[ic] SSL Cert.

Stefan Hornburg (Racke) racke at linuxia.de
Wed Dec 2 19:01:53 UTC 2015 

On 12/02/2015 06:43 PM, kerry wrote:
> 
> 
> On 12/02/2015 11:37 AM, Frank Reitzenstein wrote:
>> kerry wrote:
>>> On 12/02/2015 09:28 AM, Stefan Hornburg (Racke) wrote:
>>>> On 12/02/2015 03:23 PM, kerry wrote:
>>>>> My Host recently installed a new ssl cert to my site.
>>>>>  It shows secure at the Geotrust site for checking, but when youclick
>>>>> the add button to add an item to the cart, you get a warning that the
>>>>> page is insecure. You can go through the rest of the checkout with out a
>>>>> problem. It also shows up in the admin side under the items tab.
>>>>>
>>>>> My host has verified that it working fine and indicates it is in the
>>>>> interchange program.
>>>>>
>>>>> Here is a link to an item ready to add to the cart for a look at what is
>>>>> happening. Just click the add button to see what is happening.
>>>>>
>>>>> https://decor.basicq.com/cgi-bin/dcart/P301.html
>>>>>
>>>>> I searched the docs and could not find a solution to what is happening
>>>>> and why.
>>>>>
>>>>> Any suggestions appreciated.
>>>>>
>>>> The form action points to http:// - you need to fix that.
>>>>
>>>> Regards
>>>> 	Racke
>>> Now to find where the form action is located.
>>>
>>> My host noticed that all the pages have the https and the secure favon
>>> on them.
>>>
>>>
>>> Kerry
>>>
>>>
>>>
>>> _______________________________________________
>>> interchange-users mailing list
>>> interchange-users at icdevgroup.org
>>> http://www.icdevgroup.org/mailman/listinfo/interchange-users
>>>
>> cd /var/lib/interchange/nasicq/ or wherever your catalog resides.
>>
>> grep -r "http://decor.basicq.com"
>>
>> That will list all instances in all pages of the insecure link. I assume
>> that your entire site is secure. Then you need to replace them all with
>> https://
>>
>> I have the strap store well advanced and all secure. I found that once
>> the entire store was secure I kept losing the cart after the rewrite
>> rules. I was able to fix this by forcing a session id at most menu links.
>>
>> https://www.kenyan-curios.com/?id=[data session id]
>>
>> Then I had to fiddle around in apache2.conf so that the session id was
>> always removed for google and casual blowins, whilst once a session id
>> appears at the cart it was thereafter always enforced. I had a great
>> time hacking the strap store after encountering endless problems. It
>> looks like your cart may be more stable.
>>
>>
>> _______________________________________________
>> interchange-users mailing list
>> interchange-users at icdevgroup.org
>> http://www.icdevgroup.org/mailman/listinfo/interchange-users
> 
> http://dottech.org/86332/firefox-is-going-to-start-forcing-https-usage-for-sensitive-websites-to-thwart-man-in-the-middle-attacks/
> 
> 
> Looks like Firefox is part of the problem. I checked some other pc here and seems like some have the new stuff enabled and others not.
> 
> My host said the same thing, secure the whole site and  be done with it. 
> 
> I will see if I can follow your advise.

It is definitely recommended to use https:// only, also Google claims they
give you a little bump in their ranking if you abolish http://.

E.g., the starting point is:

VendURL	https://__SERVER_NAME____CGI_URL__

Regards
	Racke



-- 
Perl and Dancer Development

Visit our Perl::Dancer conference 2015.
More information on https://www.perl.dance.

More information about the interchange-users mailing list