[SOLVED] Non Shared SSL Warnings - Still present after all mods

[steve189]

EDIT: Read my post, it's the fifth one down, for how I fixed it. EDIT

This is a subject I know has been mentioned a lot on here and I have dredged through all the post I can find but this is really a serious problem that no matter how good the prestashop system is makes any eCommerce store a non starter!

Regardless of the analytics fixes, the init.php file fixes, the header.tpl fixes etc etc there is still a mixed content warning pop up in IE and exclamation mark in Firefox etc.

ANY warning re: security of a site makes me instantly click away from it so this is a serious issue and as uber superb as PS is, one that does not seem to be being taken as a priority. Aside from setting the whole site under the https prefix which is not a good idea I have run out of ideas.

My problem area so far is the first step a user would see, trying to register a new account. It seems to be ALL graphics and something within the category block module that are blocked by IE and as such appear to be the culprits.

Is there an answer anywhere on this forum that actually works?

EDIT - Possibly solved! I reverted all the mods found on here back to the original files and removed the block advertising module (my advertising block is modified to show Google AdSense) from all pages requiring SSL. It doesn't have to be totally removed, just via the "positions" feature by adding a comma separated list of pages to not show on. So far all warnings in IE, Firefox, Safari and Chrome have buggered off!

[steve189]

Yep ok so far all is working fine simply by removing the block advertising module from SSL required pages.

I'll update this thread soon with a comma separated list of all pages that need to be added to the modules > positions - exceptions field.

EDIT - Note the category block issue was due to the javascript for the tree slide effect not loading as IE was waiting for me to confirm view or not view the blocked items - eg the adsense javascript, as soon as the adsense block was removed the script for the category tree loaded ok.

[mooshi]

Hi!

IE always throws an SSL warning on pics, you can solve it by making your pic links https eg: say you had an extra pic in the footer

[steve189]

There were no image related errors surprisingly, not in any of the parent level pages and I have rectified the problem re any parent level page requiring SSL simply by removing the block advertising module from them...

HOWEVER! sigh, here we go again...

When logged in as a demo user and in my account there are numerous sections I can visit all of which are under SSL ie:

My Orders
My Credit Slips
My Addresses
etc etc

The first few are parent level as mentioned in my opening paragraph in this post and all are now fixed with regard to no SSL warnings BUT:

My alerts
My loyalty points
My wishlists <--EDIT this appears to be ok using the modules > postitions > exceptions for block advertising

are all sub child level ie /modules/modulename/modulefile.php

All are affected by images causing SSL warnings and so now I'm looking into that..... Grrrrrrrrrrrr! This really should have been dealt with earlier on in development surely.

With regard to my above EDIT to wishlists, I'm going to look now into how the wishlists page templates etc differ from the other two... I can feel we're close now... Hmmn I won't hold my breath however.

[steve189]

Right, I think this is it.

To re cap I discovered something in my block advertising module was causing me SSL warnings so rather than just remove the ad block from all pages I used the positions feature within the modules control panel in Admin.

Admin > Modules > Positions

Block advertising (this works for all blocks) and click the pencil, edit icon to open the transplant module page:

Third field is for Exceptions, these are pages you do not want that block to appear in.

In the field add comma separated file names of the page you want to exclude eg file1.php,file2.php

The following list of file names is by no means definitive but it is the pages I chose to remove the ad block from.
NOTE although myalerts.php, mywishlist.php & loyalty-program.php are in /modules/modulename/ sub folders the file name alone appears to work fine when added to the Exceptions input box:

authentication.php,my-account.php,history.php,order.php,order-slip.php,addresses.php,identity.php,discount.php,myalerts.php,loyalty-program.php,mywishlist.php

That process alone fixed my SSL warning for most of the areas within the user registration and logged in account pages.

However as I mentioned previously in this thread I encountered what appeared to be image related SSL warnings/errors in two of the three modules I have set up that are accessed from a logged in user account.

In my case they were:

/modules/mailalerts/myalerts.php
/modules/loyalty/loyalty-program.php

Now for some reason my third module, /modules/blockwishlist/mywishlist.php was fixed just by removing the block advertising (above) and threw out no image related SSL warnings, it worked fine yet the other two modules didn't...

So, what was different?

Luckily the difference between the two faulty pages and the working wishlist page was found in the first few lines, the following code was in /mywishlist.php but not in the other two:

/*SSL Management*/
$useSSL = true;

I just pasted that code below the opening <?php tag - FTP'd the updated files across and refreshed my browser!

Bingo! Not a single SSL warning )

Bonus tip: I also have a modified module that includes a few social networking, stumbleupon links etc and I altered the code I used for the icon images from:

to

and that, as mentioned by ammika above, fixed that too.

[Guest]

Thanks a lot mate.
Your post really help me on the unsecured content SSL warning!
BTW, do you find when you update your own addresses in your account, there is a SSL warning?
Any ideas how to solve this?

[DesignMonstr]

Right, I think this is it.

To re cap I discovered something in my block advertising module was causing me SSL warnings so rather than just remove the ad block from all pages I used the positions feature within the modules control panel in Admin.

Admin > Modules > Positions

Block advertising (this works for all blocks) and click the pencil, edit icon to open the transplant module page:

Third field is for Exceptions, these are pages you do not want that block to appear in.

In the field add comma separated file names of the page you want to exclude eg file1.php,file2.php

The following list of file names is by no means definitive but it is the pages I chose to remove the ad block from.
NOTE although myalerts.php, my.php & loyalty-program.php are in /modules/modulename/ sub folders the file name alone appears to work fine when added to the Exceptions input box:

authentication.php,my-account.php,history.php,order.php,order-slip.php,addresses.php,identity.php,discount.php,myalerts.php,loyalty-program.php,my.php

That process alone fixed my SSL warning for most of the areas within the user registration and logged in account pages.

However as I mentioned previously in this thread I encountered what appeared to be image related SSL warnings/errors in two of the three modules I have set up that are accessed from a logged in user account.

In my case they were:

/modules/mailalerts/myalerts.php
/modules/loyalty/loyalty-program.php

Now for some reason my third module, /modules/block/my.php was fixed just by removing the block advertising (above) and threw out no image related SSL warnings, it worked fine yet the other two modules didn't...

So, what was different?

Luckily the difference between the two faulty pages and the working wishlist page was found in the first few lines, the following code was in /my.php but not in the other two:

/*SSL Management*/
$useSSL = true;

I just pasted that code below the opening <?php tag - FTP'd the updated files across and refreshed my browser!

Bingo! Not a single SSL warning )

Bonus tip: I also have a modified module that includes a few social networking, stumbleupon links etc and I altered the code I used for the icon images from:

to

and that, as mentioned by ammika above, fixed that too.

Hi Steve,

I have went thru you thread and I sort of have the similar problem on my site LINK and like to share with you and If you can shed some light I will really appreciate as I can see you have worked with every nut and bolt of Prestashop SSL.

I have purchased the a GoDaddy Turbo Standard SSL and It's active you can see everything is fine on the following LINK.

Just little brief on how I have it setup, I have the domain pointing from 1and1 to MediaTemple as I have a dedicated virtual server on MT on my name, and purchased a the $30 Godaddy's turbo standard SSL on my name for my clients site so does it matter that the my information is on GoDaddy's billing and The SSL is for my clients store.

Everything looks good on GoDaddy side and my Hosting at Media Temple. The problem starts when I enable SSL from Prestashop BO and then when I sign in to checkout and then when I click next on Address page I get security warning on all Browsers and on firefox I see the lock with exclamation mark on status bar.

Security Warning on Firefox

Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?

I have tried to remove/edit any thing http only to https and also tried directing http to https by editing .htaccess but nothing really fix it.

Also When I click on the favicon next URL Bar the Page Info pops up and under Website Identity I see the following next to owner: This web site does not supply ownership information (Like I have mentioned above that the hosting/ssl account is in my name and jewelry site corporation is not under my name is this the reason it shows this ownership message?), but when I click on VIEW CERTIFICATE i can see valid godaddy certificate info. I am now confused if this is a bug with 1.2 and is fixed in 1.3, so i should upgrade or the problem is with godaddy's cert or the way I installed it.

Please if you can shed some light It will be a big help.

I have created a test login for front office

user: [email protected]
pass: testtest

Thanks Steve,

ER

[diu1so]

Having the same problem like Steve on www.pronat.ro

But now... it's inactive the SSL on my website.

[jfriday]

Hey, ya'll!

I am new to Prestashop, just transferred my store, equigifts.com last month (LINK.

I was encountering this same problem using the Black&White;theme from 2link. Security wasn't consistent through checkout and I either had to disable SSL or get the error message about sending info over an unsecure connection with https://equigifts.com/order.php?step=1 changing to HTTP://www.equigifts.com/order.php

Thankfully, I was able to fix it. Here is how:

1. Changed all images associated with the order* tpl files to secure. I think these are all under order-steps.tpl

2. In order-address.tpl, line 19, change {$base_dir}order.php to your hard coded secure link

3. In order-carrier.tpl, line 37 do the same thing

This fixed my problem - hope it helps someone else!

[DesignMonstr]

Hey, ya'll!

I am new to Prestashop, just transferred my store, equigifts.com last month (LINK.

I was encountering this same problem using the Black&White;theme from 2link. Security wasn't consistent through checkout and I either had to disable SSL or get the error message about sending info over an unsecure connection with https://equigifts.com/order.php?step=1 changing to HTTP://www.equigifts.com/order.php

Thankfully, I was able to fix it. Here is how:

1. Changed all images associated with the order* tpl files to secure. I think these are all under order-steps.tpl

2. In order-address.tpl, line 19, change {$base_dir}order.php to your hard coded secure link

3. In order-carrier.tpl, line 37 do the same thing

This fixed my problem - hope it helps someone else!

Thanks alot for posting a solution I will try this and will let u know if it worked.

ER

[DesignMonstr]

Hey, ya'll!

I am new to Prestashop, just transferred my store, equigifts.com last month (LINK.

I was encountering this same problem using the Black&White;theme from 2link. Security wasn't consistent through checkout and I either had to disable SSL or get the error message about sending info over an unsecure connection with https://equigifts.com/order.php?step=1 changing to HTTP://www.equigifts.com/order.php

Thankfully, I was able to fix it. Here is how:

1. Changed all images associated with the order* tpl files to secure. I think these are all under order-steps.tpl

2. In order-address.tpl, line 19, change {$base_dir}order.php to your hard coded secure link

3. In order-carrier.tpl, line 37 do the same thing

This fixed my problem - hope it helps someone else!

Thanks alot for posting a solution I will try this and will let u know if it worked.

ER

THANKS A MILLION THIS IS THE PERFECT SOLUTION. I HAVE ALSO NOTICED THAT FOR SECURE URL THE SNIPPET IS {$base_dir_ssl} INSTEAD OF {$base_dir} BUT HAN'T TRIED IT. I THINK IT SHOULD WORK. I JUST USED THE HARDCODED SECURE URL.

THANKS AGAIN AS I WAS WAITING FOR SEVERAL DAYS FOR SOMEONE TO POST A SOLUTION AND YOU DID IT.

ER

[jfriday]

Yes, {$base_dir_ssl} will work. I didn't realize that variable existed until I did some more digging - my background is in a different platform that we switched from, so while the logic is the same, the variables are not.

I still have the problem of a few items on the pages not being secure, so I'm not getting the blue bar. Have checked that all the http is https and still no go, so there must be a variable somewhere that I'm not seeing. Hope that's not the case for you, but glad I could help out even a little!

[DesignMonstr]

Actually I am also not a php guy but just try to find my way through it often. Oh ya I didn't realize it unless you mentioned it, I am also not getting the blue bar, but if I go to payment logo img url it has blue bar and I can see that it's verified by godaddy

url: https://www.salmajewelry.com/themes/blackwhite/img/payment_logo.gif

[DesignMonstr]

Yes, {$base_dir_ssl} will work. I didn't realize that variable existed until I did some more digging - my background is in a different platform that we switched from, so while the logic is the same, the variables are not.

I still have the problem of a few items on the pages not being secure, so I'm not getting the blue bar. Have checked that all the http is https and still no go, so there must be a variable somewhere that I'm not seeing. Hope that's not the case for you, but glad I could help out even a little!

I have spent last 2-3 hours finding out a solution for this blue bar not appearing but had no luck. I have come across another thread which might give you some idea as well but it didn't work.

http://www.prestashop.com/forums/viewthread/55659/configuring___using_prestashop/ssl_on_all_pages_dot__dot__dot_

Do you think only img url without https is causing problem or any url with http can cause this.

for now I have disabled my SSL cause even though firefox doesn't show any security warning IE does and I looked at google analytics, unfortunately 50% of visitor still use IE.

ER

[jfriday]

Wish they would just all upgrade to FF (or anything is better than IE IMHO)! That was my next thought, checking all the links... so I removed anything http: from the order pages. Didn't change anything, so unless I missed something that wasn't it. Will let you know if I have a breakthrough, though!

[jackso11]

just found this and it looks like a solution to my ssl problems, however, I am not a php guy although I have been changing quite a lot of code to get my shop working. I am confused by 'change all images to secure images', how do I do that?

[Yun]

Hey, ya'll!

I am new to Prestashop, just transferred my store, equigifts.com last month (LINK.

I was encountering this same problem using the Black&White;theme from 2link. Security wasn't consistent through checkout and I either had to disable SSL or get the error message about sending info over an unsecure connection with https://equigifts.com/order.php?step=1 changing to HTTP://www.equigifts.com/order.php

Thankfully, I was able to fix it. Here is how:

1. Changed all images associated with the order* tpl files to secure. I think these are all under order-steps.tpl

2. In order-address.tpl, line 19, change {$base_dir}order.php to your hard coded secure link

3. In order-carrier.tpl, line 37 do the same thing

This fixed my problem - hope it helps someone else!

Jessica - I think I love you. This solved a major problem for me. One final touch was changing the {$base_dir} reference at the top of the shopping-cart.tpl. That little padlock stays beautifully secure all the way through the process.

Happy happy! Joy joy!

Just to confirm - I modified the following files to fix the problem:

- order-steps.tpl
- order-address.tpl
- order-carrier.tpl
- shopping-cart.tpl

[Dan1]

Hi!

IE always throws an SSL warning on pics, you can solve it by making your pic links https eg: say you had an extra pic in the footer

amikka, how exactly is this done? making pic links https?

[Roberto125]

Good day,

if you see a warning message, it is due to the fact that the SSL certificate present is an auto-generated certificate from your server.

The solution is to take a SSL certificate from a Certificate Authority like VeriSign, GlobalSign, GeoTrust, RapidSSL, thawte.

Best regards,

[tozama]

Good day,

if you see a warning message, it is due to the fact that the SSL certificate present is an auto-generated certificate from your server.

The solution is to take a SSL certificate from a Certificate Authority like VeriSign, GlobalSign, GeoTrust, RapidSSL, thawte.

Best regards,

 

 

Errrmmm, That is "A" reason one can get a cert warning, yes.

But I and I bet most posters here have a real cert installed and we are addressing specific issues with Presta and how it handles mixed content calls.

 

Thanks for the fixes some of you posted above. I am off to see if I can resolve mine now.

 

And as one poster pointed out, this IS a serious issue for an ecommerce site.

The last thing I want is to lose a customer over something like this!

[tozama]

If you are using the cool sliding menu module addon called Menu DHTML by Tom06 v1.1 "Add a dhtml menu in your site" I just figured out it was the last item to cause the Security warning for my site.

I disabled it and all messages went away.

 

I had to add more pages than:

 

The following list of file names is by no means definitive but it is the pages I chose to remove the ad block from.

NOTE although myalerts.php, mywishlist.php & loyalty-program.php are in /modules/modulename/ sub folders the file name alone appears to work fine when added to the Exceptions input box:

authentication.php,my-account.php,history.php,order.php,order-slip.php,addresses.php,identity.php,discount.php,myalerts.php,loyalty-program.php,mywishlist.php

 

....but through testing managed to stop all the warning boxes.

 

The downside is this excludes the slider menu from all those pages so if you hope to have a Categories menu beyond the home page I suggest you use the default Categories Block that the original install comes with.

[Vank]

Hi, I'm somehow new to Prestashop, and I'm no programmer, so I'm quite lost in what to do. I just got my SSL installed yesterday, and also I uploaded my site. Last night it was working everything ok, no warning, everything nice.

 

Today I opened the site and found the same SSL warning message described here.

 

I read the complete thread and also others, all offer different solutions.

 

Problem is when I check the Console in Chrome, it shows so many warnings I'm lost how to make this work.

 

Already in the Index page is showing the warnings, if I remove the https from the browser, then goes ok, but when going to the shopping cart, it goes https and the warnings appear again, going to the home page again shows it under https with warnings..

 

I have no idea how to make the changes, in the console I see basically that is loading insecure content from a bunch of .js, .css and some images..

 

what can I do? where to start?

 

note: I would like to be able to use https in all the site, is that possible?

 

http://kirschbits.de/shopPS/en/

 

thanks for any help!