SSL Basics

[Jimbola]

Hi all

I have some questions on SSL that i'm hoping someone can answer they are;

- What does the enable SSL button in the admin area do?
- Does SSL work with every theme?
- Are all the themes in the PrestaStore esp Black and White test to run OK with SSL?
- Should SSL be applied to all pages?

All help is greatly appreciated?

J

[rocky]

The "Enable SSL" option on the Preferences tab makes the contact page, authentication pages and checkout pages use https instead of http. You must ask your host to install an SSL certificate for you, otherwise it will not work.

It is unnecessary to apply SSL to all pages. That's why PrestaShop only applies them to the contact page, authentication pages and checkout pages.

SSL should work with all PrestaShop v1.2.5 and PrestaShop v1.3 themes. It will not work with PrestaShop v1.1 and earlier themes. I think the Black and White theme works with SSL, except when you try to apply the SSL to all pages.

[george4711]

So far, for payment transactions, I use the following methods:
Cash on delivery,
Check
PayPal.
Do I need an SSL certificate?

[rocky]

No, you don't, since PayPal provides its own SSL. Some customers may look for an SSL on your site anyway though.

[pixels2canvas]

Hi All,

Because moneybookers is in an iframe, does it need ssl?

Many thanks for any help.

[rocky]

I'm not sure, but I think it does. Otherwise, the customer won't see a lock icon in their browser and feel secure.

[clarinda]

Hi,

Can anyone help me, I am a little confused about my ssl cert.

I have a ssl cert and enabled the ssl in the back end.

The Prestashop is loaded in a non secure folder Do I need to upload any of the modules ie payment module in the secure folder?

Any advice would be great.

Thanks,

[george4711]

I am wondering about the same thing

[bartman]

the ssl cert should secure the site not a folder, couple of things to remember unless you have a wildcard ssl cert, the cert will only be valid for www.yourname.com or yourname.com not both,


to test the cert, just put an item in your cart and go to checkout, it should redirect to a https page

[george4711]

@bartman: clarinda was clear enough "...Do I need to upload any of the modules ie payment module in the secure folder?"

[bartman]

no, as stated the cert secures a site not a folder, what platform is your server based ?

[george4711]

"no, as stated the cert secures a site not a folder...". Thanks bartman. This information makes things clear to me.
"what platform is your server based ?", Reading from my web host service provider: Apache 2.0.40, Red Hat

[bartman]

have you a cert installed, if so what happens, when you go to https://yoursite.com, does the site show ok, as a secure site, you will probably get insecure content warnings but this is standard for prestashop, Then drop back to http://yoursite.com add an item to your cart and go through the checkout process

when you get to authentication.php prestashop should switch to https mode, showing your site as secure

[John Horton]

Hi there,

Here is an article about SSL and Prestashop security that might help.

It was written for people new to Prestashop and/or e-comerce.

I hope it helps someone a bit.

John.

[clarinda]

Thanks for your help however I think my host manages SSL slightly different. This is what I am advised to do below:

!Once you have opened your FTP client, enter your FTP details and connect. You should then see a new folder within your webspace called "htdocs_secure". This is where your secure files must go. Upload an example page if you wish and visit https://yourdomain.com/yourpage.html you should notice your browser showing a padlock icon or something similar to indicate you are on a secure connection.

Whether you have purchased SSL for your main domain name or a subdomain you will need to ensure you visit the site via https:// rather than http://. For example

• https://shop.example.com
• https://example.com

If you visit your site address without the https:// you will see the contents of the "htdocs" folder rather than "htdocs_secure", whether there is anything in it or not."

Should my whole site be uploaded to the folder? And do I have to change the code to makesure the whole site is https?

Thanks for your help

[george4711]

I am not an expert, but you you can redirect the index.php file of the 'http://' to the index file of your secured folders:

<?php
header("Location: https://www.yourdomain.com/index.php");
?>

Another choice is, ask from you web hosting provider to set the use of a single directory for housing the SSL and non-SSL contents.

@bartman: "you will probably get insecure content warnings but this is standard for prestashop". I hope the this will be not the case when I'll buy a cert.

[uddhava]

Thanks for your help however I think my host manages SSL slightly different. This is what I am advised to do below:

!Once you have opened your FTP client, enter your FTP details and connect. You should then see a new folder within your webspace called "htdocs_secure". This is where your secure files must go. Upload an example page if you wish and visit https://yourdomain.com/yourpage.html you should notice your browser showing a padlock icon or something similar to indicate you are on a secure connection.

Should my whole site be uploaded to the folder? And do I have to change the code to makesure the whole site is https?

Thanks for your help

I am running also into this with my provider. They also have a "private_html" folder. But i dont think that you can copy only the necessary files. That will most probably not work, because of missing paths and other requirements.
I have asked my provider for a solution.

[uddhava]

Thanks for your help however I think my host manages SSL slightly different. This is what I am advised to do below:

!Once you have opened your FTP client, enter your FTP details and connect. You should then see a new folder within your webspace called "htdocs_secure". This is where your secure files must go. Upload an example page if you wish and visit https://yourdomain.com/yourpage.html you should notice your browser showing a padlock icon or something similar to indicate you are on a secure connection.

Whether you have purchased SSL for your main domain name or a subdomain you will need to ensure you visit the site via https:// rather than http://. For example

• https://shop.example.com
• https://example.com

If you visit your site address without the https:// you will see the contents of the "htdocs" folder rather than "htdocs_secure", whether there is anything in it or not."

Should my whole site be uploaded to the folder? And do I have to change the code to makesure the whole site is https?

Thanks for your help

I dont know if your problem is still relevant, but i found a solution to you shared hosting and SSL problem:
http://www.prestashop.com/forums/viewthread/78599