[ic] SSL Cert.

Wed Dec 2 17:43:59 UTC 2015

On 12/02/2015 11:37 AM, Frank Reitzenstein wrote:
> kerry wrote:
>> On 12/02/2015 09:28 AM, Stefan Hornburg (Racke) wrote:
>>> On 12/02/2015 03:23 PM, kerry wrote:
>>>> My Host recently installed a new ssl cert to my site.
>>>>  It shows secure at the Geotrust site for checking, but when youclick
>>>> the add button to add an item to the cart, you get a warning that the
>>>> page is insecure. You can go through the rest of the checkout with out a
>>>> problem. It also shows up in the admin side under the items tab.
>>>>
>>>> My host has verified that it working fine and indicates it is in the
>>>> interchange program.
>>>>
>>>> Here is a link to an item ready to add to the cart for a look at what is
>>>> happening. Just click the add button to see what is happening.
>>>>
>>>> https://decor.basicq.com/cgi-bin/dcart/P301.html
>>>>
>>>> I searched the docs and could not find a solution to what is happening
>>>> and why.
>>>>
>>>> Any suggestions appreciated.
>>>>
>>> The form action points to http:// - you need to fix that.
>>>
>>> Regards
>>> 	Racke
>> Now to find where the form action is located.
>>
>> My host noticed that all the pages have the https and the secure favon
>> on them.
>>
>>
>> Kerry
>>
>>
>>
>> _______________________________________________
>> interchange-users mailing list
>> interchange-users at icdevgroup.org
>> http://www.icdevgroup.org/mailman/listinfo/interchange-users
>>
> cd /var/lib/interchange/nasicq/ or wherever your catalog resides.
>
> grep -r "http://decor.basicq.com"
>
> That will list all instances in all pages of the insecure link. I assume
> that your entire site is secure. Then you need to replace them all with
> https://
>
> I have the strap store well advanced and all secure. I found that once
> the entire store was secure I kept losing the cart after the rewrite
> rules. I was able to fix this by forcing a session id at most menu links.
>
> https://www.kenyan-curios.com/?id=[data session id]
>
> Then I had to fiddle around in apache2.conf so that the session id was
> always removed for google and casual blowins, whilst once a session id
> appears at the cart it was thereafter always enforced. I had a great
> time hacking the strap store after encountering endless problems. It
> looks like your cart may be more stable.
>
>
> _______________________________________________
> interchange-users mailing list
> interchange-users at icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users

http://dottech.org/86332/firefox-is-going-to-start-forcing-https-usage-for-sensitive-websites-to-thwart-man-in-the-middle-attacks/

Looks like Firefox is part of the problem. I checked some other pc here and seems like some have the new stuff enabled and others not.

My host said the same thing, secure the whole site and  be done with it. 

I will see if I can follow your advise.