[ic] SSL Cert.
kerry
kerry at basicq.com
Thu Dec 3 09:28:23 UTC 2015
On 12/02/2015 02:01 PM, Stefan Hornburg (Racke) wrote:
> On 12/02/2015 06:43 PM, kerry wrote:
>>
>> On 12/02/2015 11:37 AM, Frank Reitzenstein wrote:
>>> kerry wrote:
>>>> On 12/02/2015 09:28 AM, Stefan Hornburg (Racke) wrote:
>>>>> On 12/02/2015 03:23 PM, kerry wrote:
>>>>>> My Host recently installed a new ssl cert to my site.
>>>>>> It shows secure at the Geotrust site for checking, but when youclick
>>>>>> the add button to add an item to the cart, you get a warning that the
>>>>>> page is insecure. You can go through the rest of the checkout with out a
>>>>>> problem. It also shows up in the admin side under the items tab.
>>>>>>
>>>>>> My host has verified that it working fine and indicates it is in the
>>>>>> interchange program.
>>>>>>
>>>>>> Here is a link to an item ready to add to the cart for a look at what is
>>>>>> happening. Just click the add button to see what is happening.
>>>>>>
>>>>>> https://decor.basicq.com/cgi-bin/dcart/P301.html
>>>>>>
>>>>>> I searched the docs and could not find a solution to what is happening
>>>>>> and why.
>>>>>>
>>>>>> Any suggestions appreciated.
>>>>>>
>>>>> The form action points to http:// - you need to fix that.
>>>>>
>>>>> Regards
>>>>> Racke
>>>> Now to find where the form action is located.
>>>>
>>>> My host noticed that all the pages have the https and the secure favon
>>>> on them.
>>>>
>>>>
>>>> Kerry
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> interchange-users mailing list
>>>> interchange-users at icdevgroup.org
>>>> http://www.icdevgroup.org/mailman/listinfo/interchange-users
>>>>
>>> cd /var/lib/interchange/nasicq/ or wherever your catalog resides.
>>>
>>> grep -r "http://decor.basicq.com"
>>>
>>> That will list all instances in all pages of the insecure link. I assume
>>> that your entire site is secure. Then you need to replace them all with
>>> https://
>>>
>>> I have the strap store well advanced and all secure. I found that once
>>> the entire store was secure I kept losing the cart after the rewrite
>>> rules. I was able to fix this by forcing a session id at most menu links.
>>>
>>> https://www.kenyan-curios.com/?id=[data session id]
>>>
>>> Then I had to fiddle around in apache2.conf so that the session id was
>>> always removed for google and casual blowins, whilst once a session id
>>> appears at the cart it was thereafter always enforced. I had a great
>>> time hacking the strap store after encountering endless problems. It
>>> looks like your cart may be more stable.
>>>
>>>
>>> _______________________________________________
>>> interchange-users mailing list
>>> interchange-users at icdevgroup.org
>>> http://www.icdevgroup.org/mailman/listinfo/interchange-users
>> http://dottech.org/86332/firefox-is-going-to-start-forcing-https-usage-for-sensitive-websites-to-thwart-man-in-the-middle-attacks/
>>
>>
>> Looks like Firefox is part of the problem. I checked some other pc here and seems like some have the new stuff enabled and others not.
>>
>> My host said the same thing, secure the whole site and be done with it.
>>
>> I will see if I can follow your advise.
> It is definitely recommended to use https:// only, also Google claims they
> give you a little bump in their ranking if you abolish http://.
>
> E.g., the starting point is:
>
> VendURL https://__SERVER_NAME____CGI_URL__
>
> Regards
> Racke
>
>
>
Great starting point. This looks like it took care of the major problem
of the warning sign pop up. Now to locate the rest of my http links.
Thanks Racke and the others who helped.
More information about the interchange-users
mailing list