About SSL

[ladivito]

Hi....i didnt use SSL before and i dont know where i need to use SSL....

for prestashop...in which part we need SSL ?

Thanks in advance ~

[mooshi]

Hi!

Most obvious is customer account pages, checkout ,contact and admin

[Raggy786]

Hi I got ssl but sometimes some of my testers get a unknown certificate message. Can anyone help on this issue ?

[heymedia]

I have the same problem. My hosting account manager told me that I have pages which use http:// instead of https:// , I added
$useSSL = true; on every .php page and still got that message

[heymedia]

Problem solved!

Add this to your .htaccess file

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

[kolamap]

Thanks heymedia!

That worked perfectly!

[e8tmyshorts]

Problem solved!

Add this to your .htaccess file

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

heymedia, just need a bit more help on this one - what does the $1 and the [R,L] do?

Alan

[bblacklist]

hi i m new bee in prestashop, i want to use SSL but dont really know how to use SSL... is so can help me.

Thanks

[wildchief]

hi i m new bee in prestashop, i want to use SSL but dont really know how to use SSL... is so can help me.

Thanks

Hello,

SSL is a means of encrypting data between your browser and the web server. In prestashop it would / could be used for the admin and for securing pages that have sensitive information such as the checkout.

Setting it up depends on your host and hosting service. If you have your own dedicated server or VPS you can buy your own certificate from anyone like verisign , thawte or godaddy etc and install it on apache / IIS , if you are in a shared hosting setup you might have to by the SSL certificate from the hosting company - which isn't a bad thing but can be a little more costly sometimes

[akboselk]

Hello heymedia

Your .htaccess working fine with PS 1.3.7

But still receiving SSL error on PS 1.4 (Stable)

Any idea how to fix this please ?

Thanks

[Hillary Johnson]

I know i am l'll late to reply on this and I am not even sure whether your problem has got resolved on this subject, but still I’m trying to answer it as simple as possible.

For “prestashop “ You are required to have SSL Certificate for, Register Page, Login Page, Forgot Password Page and if you have any specific pages where users used to fill confidential details.

If you’d like to buy an SSL right away, then I think you can buy it from SSLlogic.com as I have been using Instant SSL Certificate from the same reseller. And SSLlogic are also providing some attracting offers too!

Thanks.

[Roberto125]

Good day,

if you want to test first, then you can have a 30 days FreeSSL. We do not advise auto-generated SSL-certificates.

http://www.networking4all.com/en/ssl+certificates/products/by+type/trial/

Besides, the best Certificate Authorities are the following ones:

_ GlobalSign,
_ VeriSign,
_ Thawte,
_ GeoTrust,
_ RapidSSL


Best regards,

[Roberto125]

Good day,

if you want to test first, then you can have a 30 days FreeSSL.

http://www.networking4all.com/en/ssl+certificates/products/by+type/trial/

If it is the first time that you order a SSL certificate and you do not know how to deal with it, then order just a FREE SSL and follow the given procedures.

Best regards,

[Roberto125]

Good day,

yes, indeed. But this is not only for Credit card numbers, but also all kind of personal information, such as:

_ Name
_ Address
_ what the customer purchased
_ Phone number
_ Age
_ Gender
_ The amount spent
_ the e-mail address
_ ...


... all kind of details which can be sold to other companies and used against the customer(s).

These details may appear tiny but actually, there can have a huge impact.

For instance, if other companies have the e-mail address of the customer and if they know his purchase habits, then they will "spam" him with mails in which the customer(s) will be offered similar products.

As a consequence, each customer needs to be very careful when purchasing online. DO NOT give personal details (especially e-mail and credit card numbers) on a website unless the website has an OV (Organization Validated) or EV (Extended Validated) certificate. And also be aware of which CA issued the certificate in question.

The best Certificate Authorities are:

_ GlobalSign,
_ VeriSign,
_ Thawte,
_ GeoTrust,
_ RapidSSL

Best regards,

[zackblue456]

SSL stand for secure sockets Layer. I have no much idea but i think it is best technologyfor establishing an encrypted link between a web server and a browser.

[Roberto125]

Good day,

yes indeed. SSL is used by millions of websites to secure the Internet, including online purchases, financial transactions or sending personal data. This information will remain confidential during transmission between a web server and a browser and is not readable by others.

Best regards,

[dt88]

Currently on 1.3.2.3 until such time I can figure out how to get 1.4 working

Alright, I plugged the code in listed earlier, only I have unsecure feed from facebook which doesnt like me and tells the customer everytime we click there is insecure information on the website, making the entire website questionable .... quickest way to tell a customer please dont shop with me. so its no longer on it, but I also get this error without the htaccess code in the payment window as all the nav is in http, they want it in https.

So I was thinking, turn off all feed modules for the main https pages listed below, and then make it so that those pages rewrite all links http to https.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

myalerts.php,loyalty-program.php,discount.php,addresses.php,order-slip.php,order-follow.php,my-account.php,history.php,identity.php,order.php,referralprogram-program.php,mywishlist.php,authentication.php

http://www.webmasterworld.com/apache/3507002.htm
http://www.webdeveloper.com/forum/showthread.php?t=237555
http://www.namepros.com/programming/498820-htaccess-redirect-to-https-select-pages.html

[Roberto125]

Good day,

probably your SSL certificate is an auto-generated SSL certificate from your server? If that's the case, then it is the reason why you receive these pop-up messages.

I suggest you make a test with a FreeSSL and see if you still have this problem. This FreeSSL is free and lasts 30 days.

http://www.networking4all.com/en/ssl+certificates/products/by+type/

Please let us know if this solution works. Normally it will.

[dt88]

its a geotrust ssl - http://www.geotrust.com/au/ssl/ssl-certificates-premium/

[dt88]

does anyone know how to turn on the link rewrite specifically for those pages? or anything that requires https

myalerts.php,loyalty-program.php,discount.php,addresses.php,order-slip.php,order-follow.php,my-account.php,history.php,identity.php,order.php,referralprogram-program.php,mywishlist.php,authentication.php

[Roberto125]

Good day,

then I suggest you to contact GeoTrust directly. Did you purchase it directly from them? Or from a reseller?

Anyway, ask your provider to re-issue the certificate, just in case.

Best regards,

[Roberto125]

Good day,

"does anyone know how to turn on the link rewrite specifically for those pages?"

What do you mean exactly?

[Mohamed Esmat Farag]

Problem solved!

Add this to your .htaccess file

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

will this force ssl connection to the whole website or only specific pages?

what do you think about - like Hillary Johnson said - making only few forms on the website secure, which will result in faster page download, and less error messages?

[Roberto125]

Good day Mohamed Esmat Farag,

no matter how many pages or sub-domains you secure, there is no change in the speed.

But it also depends on the quality of the SSL certificate you use. It is not necessary to take several SSL certificates in order to secure several pages of the same website, you can take a SAN-certificate which is more than enough and way cheaper.

The SAN certificates of GlobalSign are more than enough and very efficient. To know more: http://www.networking4all.com/en/ssl+certificates/products/by+brand/globalsign/

[Roberto125]

SSL is used by millions of websites to secure the Internet, including online purchases, financial transactions or sending personal data. This information will remain confidential during transmission and is not readable by others.

Websites with this security are recognizable by the closed padlock and the https:// in the address bar. Like you can see on the login page of your bank. A SSL Certificate is required for an SSL connection.

A user can use a SSL Certificate to see who owns the site and who issued the certificate.

[wahlman]

Hello i am new in prestashop, dont really know how to use SSL.

[Roberto125]

Good day Wahlman,

what would you like to know ?

By looking at the videos, you will have a simple explanation of what SSL technology is:

http://www.networking4all.com/en/home/
http://www.networking4all.com/en/ssl+certificates/

Other videos about SSL and Networking4all:
http://www.networking4all.com/en/domain+names/
http://www.networking4all.com/en/hosting/
http://www.networking4all.com/en/resellers/
https://www.youtube.com/watch?v=iRoenMHx6LQ&feature=related
http://www.youtube.com/watch?v=eBgbnl9aNPk

[lblum]

Hi all,


Reading this conversation, I still have a question hanging on my mouth: what exactly does the optioon SSL on the preferences tab of the BO? Does it secure all the pages or only a set of pages???

Thanks a lot for your answer!

PD; I am also in the process of getting an ssl cert as I think it is a good way to promote the reliability of a website.

Lionel

[Roberto125]

Good day Lionel/Iblum,

SSL is used by millions of websites to secure the Internet, including online purchases, financial transactions or sending personal data. This information will remain confidential during transmission and is not readable by others.
Websites with this security are recognizable by the closed padlock and the https:// in the address bar. Like you can see on the login page of your bank. A SSL Certificate is required for an SSL connection. A user can use an SSL Certificate to see who owns the site and who issued the certificate.

A SSL certificate secures:

http://www.networking4all.com/ (and eveything which is after)

but also can secure all which is below:
example:
1) mail.networking4all.com
2) owa.networking4all.com
3) autodiscover.networking4all.com
... (infinite possibilities)

[kbrmin]

Is this deal with godaddy.com (http://www.godaddy.com/ssl/ssl-certificates.aspx) for $12.99/month sound right? Or is that not what I need for a Secure SSL Certificate?

[gkontos]

Is this deal with godaddy.com (http://www.godaddy.c...rtificates.aspx) for $12.99/month sound right? Or is that not what I need for a Secure SSL Certificate?

 

I think it is too much really. You shouldn't really spend more that $50 a year for a single site certificate. Unless you need a class 2 which validates your organization.

 

Since prestashop doesn't collect any PCI data which is good and all transactions occur at 3rd party gateways a class 1 should be enough.

 

Regards

George

[sambassador]

does anyone know how to turn on the link rewrite specifically for those pages? or anything that requires https

 

myalerts.php,loyalty-program.php,discount.php,addresses.php,order-slip.php,order-follow.php,my-account.php,history.php,identity.php,order.php,referralprogram-program.php,mywishlist.php,authentication.php

 

A bit late to answer this question, but this should work for this situation. Add the following to your .htaccess file before the default Prestashop rules.

 

RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https # this line only required for certain servers (test without it first)
RewriteCond %{REQUEST_URI} ^/(addresses|admin.*|authentication|discount|history|identity|loyalty-program|my-account|myalerts|mywishlist|order|order-follow|order-slip|referralprogram-program)\.php
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301]

Edited June 14, 2013 by sambassador (see edit history)