Magento Forum

   
Page 1 of 2
SSL for dummies (ie: me)
 
Luthier
Jr. Member
 
Total Posts:  9
Joined:  2012-05-05
 

So I’m setting up a store for a friend and I have bought the SSL cert (from NetSol) and they say it is enabled via my netsol interface.  Now when I just go to the site: www.briarrosebistro.com it does not show up as secured. 

So after reading up on it I went into the System -> Config -> Web and checked yes in use secure URL’s on both the frontend and admin.  Refreshed the site, flushed cache.  Still nothing.

The site is basically in a shell with generic info at this point.  I’ve been teaching myself it as I go along so no real info, logo’s, ect are being used, but I can modify that before the shop is ready to go.  I don’t want to have to blow up the site to make it all work, but I will if I have to and then redo it all.

Can someone explain what I’m doing wrong here?  I would appreciate if you explained it to me like I’m 5 years old too because I’m not a developer.  I don’t know what to do.

Thanks in advance.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Rich Cleverley
Sr. Member
 
Avatar
Total Posts:  284
Joined:  2009-01-20
 

First thing to check is the secure url’s in system > configuration > web (where you enabled secure url’s). Make sure the base url in there is https rather than http.

Hopefully that’ll sort you but let us know if you need any other help.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Luthier
Jr. Member
 
Total Posts:  9
Joined:  2012-05-05
 
richclever - 14 June 2012 01:25 AM

First thing to check is the secure url’s in system > configuration > web (where you enabled secure url’s). Make sure the base url in there is https rather than http.

Hopefully that’ll sort you but let us know if you need any other help.

When I do that it gives me redirect loop errors when I try to access any page that would be secure, like this:

https://briarrosebistro.com/home/index.php/customer/account/login/

Now I can’t get back into the backend because I had that set to use SSL as well and I’m getting the same error there.

There were two places to modify the base URL.  One was “unsecure” and one was “secure” I modified the section (by adding the s after “http") labled secure.  Was that right?

 
Magento Community Magento Community
Magento Community
Magento Community
 
Rich Cleverley
Sr. Member
 
Avatar
Total Posts:  284
Joined:  2009-01-20
 

Yes, that should have been correct.  If you can’t get back into the backend to reset this then you’ll need to go into the DB and change it.

Using whatever DB client you have (phpmyadmin, MySQL query browser) run teh following query:
SELECT * FROM core_config_data where path = ‘web/secure/base_url’

Change the values in here to be http rather than https and you should be back in.

I’ll have a look around and see if I can find out what is going wrong when you enable it and get back to you

 
Magento Community Magento Community
Magento Community
Magento Community
 
Rich Cleverley
Sr. Member
 
Avatar
Total Posts:  284
Joined:  2009-01-20
 

Also, I have just gone to the URL you mentioned and get the following error in Firefox.

(Error code: ssl_error_bad_cert_domain)

Looks like your ssl may be set up incorrectly as I also get the following:

briarrosebistro.com uses an invalid security certificate.

The certificate is only valid for www.briarrosebistro.com

If you are not using www then you’ll need to change your SSL so it is on the non www domain name (or change the site so it uses www - possibly you may be able to do that by changing the base url’s so they have www in them - all depends on how your domain has been set up.).

 
Magento Community Magento Community
Magento Community
Magento Community
 
Luthier
Jr. Member
 
Total Posts:  9
Joined:  2012-05-05
 
richclever - 14 June 2012 03:37 AM

Also, I have just gone to the URL you mentioned and get the following error in Firefox.

(Error code: ssl_error_bad_cert_domain)

Looks like your ssl may be set up incorrectly as I also get the following:

briarrosebistro.com uses an invalid security certificate.

The certificate is only valid for www.briarrosebistro.com

If you are not using www then you’ll need to change your SSL so it is on the non www domain name (or change the site so it uses www - possibly you may be able to do that by changing the base url’s so they have www in them - all depends on how your domain has been set up.).

This may be part of my problem.  I tried to test out the changing the base URL’s to include the www. before the name, and that indeed changed what I was looking at on the site, however when I try to log into a user to see if it switches to the SSL during the checkouit process I put in my username and password, hit submit and then the screen refreshes and doesn’t log me in.  I’m guessing becuase the loging is tied tot he old non www. config.

I have to get back to work right now but I’m going to try again tonight.  Perhaps I just need to swap it back to the www. and then flush the cache. 

I really apprecaite your help thus far.  Many thanks.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Rich Cleverley
Sr. Member
 
Avatar
Total Posts:  284
Joined:  2009-01-20
 

Definitely try flushing the cache but if that doesn’t work you might want to try changing the cookie domain to .briarrosebistro.com (the dot is very important and no trailing slash).  I can’t remember exactly what the row in core_config_data is called but if you run this query against the DB you should be able to find it

select from core_config_data where path like 'o;okie%'
(replace the o;okie% with percentage sign cookie percentage sign - no spaces - the forums messes it up when I post)

Hope that helps.  I’m in the UK so won’t be around for another 12 hours but post any updates and I’ll see how I can help.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Luthier
Jr. Member
 
Total Posts:  9
Joined:  2012-05-05
 

So after flushing cache, updating the base url’s again I’m now getting an error when I go through the checkout process.  When it would normally kick over to an SSL connection I get this:

SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don’t have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Rich Cleverley
Sr. Member
 
Avatar
Total Posts:  284
Joined:  2009-01-20
 

Ok, so it looks like the problem is that it’s trying to do SSL on port 80 (HTTPS runs on port 443).  When I hover over ‘my account’ the base url is https://www.briarrosebistro.com:80 which is wrong, it should just be https://www.briarrosebistro.com.  You don’t have the :80 at the end of your base url do you?  If so get rid of it (you don’t need any ports to be specified at all).

If this doesn’t help then I’d suggest you contact your host as there may be some configuration their end that needs to be sorted out.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Luthier
Jr. Member
 
Total Posts:  9
Joined:  2012-05-05
 
richclever - 16 June 2012 11:49 PM

Ok, so it looks like the problem is that it’s trying to do SSL on port 80 (HTTPS runs on port 443).  When I hover over ‘my account’ the base url is https://www.briarrosebistro.com:80 which is wrong, it should just be https://www.briarrosebistro.com.  You don’t have the :80 at the end of your base url do you?  If so get rid of it (you don’t need any ports to be specified at all).

If this doesn’t help then I’d suggest you contact your host as there may be some configuration their end that needs to be sorted out.

I had noticed this before and took it out, but then that is where the redirect loop errors started happening so I put it back in not knowing what it was as magento automatically put that there and I figured if it was put there by default I had better not mess with it.

So.  I took it out again, and got the redirect errors again.  I flushed the cache, and still doing it.

I would delete the entire site and set it back up as It’s not that hard, but I don’t even know if that would fix it.  I contacted the host ( NetSol) and they were no help. 

The SSL was added after the site had been built so maybe a fresh install on the server would be the ticket.  I don’t know....

I’m sure you don’t want to mess with this anymore, and I understand that.  I have appreciated your help though so thanks.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Rich Cleverley
Sr. Member
 
Avatar
Total Posts:  284
Joined:  2009-01-20
 

Perfectly happy to help if I can so no probs there. SSL can be a pain when it doesn\’t work.

I\’ve had a look around and people are suggesting that your session may be messed up.  Have a try at emptying your session data (it\’s either in the DB table core_session or on the file system in var/session from your document root).  I have noticed that if I go to your homepage using SSL all seems fine and I can view your cert details so the cert itself seems to be working.

Post 6 on this thread might help http://www.magentocommerce.com/boards/viewthread/70421/#t214114 Not ideal modifying the index.php because of upgrades but it might do the trick while you find out what else may be going on.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Luthier
Jr. Member
 
Total Posts:  9
Joined:  2012-05-05
 
richclever - 17 June 2012 04:55 AM

Perfectly happy to help if I can so no probs there. SSL can be a pain when it doesn\’t work.

I\’ve had a look around and people are suggesting that your session may be messed up.  Have a try at emptying your session data (it\’s either in the DB table core_session or on the file system in var/session from your document root).  I have noticed that if I go to your homepage using SSL all seems fine and I can view your cert details so the cert itself seems to be working.

Post 6 on this thread might help http://www.magentocommerce.com/boards/viewthread/70421/#t214114 Not ideal modifying the index.php because of upgrades but it might do the trick while you find out what else may be going on.

Well I think we are at least making some progress for the moment.  Here is what I did:

Added that code you linked to the index.php

Then I would get 404 errors when going to the checkout page.  So I dug around and found some people having the same problem and turning off server rewrites fixed it.  So I did that.  Now, as far as I can tell, the site works fine, however in chrome the https has a red x through it saying it’s encrypted, but there are issues.  Is that just me?

In firefox it tells me: You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Rich Cleverley
Sr. Member
 
Avatar
Total Posts:  284
Joined:  2009-01-20
 

Great you are getting somewhere with it.

Yes, you get that error because you have things being served up using http rather than https on secure pages so browsers complain.  Luckily it’s nice and easy to see what they are.

These two lines are the culprits:
<link href="http://fonts.googleapis.com/css?family=Oswald" rel="stylesheet" type="text/css">
<link href="http://fonts.googleapis.com/css?family=Lobster+Two" rel="stylesheet" type="text/css">

You need to serve them up using https not http when in a https page.  You can try changing them to https on all pages (this should work and not cause issues in http pages)

 
Magento Community Magento Community
Magento Community
Magento Community
 
Luthier
Jr. Member
 
Total Posts:  9
Joined:  2012-05-05
 
richclever - 17 June 2012 05:54 AM

Great you are getting somewhere with it.

Yes, you get that error because you have things being served up using http rather than https on secure pages so browsers complain.  Luckily it’s nice and easy to see what they are.

These two lines are the culprits:
<link href="http://fonts.googleapis.com/css?family=Oswald" rel="stylesheet" type="text/css">
<link href="http://fonts.googleapis.com/css?family=Lobster+Two" rel="stylesheet" type="text/css">

You need to serve them up using https not http when in a https page.  You can try changing them to https on all pages (this should work and not cause issues in http pages)

Sounds simple enough.  Except for the part where I’m a dummy…

How would I go about doing this?

 
Magento Community Magento Community
Magento Community
Magento Community
 
Rich Cleverley
Sr. Member
 
Avatar
Total Posts:  284
Joined:  2009-01-20
 

Find wherever those files are being included (header.phtml possible) and change http to https for them.  That’s it!  Clear caches and see what happens.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Luthier
Jr. Member
 
Total Posts:  9
Joined:  2012-05-05
 
richclever - 17 June 2012 07:01 AM

Find wherever those files are being included (header.phtml possible) and change http to https for them.  That’s it!  Clear caches and see what happens.

Indeed.  So it seems those files are the google font references.  I found this page that referred to it:

http://www.magentocommerce.com/boards/viewthread/275109/#t383108

So following that I changed:

<link href="http://fonts.googleapis.com/css?family=Oswald" rel="stylesheet" type="text/css">

to:

<link href="fonts.googleapis.com/css?family=Oswald" rel="stylesheet" type="text/css">

in my head.phtml file.

So now everything seems to be in order!

Edit:

Seems like the site is working fine however now when I try to enter into the backend (insert backend joke here) It takes my username and PW and then nothing happens when I press login.  It’s like the page refreshes and nothing happens.

I’m so close!

Also I wanted to say again how much I appreciate your help.  You don’t know me at all yet you’ve taken your time to help out.  I really do appreciate it.  Hopefully this thread can help more in the future.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
    Back to top
Page 1 of 2