Hmm... I need to find out myself. I don't know what is the answer to that question. I'll do some research in Google and get back to you if I find an useful answer. You should email the people at iContact as they probably can help you..

Take a look in both of the includes/local folders, and if you find alternative configure.php files inside those 'local' folders then delete or rename them. They override the main configure.php files - if they exist..

Also make sure that when you upload changed configure.php files that they are actually overwriting the online files - because if the online configure.php files are 'Read Only' (which they should be) then you need to change permissions before uploading changed files, to allow the online files to be overwritten. Reset permissions afterwards..

Vger..

I did indeed have copies of configure.php in my includes/local/ directory. I did not know they existed. I renamed them and made sure the changes in catalog/includes/configure.php and admin/includes/configure.php were saved. My SSL is now working like a charm..

Thanks Vger, you rock...

Hello,.

I am new to OSCommerce development, and trying to help client who had a previous developer build iContact site - a combination of web design and OSCommerce for purchases. iContact site is running but.

Does NOT include SSL.

(among other things previous developer - and no longer available - forgot!) From various postings, this seems to be the short checklist to get secure SSL transactions:.

1. Make sure iContact site has Fixed IP Address (Change and restart Apache Web Server if needed)..

2. Obtain SSL certificate with above Fixed IP - use Subdomain.MySite.com and not MySite.com on certificate - since working iContact site is in Subdomain..

3. Install certificate, verify it "works" ie no issues of self-signed or certificate chain broken..

4. Change includes/configure.php and admin/includes/configure.php and add appropriate values to HTTPS_SERVER HTTPS_COOKIE_DOMAIN HTTPS_COOKIE_PATH - all of which are currently blank.

5. Verify upload - check file date of uploaded files - make sure new files on server. ReadOnly Protect..

6. Verify no other "local copies" of configure.php exist..

7. TEST!.

8. SELL!.

Did I leave something out?.

Thanks in advance - do not want to look ignorant to my new client.....

Walter..

I did the changes as listed above, and when I login, the https is working. However, moving between different pages in the site, all OS Commerce pages, it drops the https and reverts back to http. How can I get it to load in https no matter what page the user is on, starting from the main page for instance?.

Thanks for any help,.

Andy..

That is the way it is suposed to work only pages where cc info and passwords are entered use SSL..

THere are some good links to nfo about SSL in my profile..

HTH.

G..

Ok, that kinda makes sense I guess. Any idea why it might not be kicking in when I login to my OSC Administrative login?..

Be sure you specify it when you access the admin, like:.

Https://www.yourdomain.com/admin.

Or.

Https://yourdomain.com/admin.

(depending on which one the SSL cert is for).

Note that both URL's use.

Http.

S..

I have, and when it loads the login.php page, it reverts back to the "http://" and not "https://" like it should be... any ideas?.

This post has been edited by.

Qkzoo.

: 09 January 2011, 15:59..

If you want the admin to be SSL all the time you have to do.

This.

Just be sure you use your domain info in the file, not theirs..

The point there being to make the define for.

HTTP_SERVER.

In the admin config file a URL that begins with.

Http.

S..

Ok, I just noticed something, perhaps you can tell me if I'm on or off here. I loaded both configure.php files side by side and were looking at them and I noticed that there is a variable defined in the standard configure file, but not the admin one..

Catalog/includes/configure.php.

Define('HTTP_SERVER', 'http://example.com');.

Define('HTTPS_SERVER', 'https://example.com');.

Define('ENABLE_SSL', true);.

Define('HTTP_COOKIE_DOMAIN', 'example.com');.

Define('HTTPS_COOKIE_DOMAIN', 'example.com');.

Catalog/admin/includes/configure.php.

Define('HTTP_SERVER', 'http://example.com');.

Define('HTTP_CATALOG_SERVER', 'http://example.com');.

Define('HTTPS_CATALOG_SERVER', 'https://example.com');.

Define('ENABLE_SSL_CATALOG', 'true');.

Should that variable be defined in the admin configure.php as well? Note, my url isn't actually example.com, my iContact site isn't ready yet so I don't want it messed with..

Thanks,.

Andy..

No,.

HTTPS_SERVER.

Isn't supposed to be defined in the admin config file..

It's in the catalog one because the catalog switches from.

HTTP.

To.

HTTP.

S.

At times..

The admin has no provision to do this (switch from one to the other)...

Ok, I tried the suggestion on that page, and Google Chrome loaded the admin login as secure but with a slash through it, like it isn't secure? Any ideas?.

In Firefox, it says it is "partially" encrypted..

This post has been edited by.

Qkzoo.

: 09 January 2011, 17:15..

You sure the config file is correct (i.e. using or not using the "www.")?.

SSL certs are configured for only one and either using the "www." when you shouldn't or not using it when you should will cause problems..

If you made changes to the config file locally and FTP'd it to the server be sure the file on the server says what you THINK it says..

Sometimes permissions on the server won't allow FTP to overwrite the file..

Something else to be aware of:.

In the includes FOLDER (catalog and admin) where the normal.

Configure.php.

Files are there is a FOLDER named.

Local.

On some installs there may be a.

Configure.php.

Inside the.

Local.

FOLDER (catalog and admin).

If there is, anything in it overrides anything in the normal.

Configure.php.

Files...

Hmm, this could be tricky. All I know about the SSL installation is that I received an iContact email from HostGator saying that it had been installed, and where to get logos for it. I'll see if I can get a hold of them to find out...

The only other reason I can think of for it to not be secure would be.

HTTP.

Links to images or scripts, either in the source or the stylesheet..

That is of course provided the iContact site recognizes that SSL is active when it's supposed to be..

Some don't...

From what my provider is telling me, my SSL config is for "example.com" not "www.example.com", so that clears up that issue. I know what you're talking about as far as permissions as well, I figured that out the hard way a couple days ago. I checked both "local" folders, and the only thing in them was a readme file, so no issues there. Here's a snippet of my config files, perhaps you can tell me if I'm doing something wrong here:.

Catalog/includes/configure.php.

Define('HTTP_SERVER', 'http://example.com');.

Define('HTTPS_SERVER', 'https://example.com');.

Define('ENABLE_SSL', true);.

Define('HTTP_COOKIE_DOMAIN', 'example.com');.

Define('HTTPS_COOKIE_DOMAIN', 'example.com');.

Define('HTTP_COOKIE_PATH', '/');.

Define('HTTPS_COOKIE_PATH', '/');.

Define('DIR_WS_HTTP_CATALOG', '/');.

Define('DIR_WS_HTTPS_CATALOG', '/');.

Define('DIR_WS_IMAGES', 'images/');.

Define('DIR_WS_ICONS', DIR_WS_IMAGES'icons/');.

Define('DIR_WS_INCLUDES', 'includes/');.

Define('DIR_WS_BOXES', DIR_WS_INCLUDES'boxes/');.

Define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES'functions/');.

Define('DIR_WS_CLASSES', DIR_WS_INCLUDES'classes/');.

Define('DIR_WS_MODULES', DIR_WS_INCLUDES'modules/');.

Define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES'languages/');.

Catalog/admin/includes/configure.php.

Define('HTTP_SERVER', 'https://example.com');.

Define('HTTP_CATALOG_SERVER', 'http://example.com');.

Define('HTTPS_CATALOG_SERVER', 'https://example.com');.

Define('ENABLE_SSL_CATALOG', 'true');.

Define('DIR_FS_DOCUMENT_ROOT', '/home/adiamond/public_html/');.

Define('DIR_WS_ADMIN', '/admin/');.

Define('DIR_FS_ADMIN', '/home/adiamond/public_html/admin/');.

Define('DIR_WS_CATALOG', '/');.

Define('DIR_FS_CATALOG', '/home/adiamond/public_html/');.

Define('DIR_WS_IMAGES', 'images/');.

Define('DIR_WS_ICONS', DIR_WS_IMAGES'icons/');.

Define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG'images/');.

Define('DIR_WS_INCLUDES', 'includes/');.

Define('DIR_WS_BOXES', DIR_WS_INCLUDES'boxes/');.

Define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES'functions/');.

Define('DIR_WS_CLASSES', DIR_WS_INCLUDES'classes/');.

Define('DIR_WS_MODULES', DIR_WS_INCLUDES'modules/');.

Define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES'languages/');.

Define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG'includes/languages/');.

Define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG'includes/languages/');.

Define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG'images/');.

Define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG'includes/modules/');.

Define('DIR_FS_BACKUP', DIR_FS_ADMIN'backups/');.

Define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG'download/');.

Define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG'pub/');..

Not seeing anything amiss there..

Did you check the HTML source of the page and the stylesheet for.

HTTP.

Links to images or scripts?.

Those will screw up SSL pages faster than ants to a picinc....

Without your URL I've just about exhausted my "bag of tricks" here...

Doh! I just figured it out, forgot the "s" in the admin configure.php file:.

Define('HTTP_CATALOG_SERVER', 'http://example.com');.

I added it and it is working now, whew!..