Post by double_dd » Fri Jan 03, 2014 5:57 am

Hi all,

I've been searching the forum's and I've just decided to go with an SSL certificate. I wasn't going to at first but then I was A) Getting the warning message when a user is returning to my site after paying with paypal and B) I feel the need to protect myself from any potential risk in losing customer data.

Having set the site up to run non-SSL - I know I have to make changes to the config files but I'm more bothered about losing all my nice SEO friendly URLs.

My .htaccess file is pasted below...Could someone tell me what exactly I'll need to change in here to make it work as it does now but with SSL?

Code: Select all

# 1.To use URL Alias you need to be running apache with mod_rewrite enabled. 

# 2. In your opencart directory rename htaccess.txt to .htaccess.

# For any support issues please visit: http://www.opencart.com

Options +FollowSymlinks

# Prevent Directoy listing 
Options -Indexes

# Prevent Direct Access to files
<FilesMatch "\.(tpl|ini|log)">
 Order deny,allow
 Deny from all
</FilesMatch>

# SEO URL Settings
RewriteEngine On
# If your opencart installation does not run on the main web folder make sure you folder it does run in ie. / becomes /shop/

# Non-www to www
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=feed/google_base [L]

#NEW REWRITE RULES
ReWriteRule  ^home/$  index.php?route=common/home [L] #Home Page
RewriteRule  ^contact/?$  index.php?route=information/contact  [L] #Contact Page
ReWriteRule  ^account/?$  index.php?route=account/account  [L]  #Account Page
ReWriteRule  ^login/?$  index.php?route=account/login  [L]  #Login Page
ReWriteRule  ^logout/?$  index.php?route=account/logout  [L]  #Logout Link
ReWriteRule  ^cart/$  index.php?route=checkout/cart  [L] #Cart Page
ReWriteRule  ^checkout/$  index.php?route=checkout/checkout  [L] #Checkout Page
ReWriteRule  ^manufacturers/$  index.php?route=product/manufacturer  [L] #Manufacturer Page
ReWriteRule  ^specials/$  index.php?route=product/special  [L] #Specials Page
ReWriteRule  ^vouchers/$  index.php?route=account/voucher  [L] #Voucher Page
ReWriteRule  ^wishlist/$  index.php?route=account/wishlist  [L] #Wishlist Page
ReWriteRule  ^my-orders/$  index.php?route=account/orders  [L] #Past Orders Page
#END NEW REWRITE RULES

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]

### Additional Settings that may need to be enabled for some servers 
### Uncomment the commands by removing the # sign in front of it.
### If you get an "Internal Server Error 500" after enabling any of the following settings, restore the # as this means your host doesn't allow that.

# 1. If your cart only allows you to add one item at a time, it is possible register_globals is on. This may work to disable it:
# php_flag register_globals off

# 2. If your cart has magic quotes enabled, This may work to disable it:
# php_flag magic_quotes_gpc Off

# 3. Set max upload file size. Most hosts will limit this and not allow it to be overridden but you can try
# php_value upload_max_filesize 999M

# 4. set max post size. uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value post_max_size 999M

# 5. set max time script can take. uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value max_execution_time 200

# 6. set max time for input to be recieved. Uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value max_input_time 200

# 7. disable open_basedir limitations
# php_admin_value open_basedir none

I appreciate any help with this.

Thanks,

DD

Newbie

Posts

Joined
Wed Dec 28, 2011 7:10 am

Post by cwswebdesign » Fri Jan 03, 2014 6:48 am

You shouldn't have to change anything in your .htaccess

DL

This account is inactive. Look for us under the name 'EvolveWebHosting' and contact us under that username.

Thanks!


User avatar
Active Member

Posts

Joined
Sun Dec 11, 2011 12:26 am
Location - USA

Post by victorj » Fri Jan 03, 2014 6:59 am

it all depends on what you want,

you can run your entire site under ssl, or just when customers go into checkout.
Here there are different ideas on what you should do, some consider that you just need checkout nad registration to run under ssl, as some laws requiere, some , as i think will have a site run completely ssl.

if you want just the checkout and registration to run ssl, edit your config files and find the https section and adjust url to go to https, in admin, settings, your shop, server, enable ssl, and it should work as intended.

running your shop under ssl as soon as a visitor enters your site, requires a total different approach, involving editing config files and .htaccess to force all vistors to redirect to ssl, if you want taht just drop a PM

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com


User avatar
Expert Member

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by MarketInSG » Fri Jan 03, 2014 10:46 am

it does not make sense to run the whole site on SSL if there's no need to. There's no sensitive information being sent on your products page or home page i believe


User avatar
Guru Member

Posts

Joined
Wed Nov 16, 2011 11:53 am
Location - Singapore

Post by cwswebdesign » Fri Jan 03, 2014 12:50 pm

MarketInSG wrote:it does not make sense to run the whole site on SSL if there's no need to. There's no sensitive information being sent on your products page or home page i believe
That is correct and it will also make your site load even slower with full https enabled.

DL

This account is inactive. Look for us under the name 'EvolveWebHosting' and contact us under that username.

Thanks!


User avatar
Active Member

Posts

Joined
Sun Dec 11, 2011 12:26 am
Location - USA

Post by victorj » Fri Jan 03, 2014 5:58 pm

MarketInSG and cwswebdesign, you both are completely right from a technical point of view.
But from a commercial point of view it can gain just that extra bit off trust from a potential customer.

In the end, its the shopowner making the decision thats right for his or her country and their clients.
I live in holland, and online shopping is by far not deceloped as it is in the USA, as here there are no distances, and everything can be bought almost around the corner, also laws are very strickt, regarding security.
in my case running entire site under ssl makes a great positive difference in conversion, so the extra cost for ssl is a great investment that will pay for itself.

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com


User avatar
Expert Member

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by sml » Fri Jan 03, 2014 6:32 pm

victorj wrote:so the extra cost for ssl is a great investment that will pay for itself.
Yes, $4 to $5 is a great investment for your business ...
https://www.gogetssl.com/domain-validat ... itive-ssl/

I think you can get an SSL for free if you prefer to save $5.

sml
Active Member

Posts

Joined
Sat Apr 02, 2011 6:56 am

Post by victorj » Fri Jan 03, 2014 6:44 pm

you need a dedicated ip as well for your hosting, wich at least here is more expensive than a certificate.
dont like comodo, it does not support all mobile devices, using geotrust nowadays

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com


User avatar
Expert Member

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by double_dd » Fri Jan 03, 2014 6:51 pm

Thanks for the replies so far. I don't want to use SSL on all pages, only the standard account pages etc.

So with that in mind I will be making no changes to by .htaccess.

The question is now - Can I buy an SSL certificate from anywhere? or must I go through my hosting provider?

I'm currently on shared hosting - will this be a problem?

Cheers,

DD

Newbie

Posts

Joined
Wed Dec 28, 2011 7:10 am

Post by sml » Fri Jan 03, 2014 7:10 pm

You can buy from anywhere .... the link that I posted above is reputable and I have purchased a few SSL certs from there in the last few months.

For shared hosting, you will need to buy a dedicated IP .. my shared hosting business charges $5/mth for the dedicated IP.

Is your web-host using cpanel? It should be quite easy to setup yourself .. it is really just pasting in some text from your certificate provider.

sml
Active Member

Posts

Joined
Sat Apr 02, 2011 6:56 am

Post by double_dd » Fri Jan 03, 2014 7:17 pm

Yep - it uses cpanel. I'll have a look if I can do it through there and if not get in touch with my hosting company as they're usually pretty helpful.

Newbie

Posts

Joined
Wed Dec 28, 2011 7:10 am

Post by victorj » Fri Jan 03, 2014 7:21 pm

first check with your hoster if they can assign a dedicated ip to your site.
once you have a dedicated ip, you can generate a csr (certificate signing request) to obtain a ssl certificate.

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com


User avatar
Expert Member

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by sml » Fri Jan 03, 2014 7:47 pm

login to cpanel and see if you have this icon ....

Image

you dont need a dedicated IP to generate a CSR .. you can generate a CSR on gogetssl.com when you buy your SSL cert, and then just copy & paste everything into the SSL/TLS Manager in cPanel.

you do need a dedicated IP to install your SSL cert.

sml
Active Member

Posts

Joined
Sat Apr 02, 2011 6:56 am

Post by double_dd » Fri Jan 03, 2014 9:24 pm

Unfortunately I don't have the SSL option in my cpanel :( I've contacted my host and they should get back to me in the next couple of hours.

DD

Newbie

Posts

Joined
Wed Dec 28, 2011 7:10 am

Post by sml » Sat Jan 04, 2014 8:52 am

Yea .. my host had it enabled for years but removed it just recently, but they installed for free (even though I bought the cert at half the price of what the hosting business was charging!).

sml
Active Member

Posts

Joined
Sat Apr 02, 2011 6:56 am

Post by MarketInSG » Sat Jan 04, 2014 11:58 am

it's the IP that cost, not the certificates, really. unless you're getting an expensive cert..


User avatar
Guru Member

Posts

Joined
Wed Nov 16, 2011 11:53 am
Location - Singapore

Post by double_dd » Tue Jan 07, 2014 3:21 am

OK so thanks for all the help with this. Got my SSL cert installed, got all the https URLs working but just one last thing...

I'd like a .htaccess rule that re-directs anyone visiting a https version of my pages to the http version - not including account/admin/checkout obviously.

Can anyone help with this? My .htaccess is on my first post if that helps.

Cheers,

DD

Newbie

Posts

Joined
Wed Dec 28, 2011 7:10 am

Post by cwswebdesign » Tue Jan 07, 2014 3:45 am

http pages are displayed by default unless you've made additional changes somewhere along the way. Are you thinking someone will type in the https:// address right away and you want to force that to not happen?

DL

This account is inactive. Look for us under the name 'EvolveWebHosting' and contact us under that username.

Thanks!


User avatar
Active Member

Posts

Joined
Sun Dec 11, 2011 12:26 am
Location - USA

Post by double_dd » Tue Jan 07, 2014 3:52 am

Hey,

Yep. If they happen to type it in, or someone links to a https page. I'd like it to be re-directed to the standard http unless they are meant to be on one of the aforementioned https pages.

Main reason is for SEO - I don't want two pages accessible with different URLs.

Newbie

Posts

Joined
Wed Dec 28, 2011 7:10 am

Post by cwswebdesign » Tue Jan 07, 2014 7:41 am

You don't have to worry about search engines picking up non secure and secure urls of the same page.

DL

This account is inactive. Look for us under the name 'EvolveWebHosting' and contact us under that username.

Thanks!


User avatar
Active Member

Posts

Joined
Sun Dec 11, 2011 12:26 am
Location - USA
Who is online

Users browsing this forum: No registered users and 47 guests