Magento Forum

   
Page 1 of 4
To everyone with 1&1;shared SSL problems [QUICK FIX AVAILABLE]
 
flowstack
Sr. Member
 
Avatar
Total Posts:  159
Joined:  2008-01-30
London, United Kingdom
 

To everyone with 1&1;shared SSL troubles (may work on other hosts also).

The problem occurs because $_SERVER[’HTTPS’] is not set with shared SSL. To fix this you need to make the following edits.

I DO NOT GUARANTEE THIS WILL WORK. BACKUP YOUR WORK FIRST. I ACCEPT NO RESPONSIBILITY IF THINGS GO WRONG.

...But this hack worked for me smile

Edit 1
--------------------

Open app/code/core/Mage/Core/Model/config.php.
On line 254, change:

$secure = isset($_SERVER['HTTPS']) || $_SERVER['SERVER_PORT']=='443';

to:

$secure = isset($_SERVER['HTTP_X_FORWARDED_SERVER']) || $_SERVER['SERVER_PORT']=='443';

Edit 2
-----------------

Open app/code/core/Mage/Core/Model/Store.php:
On line 336 change:

if (!empty($_SERVER['HTTPS'])) {

to

if (!empty($_SERVER['HTTP_X_FORWARDED_SERVER'])) {

Edit 3
-----------------

Open lib/Zend/OpenId.php
On line 97 change:

if (isset($_SERVER['HTTP_X_FORWARDED_SERVER']) && $_SERVER['HTTPS'== 'on'{

to

if (isset($_SERVER['HTTP_X_FORWARDED_SERVER']) && $_SERVER['HTTP_X_FORWARDED_SERVER'== 'sslrelay.com'{

Edit 4
-----------------

Open lib/Zend/Controller/Action/Helper/Redirector.php.
On line 185 change:

$proto = (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS']) ? 'http' 'https';

to

$proto = (empty($_SERVER['HTTPS']) || empty($_SERVER['HTTP_X_FORWARDED_HOST'])) ? 'http' 'https';

Let me know if it works for you.

Ed

 
Magento Community Magento Community
Magento Community
Magento Community
 
Eminent Style
Sr. Member
 
Avatar
Total Posts:  86
Joined:  2008-02-17
Bromsgrove, United Kingdom
 

Magento Version : 1.0

Thanks for your effort on this but I am having trouble trying to implement this. edit 3 and edit 4 no longer appear to be in my code. I am using version 1 and am on 1and1 hosting using a shared ssl.

Edit 3

I can’t find this line…

if (isset($_SERVER['HTTP_X_FORWARDED_SERVER']) && $_SERVER['HTTPS'== 'on'{

but this line does appear on 97.

if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'== 'on'{

Edit 4

I can’t find this line…

$proto = (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS']) ? 'http' 'https';

but this line appears on 192

$proto = (empty($_SERVER['HTTPS'])) ? 'http' 'https';

When I paste over my lines with the corrected ones I still get errors when trying to access anything requiring the SSL. The home page displays with the normal address but the admin errors out as follows.

Error 500 Internal server error

An internal server error has occured
!
Please try again later.

Any help would be appreciated,

thanks, Ben

 
Magento Community Magento Community
Magento Community
Magento Community
 
flowstack
Sr. Member
 
Avatar
Total Posts:  159
Joined:  2008-01-30
London, United Kingdom
 

Hi,

My fix was for a previous version (0.9).

I haven’t yet tried SSL and version 1.0 on oneandone, but will be doing shortly.

I’ll post updates here when I get a chance.

Thanks,

Ed

 
Magento Community Magento Community
Magento Community
Magento Community
 
Eminent Style
Sr. Member
 
Avatar
Total Posts:  86
Joined:  2008-02-17
Bromsgrove, United Kingdom
 

Ok, thanks Ed. If I work out the issue and find a solution I will post here.

 
Magento Community Magento Community
Magento Community
Magento Community
 
tronics
Member
 
Total Posts:  46
Joined:  2008-01-17
 

Hello for me this fix works with 1.0 !!

Almost everything works.
Except for the Login for existing customer on checkout

When submitting your login credentials
https://sslsite.com/shop/checkout/onepage/
instead of
https://sslsite.com/domain.com/shop/checkout/onepage/
is called.
That is not working of course because the domain in this shared ssl environment is always
http://www.domain.com/ OR
http://sslsite.com/domain.com/

This might be a bug in magento..
Apart a fix for this shared ssl should go into the core.

Thanks

Regards,
rrrr4

 
Magento Community Magento Community
Magento Community
Magento Community
 
tronics
Member
 
Total Posts:  46
Joined:  2008-01-17
 

Ok there is another problem after the fix.
The Log in Log off is not displayed correctly. Probably because of a cookie issue?

--

However the Bugid for this whole shared SSL thing is this one:
http://www.magentocommerce.com/bug-tracking/issue?issue=1699

Best Regards,
tronics

 
Magento Community Magento Community
Magento Community
Magento Community
 
flowstack
Sr. Member
 
Avatar
Total Posts:  159
Joined:  2008-01-30
London, United Kingdom
 

tronics - I also noticed the redirect problem and submitted a bug report on version 0.9. No idea if anyone is looking into it.

The same thing will happen when you enable SSL in your admin and try to login. You get redirected to:

http://sslsite.com/magento/admin

instead of

http://sslsite.com/domain.com/magento/admin

A bit annoying!

 
Magento Community Magento Community
Magento Community
Magento Community
 
Eminent Style
Sr. Member
 
Avatar
Total Posts:  86
Joined:  2008-02-17
Bromsgrove, United Kingdom
 
tronics - 09 April 2008 06:51 AM

Hello for me this fix works with 1.0 !!

Almost everything works.
Except for the Login for existing customer on checkout

Hmmm, I can’t work out what I am missing then. Tronics, was the code in the same place or was it different for you? An suggesttions would be appreciated. I am reluctant to spend the money 1and1 wants for a dedicated ssl just for a development server.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Elisa Zaroni
Jr. Member
 
Total Posts:  6
Joined:  2008-04-24
Brasil
 

I believe I am suffering from similar problem. My site works only on http.

My provider configures a shared URL for SSL (https://domain.websecure.com/magento), pointing to same address where I have magento installed.

Strange thing is the site loads home from https address. But when I click “Account” / “Logout” it stalls on me and does not gives me any answer.

I have configures secure and unsecure settings, also have tried several fixes and configurations tips with no success.

Any suggestions ?

 
Magento Community Magento Community
Magento Community
Magento Community
 
Elisa Zaroni
Jr. Member
 
Total Posts:  6
Joined:  2008-04-24
Brasil
 

Hi !

I have configured magento 1.0 in a shared SSL environment (not 1&1;) and tried everything I could known.
Not success. The site stalls/hangs when clicking on Account or Login and SSL is configured with Yes.
Strange is correct address appears on links......

Tried several different things:
- Rewrite enabled / disabled
- SSL for everything (disaster… had to disable it through database).
- Changes in this topic, etc.

Tks,
Elisa Zaroni.

(PS: Sorry, my internet was terrible, did not realize my previous post had worked)

 
Magento Community Magento Community
Magento Community
Magento Community
 
Lior
Magento Team
 
Avatar
Total Posts:  293
Joined:  2007-09-24
 

@Elsa,
Who is your hosting?
Do they have a separate location for secure pages?

 
Magento Community Magento Community
Magento Community
Magento Community
 
Elisa Zaroni
Jr. Member
 
Total Posts:  6
Joined:  2008-04-24
Brasil
 

Lior,

Hi ! Thanks.

The hosting is a brazilian company (http://www.locaweb.com.br - sorry, in portuguese).

No, they do not have today separate locations for secure site.

My configuration has boths URLs (http and https) pointing to the same path. I believe its through virtual host & aliases.
You can see them in:

-> http://www.p2d.com.br/p2dstore
-> https://p2d2.websiteseguro.com/p2dstore

Both addresses point out to same physical directories.

Tks !
El-i-sa (link in Elisabeth)

 
Magento Community Magento Community
Magento Community
Magento Community
 
Lior
Magento Team
 
Avatar
Total Posts:  293
Joined:  2007-09-24
 

@Elisa
Is your SSL Certificate was set up for the http://www.p2d.com or p2d.com (without www)
I was trying to access your site, and I see that for both with and without www I was getting that certificate is not valid
Check with your hosting company your certificate configurations

 
Magento Community Magento Community
Magento Community
Magento Community
 
Elisa Zaroni
Jr. Member
 
Total Posts:  6
Joined:  2008-04-24
Brasil
 

Lior,

Although https is responding with invalid certificate, the configuration within Magento is:

- Unsecure URL => http://www.p2d.com.br/p2dstore (all settings other than URLs were not changed)

- Secure URL => https://p2d.websiteseguro.com/p2dstore

https://www.p2d.com.br/ --->> PLEASE IGNORE (for now)

Tks a lot !!

 
Magento Community Magento Community
Magento Community
Magento Community
 
Lior
Magento Team
 
Avatar
Total Posts:  293
Joined:  2007-09-24
 

@Elisa,

Did you try to configure Magneto to use SSL via admin, but you don’t actually have SSL Certificate?
What is the correct URL that there will be no certificate warnings?

 
Magento Community Magento Community
Magento Community
Magento Community
 
JoeNmass
Member
 
Avatar
Total Posts:  50
Joined:  2008-03-07
 

I have 1&1;hosting and I had a very hard time trying to get my shared SSL certificate to work correctly. I don’t know if it was a coincidence but I only got it to work right only after I set “YES” to the “Use Secure URLs in Admin:” and “Use Secure URLs in Frontend” section. It did not work if I only had the “Frontend” set to “Yes”.

And also I had to use “www” in the Base URL.

I finally got it working with these settings in the Admin/Configuration/Web/Secure section:

Base URL:  https:www.mydomain.com
Base Link URL: {{secure_base_url}}
Base Skin URL: {{secure_base_url}}skin/
Base Media URL: {{secure_base_url}}media/
Base JavaScript URL:{{secure_base_url}}js/
Use Secure URLs in Frontend: Yes
Use Secure URLs in Admin: Yes

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
    Back to top
Page 1 of 4