Is there a way to enable SSL connection in OpenCart after the shop has been created?

Category: Opencart

jhericoco
Asked:
2013-08-06 3:17 pm EST

Hits: 4,138
I finished the site a couple of weeks ago and the client didn't originally have Authorize.net as an option. Now that we're enabling it, we have to have secure checkout pages. Is there a way to enable SSL connection in OpenCart after the shop has been created? Thanks for any assistance.

fashionforprofit.com

Jheri

You must login before you can ask a follow up question.

You must login before you can submit an answer.

Thank you. I've now that the SSL is active, well it's actually a Standard UCC SSL. What am I doing wrong on my config files? I revisited the webpage and it doesn't force a "https" as of yet.

[Note: Information has been edited from the site to maintain security of the account. Community support retains a copy for troubleshooting purposes.]
jhericoco
25 Points
2013-08-07 12:38 pm EST
Morning,
Is there anyone on your team I can hire for an hour to repair to sync/code the #CUU/SSL cert and Opencart (using Authorize.net)? If so, please email me at design@layeriii.com, I'd like to get it taken care of as soon as possible. You can see all of my notes below, it's regarding this issue.

Thank you,
Jheri
jhericoco
25 Points
2013-08-19 12:56 pm EST
Assuming I can't hire anyone...Ok, I nreally need assistance and I'm sure it's a small detail, just a bit irritated because Godaddy tells me something etc, etc. My IMAGE files appear to be insecure, this is what I have and it's been altered several times. What should I changed...please?

Admin config:
<?php
// HTTP
define('HTTP_SERVER', 'https://fashionforprofit.com/admin/');
define('HTTP_CATALOG', 'https://fashionforprofit.com/');

// HTTPS
define('HTTP_SERVER', 'https://fashionforprofit.com/admin/');
define('HTTP_CATALOG', 'https://fashionforprofit.com/');
define('HTTP_IMAGE', 'https://fashionforprofit.com/images');

Main config:
<?php
// HTTP
define('HTTP_SERVER', 'https://fashionforprofit.com/');

// HTTPS
define('HTTP_SERVER', 'https://fashionforprofit.com/');
define('HTTP_IMAGE', 'https://fashionforprofit.com/images/');
define('HTTP_IMAGE', 'https://fashionforprofit.com/image/');
define('HTTP_WWW', 'https://fashionforprofit.com/');
jhericoco
25 Points
2013-08-22 01:32 pm EST

OTHER ANSWERS

0

Arn
Staff
18,399 Points
2013-08-06 3:32 pm EST
Hello Jheri,

Thanks for the question! Yes, you can enable SSL after the shop has already been built. Check out our documentation: Enabling SSL in Opencart. You would need to make sure that the SSL certificate is installed and available before you enabled it Opencart.

I hope this helps to answer you question! Please let us know if you require any further assistance.

Regards,
Arnel C.

You must login before you can post a comment about this answer.

0

johnpaulb-imhs1
Staff
10,994 Points
2013-08-07 1:09 pm EST
Hello jhericoco,

I visited your site, and when I go to the Store page, it forces the https, it should also do this when you login the dashboard.

If it is not doing this for you, try clearing your browser cache.

Also, remember any links on a secure page must be to the 'https' version, instead of 'http', because it will break the security.

Also for security purposes I X'd out your database information. Please never post that type of information on a public forum, as it allows outsiders to access your database remotely.

If you have any further questions, feel free to post them below.
Thank you,

-John-Paul

You must login before you can post a comment about this answer.

Yes I didn't realize I'd pasted all of the private info, and then contacted u guys ASAP once I noticed and freaked. I did change all the pws, thank you. I just tried accessing the store page and it does force it, I thought it would appear on all pages, first time doing this. But what I'm a bit confused about is when checking out, it still shows the browser address. Authorize.net requires a secure pg that doesn't display the address. You've any idea how to address this matter? Thanks again.
jhericoco
25 Points
2013-08-07 1:59 pm EST
Hello jhericoco,

I added an item to check out, and was redirected to the https version of your site. Then when i went to checkout, it was still on the https version of your site, but the padlock was broken.

This happens when links on the page go to http, instead of https. I used nopadlock.com to scan the page, and it gave a list of insecure links:

Total number of items: 48
Number of insecure items: 5

Insecure URL: http://www.fashionforprofit.com/images/icon_fb.jpg
Found in: https://fashionforprofit.com/index.php?route=checkout/cart

Insecure URL: http://www.fashionforprofit.com/images/icon_link.jpg
Found in: https://fashionforprofit.com/index.php?route=checkout/cart

Insecure URL: http://www.fashionforprofit.com/images/icon_tweet.jpg
Found in: https://fashionforprofit.com/index.php?route=checkout/cart

Insecure URL: http://www.fashionforprofit.com/images/icon_contact.jpg
Found in: https://fashionforprofit.com/index.php?route=checkout/cart

Insecure URL: http://www.fashionforprofit.com/images/img_bg_2.jpg
Found in: https://fashionforprofit.com/catalog/view/theme/default/stylesheet/stylesheet.css

I recommend fixing these links.

Also I found a post on the Official Opencart forum, where they provide the settings for setting up Authorize.net.

If you have any further questions, feel free to post them below.
Thank you,

-John-Paul
johnpaulb-imhs1
10,994 Points
Staff
2013-08-07 2:44 pm EST
Thanks John Paul. What am I doing wrong? I have the settings correct.
Admin:
// HTTP
define('HTTP_SERVER', 'http://fashionforprofit.com/admin/');
define('HTTP_CATALOG', 'http://fashionforprofit.com/');

// HTTPS
define('HTTPS_SERVER', 'https://fashionforprofit.com/admin/');
define('HTTPS_CATALOG', 'https://fashionforprofit.com/');
define('HTTPS_IMAGE', 'https://fashionforprofit.com/images');

jhericoco
25 Points
2013-08-07 4:00 pm EST
Hello Jheri,

Sorry for the continuing issues. There's absolutely nothing wrong with your settings. It's basically the way that OpenCart creates the links for those portions of the pages. So, as per what John Paul identified, there are insecure links (to the images) on the page. This means that the page will not be totally secure because some of the links are using normal "http" to access those elements leading to the "broken padlock" symbol in the address bar.

So the question is, how do you FORCE ALL of the links to HTTPS. This can be done with a setting change in the .htaccess file. You can use the following article: How to force SSL using the .htaccess file. However use the following code instead of the one in the article:

#no non-ssl access
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

You can find the details for the code above in the OpenCart forum post on forcing SSL. Please review the article as they are basically trying to accomplish what you have been asking.

Sorry for the issues and I hope that this helps to resolve the SSL problems that you've been having. Please let us know if you require any further assistance.

Regards,
Arnel C.
Arn
18,399 Points
Staff
2013-08-07 4:49 pm EST
I was informed to wait the entire 72 hrs although I'd received the activation letter to see changes. However, after trying to recode the files, I no loger see a forced https. Help!

htaccess:
#no non-ssl access
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} checkout|account
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

config:
// HTTP
define('HTTP_SERVER', 'http://fashionforprofit.com/');

// HTTPS
define('HTTPS_SERVER', 'https://fashionforprofit.com/');
define('HTTPS_IMAGE', 'https://fashionforprofit.com/images/');


What am I doing wrong?
jhericoco
25 Points
2013-08-12 7:32 pm EST
Hello Jheri,

Sorry that you're still having problems with this issue. As you are not hosting with us, it really makes it difficult for us to determine what's actually in your .htaccess file. We would need to see the entire thing to judge what's happening in that file. You should make sure that the re-write rule is occurring first. If there are other rules in there that affect the URL, then they might be nullifying the changes that are needed. If your settings are correct and you're STILL not able to see the HTTPS for all of the paths, then you may need to take some time to address OpenCart directly. We did not write the code and while we often help our customers or anyone using the software, you may be better off directly asking the creators of OpenCart for assistance. Especially, if you're still not seeing the results after we have provided what we believe is the best answer. I can't see your database nor installation files. And when I check the urls to see why your HOME page is not showing as secure, it's because of the following:

https://fashionforprofit.com/image/data/cart.png
http://www.fashionforprofit.com/images/img_bg_2.jpg
https://fashionforprofit.com/image/data/img_logo.jpg
https://fashionforprofit.com/Morphe%20Brushes/shoponline%202013/shoponline/catalog/view/theme/default/image/button-search.png
https://fashionforprofit.com/catalog/view/theme/default/image/menu.png
https://fashionforprofit.com/image/cache/data/banner/img_slide_1a-906x451.png
https://fashionforprofit.com/image/cache/data/banner/img_cross-300x180.jpg
https://fashionforprofit.com/image/cache/data/banner/img_retail-300x180.jpg
https://fashionforprofit.com/image/cache/data/banner/img_fbi-300x180.jpg
http://www.fashionforprofit.com/images/icon_fb.jpg
https://fashionforprofit.com/images/spacer.gif
http://www.fashionforprofit.com/images/icon_link.jpg
http://www.fashionforprofit.com/images/icon_tweet.jpg
https://fashionforprofit.com/images/spacer.gif
http://www.fashionforprofit.com/images/icon_contact.jpg

This list of URLs comes from looking at the MEDIA using the Firefox browser when checking the SSL link. It lists all of the media file links. This often shows why the page will not be indicated as secure due to the mixed list of http and https links used by the media files that are elements of the website.

Note that several of the paths are set for WWW and are NOT set to go to HTTPS because of that. You will need to adjust your configuration to account for the WWW definition and that should hopefully cover it all. Just add another line for the WWW definition of your path in the configuration.

In terms of the behavior of the entire application not using the https link, you will need to ask OpenCart why the fix that we previously gave is not working. That fix came directly from their forums. If there's something else going on on your site, then they may need to look at it for you.

Sorry again for the continuing issues. I hope that the information that I have provided helps to get you a quick resolution.

Kindest regards,
Arnel C.


Arn
18,399 Points
Staff
2013-08-12 9:06 pm EST
0

Arn
Staff
18,399 Points
2013-08-22 3:00 pm EST
Hello Jhericoco,

Sorry to hear you're still having problems with the SSL. The issue most likely has to do with your theme or plugins for the OpenCart site. I would highly recommend switching to the DEFAULT theme in order to see if the site all of the sudden loads securely. The problem here is that I can't see all of your files and most likely a template/theme file (.tpl) has something hardcoded in it that is causing the the problem. Additionally, there might a plugin that is generating your menus as HTTP links instead of using HTTPS. These are things that outside of the normal OpenCart installation and operation, so trying to detect them without having access to your code is difficult.

Also, checkout this link: Why no padlock ?Check why your site is not fully secured by your SSL certificate. This site will show the links that are coming as NOT secured. As per what we're seeing when viewing your page source, it's something most likely being put in there by either a custom plugin-in/extension or custom theme/template.

We've really exhausted a lot of what we can do without access to your files. If you continue to have problems with the SSL, I would highly suggest contacting the developer of your template or plugin for further support.

Kindest regards,
Arnel C.

You must login before you can post a comment about this answer.

Hi Arnel,
I used the padlock site and it stated the files within images and I'm currently using the default template. I just want to be sure, am I able to hire you for an hour to look at my files etc?
Thank you,
Jheri
jhericoco
25 Points
2013-08-22 3:09 pm EST
Hello Jhericoco,

I wish I could say yes. However, I cannot since I'm currently providing support as an employee with InMotion Hosting. Thanks for asking!

Did you try changing the theme over to the DEFAULT? I think you're using a custom theme/template, right? I just wanted to know if that would help take care of the problem.

If it's just those images, it might related to some social media related plugin as well (the links I see include FB and Tweet among the file titles). If it's just a plugin, maybe you can disable it and see if the site shows up as secure after that.

Sorry again that I can't agree to work on your site privately, but hopefully, you're close enough on the right track to fixing it. By the way, if you need to manually edit the Template files, they're mainly text files that in .TPL.

Kindest regards,
Arnel C.

Arn
18,399 Points
Staff
2013-08-22 3:58 pm EST
Hit Arn, this is exactly what was wrong with mine. I switched my theme to default, reloaded my url and Wa-Lah, the padlock was showing fine. My thing is, I don't want to use the default theme. What 'specific' changes should I look at making in my custom theme to fix this issue. I'm looking over my template but I don't know where to start.
ovrcomimpossible
3 Points
2014-05-14 8:44 pm EST
Like this Question?

Related Articles

It looks like there are no related articles.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!