to 30x redirects, so it's best to reduce them to just one round trip. With careful .htaccess coding, you
can often do this with multiple redirects:
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L]
# if the URL came in http://mydomain.com, we're done because we already changed the host to www
# and the following rule will NOT be triggered
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
# if the URL came in https://mydomain.com, this one would have triggered INSTEAD
but it's usually easier just to do it in one go.
Re: How to enable Https instead of http
Posted: Thu Dec 28, 2017 10:40 am
by personalisedparty
Hi, I have a certificate for Https:// on my server however all the pages are still displaying as http only when logged into admin panel it is displayed https://
I added code to .httaccess as below but it is not work. Please help.
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$
https://www.balloonprint.ie/$1 [R=301,L]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]