[SOLVED] Have SSL installed and get errors when browsing (picture)

[rami]

hay everyone,

my web hosting was intall an unique (not shared) ssl certificate on my domain and when im forwarding from my main page into order.php, pay with cash page or just pressing the checkout button -im getting that error:

see here: https://exspresso.co.il/order.php

http://i49.tinypic.com/2a6qzx4.jpg

any ideas how to solve it?

[batevladi]

Hi! This is to do with the certificate which you installed, not with Presta... please address it to your system administrator/web-host.

If you need further consulting advise and professional intervention to get this resolved please let me know.

Regards,
Vlad

[rami]

the web host guy told me that with the certificate all fine. he said the problem is in configuring presta.

im confused.

[batevladi]

The nature of the secure certificates - SSL - is that the server (Apache/2.0.52 (CentOS) in this case) will encrypt/decrypt the communication between itself and the browser while serving the public part of the key to the browser and keeping the private part of the key to itself. The only thing that Presta will do is to re-direct the user to a secure URL (i.e. will pre-pend the HTTPS in the front of the URL).
[Maybe your web guy refers to the empty URL after the error you are referring to? That could be the set-up of your presta shop indeed (but it is not) - however you are asking certificate related question!!! Your web guy also does not make sense blaming it on the software as it seems that your HTTPS virtual server is not delivering the right content either - it is a server problem, yet again! :roll: ]

The error message of which which a screenshot you kindly posted above clearly says that the Browser cannot verify the issuer of the certificate. That is to say that the Server is correctly set-up (to the point of serving up the certificate), however the certificate is not authenticatable... there are only several companies (Certificate Authorities) around the world which do the authentication and you will have to pay for it. By the looks of it, your certificate has no CA root, which the browser can authenticate/trust - it is likely that the certificate was issued by your own server - yourself or your web guy, or the CA part of the certificate (if purchased) was not loaded properly on the server. This is fine, for as long as you have only people who know you and/or trust you coming to your site - then they can save and allow that certificate to be read and used each time, however not advisable if your site is used by people who find you on the net.

If you wanted to go for some self help, read up about SSL and certificate authorities - plenty of that on the web... just use your favourite search engine plus Wikipaedia has some very interesting and quite complete articles... :cheese:

Let me know if you need further help with this, naturally this carries a fee for the work done.
v

[rami]

vlad many thanks,

i was paying a lot of money to achieve non-shared ssl certificate and to implement all ssl . i am going to refer your message to the web host company and wait for there response.

btw, the name of the web host (cable) guy was also Vlad

[batevladi]

oooh, the plot thickens :coolsmirk:
yes, ssl does not come cheap - you are looking to pay anything between $60 to over $1000 for a certificate/year, and you will (in most cases be made to) need a static IP address. The actual set-up is very fiddly and one needs to know what one is doing... the reason why I am so insistent is that I keep on deploying clients with needs such as yours... unlike that other vlad I suspect (must be my dark shadow)
speaking of cable guys... the technologies are very different.
I currently use cloud hosting for me and clients which is the next affordable hosting up from shared, close to or slightly below VPS. it comes up to about $20-$25/month that would give you a dual core proc and 512M memory (including the ubiquitous 10G hard space) (Amazon is slightly cheaper but comes with caveats). With that you can have a full access to your server just as if it was dedicated.
Good luck!

[rami]

thanks man but i have my server sitting in large company in my country-means 14ms. coasts 25$/month (300MB-but daily backup) and for ssl its 14$/month.

[rami]

ok so now they fixed something but now im getting this:

i am getting in the left corner of my browser a pad-lock icon that shows red circle and a white ! mark on it.
when i double click it -it tels:

http://i47.tinypic.com/2irrr87.png

details:

web site identity:

web site: www.exspresso.co.il
owner: This web site does not supply ownership information.
verified by: Not specified

technical details:

connection partially connected

parts of the page you are viewing were not encrypted before being transmitted over the internet.
information sent over the internet without encryption can seen by other people while it is in transit.
end of details

the (cable) web host guy Alex told me that is because i have encrypted and non-encrypted links in the order.php page and the others. thats why.

it make any sense (maybe a little)?
and how can i/they fix this issue- cuz i dont want my customers to get this kind of errors when they buy and surf in my shop?

btw, they admitted about the ca roots. they ware not installed

[batevladi]

Hi, this seems ok now in Certificate terms, although the verifier is not coming through - [nevermind I have pointed it as important on the screenshot, it should not give you errors in the browser]. the reason why you get the little red circle is that you have some of your images coming out of the un-secured site, you will need to encode them in the template to ensure that the http/https is prepended automatically by the site. check the original theme for more detail

http://screencast.com/t/MzE3NjhiY

[rami]

how do i make that happen (encode the images)?

[batevladi]

if you have coded the template you know which variables to use, if not, ask the guy who got the templates for you.

[rami]

this is the guy:

http://dgcraft.free.fr/blog/index.php/themes-prestashop/moon-theme-prestashop/

but i dont know how to ask him.

btw, in the original it was publish under presta 1.2.4

[batevladi]

email or post on the template forum/leave comment (the site where you got the template from, not here)??? I would do that... I am sure other people would have the same problem.

[rami]

wait i am trying to organize a question.

edit: i was publish the comment+ send him a message.

btw, are you sure its not about the page showing and scan encrypted and the non-encrypted links?
(cable guy- sorry- the web host guy told me that insistently )

[batevladi]

hi! Just found this post - you may want to consider that solution isntead.
http://www.prestashop.com/forums/viewthread/35274/security/solvedssl_problems

here is another one:
http://www.prestashop.com/forums/viewthread/3497/P15/security/solved_ssl

[rami]

SOLVED!

how do i solved it:

i was using the "moon" theme

within the moon theme there all the *.tpl files.
so, i was chasing and open any *.tpl file that was in this directory (after backup of-course)

yoursite/themes/moon/

and in that dir i was changing this

{$base_dir}

to this

{$base_dir_ssl}

and it work like a charm!

important: do not change the header.tpl theme to {$base_dir_ssl} cuz when you go back to the domain and/or click on the logo to enter again it will come up with https:// and not with http://

one last thing vlad check out this picture:
http://i48.tinypic.com/258csjp.jpg
it is normal that is in the "owner" it says This web site does not supply ownership information.
and in the "verified by" it says The USERTRUST Network?
if it is not- how do i/they change this?

with love ,
rami

[batevladi]

This is because you are using the cheaper version of the certificate - i.e. the one that only authenticates the domain not the owner company. the one up costs a little more, and will populate the company identity - usually that also involves you sending some sort of a paper docuement or some other form of identification to the certificate issuer (simply a way of those guys to make money).

the Usertrust network is your root certificate authority. it is one of those CAs which are accepted as trusted for browsers, hence do not show the error message. if you buy the certificate from verisign or thawte or geo trust their names will appear there.

Glad you are all sorted!

[rami]

but i have a comodo ssl certificate!
why it is not appears?

[batevladi]

perhaps this is where you bought the cert?? they are a comodo company... (partner or reseller)
http://www.usertrust.com/index.asp

[rami]

what? this is insane!
cant be! you telling me that i paid 14$/month for service who ,in the original price, costs FREE?

gonna check it tomorrow with the webhost (cable) guy! arrrr

[deepee]

Hi Rami

Thanks for this information. I have the same issue.

So are you saying that every *.tpl file in the themes folder, (except for header.tpl) needs to be have this change?

That's a lot of checking!

Anyone know a fast way to achieve this?

Ta
deepee

[rami]

yes this is the way.

[batevladi]

Hello Deepee,

If your template is written well, you can try this solutions:
http://www.prestashop.com/forums/viewreply/27320/
(you are looking for posting #68)

or as I posted a couple of other solutions earlier in this thread:
http://www.prestashop.com/forums/viewreply/186083/
(you are looking for posting #14 and Rami's solution below that in #15)

Rami, hope all is well! Best! V

[rami]

in my website ssl goes well without errors!

[deepee]

Hi batevladi and rami

Thanks for the feedback.

I found out what was causing the issue.
I had installed the twitter-state module a week or so ago and that is the source of the problem.
I disabled it and now all is good.

I posted to the following thread to see if the publisher of this module has a solution.
http://www.prestashop.com/forums/viewthread/37422/P15/modules___development/module_las_twitter_state

I like the module and it would be great if it could be altered to work behind SSL.

All the best
deepee