Ecommerce software home
Shopping Cart Software Forum for Ecommerce Templates
 
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

Find us on Facebook Follow us on Twitter View our YouTube channel
Search our site
 All Forums
 General
 Off topic, News and Updates
 Adding SSL to your site
Next Page
Author « Topic »
Page: of 3

Sinbad
ECT Moderator

USA
65936 Posts

Posted - 01/26/2017 :  16:24:43  
Setting SSL for the whole domain is not that difficult, below are generic steps they maybe different depending on host.
Once SSL certificate is purchased and installed on the domain.

1. Update to version 6.6+
2. Login to admin > Main settings and set the SSL url under the store url and secure url
3. If you have the path to ssl set in the vsadmin/includes.asp you can remove that if not move to step4
4. Setup a 301 redirect in the web.config file - (for PHP user set redirect in .htaccess file) your host can help with this or provide example.
5. Check the frontend and backend of the site to make sure the urls stay on https and the green lock appears on the pages.
6. Go to google.com / bing.com / yahoo.com and click on any link in the search engine it should take you to https if all is setup correctly above.
7. Login to google webmaster tools and setup a new site for https://
8. Check google analytics account is set to use https

**Note if no green lock appears check that no images or css / js files are pointing to http:// to do that browse to the page and view the page source
in the browser menu select Edit> find type src="http: and start search for the culprit causing the lock block. Once you find it fix it by making it relative instead of absolute.

Thats about it.



Winners never quit, quitters never win
[green]CSS and Responsive Designs</font>
User Manual for Ecommerce Templates

ITZAP
Ecommerce Template Guru

Australia
1005 Posts

Posted - 01/26/2017 :  19:32:24  
Here are Apache or Litespeed server sample config entries relevant for site wide SSL. Note : Delete the space after https:// that I put in this post

.htaccess

# rename file .htaccess
AddDefaultCharset UTF-8
<ifModule mod_headers.c>
# Enable HSTS (HTTP Strict Transport Security), tells the browser to ALWAYS USE HTTPS
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
# Enable HTTP Keep-Alive to allow the same TCP connection to send and receive multiple HTTP requests, thus reducing the latency for subsequent requests
Header set Connection keep-alive
</ifModule>
# ======================================================
# URL Rewrite Rules (-Indexes prevents visitors viewing website folder contents, 403 Access Forbidden)
# ======================================================

<IfModule mod_rewrite.c>
Options +FollowSymlinks -Multiviews -Indexes
RewriteEngine On
RewriteBase /
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https:// example.com/$1 [R,L]
# REDIRECT www
RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
RewriteRule ^(.*)$ https:// example.com/$1 [R=301,L]
# REDIRECT index.php (THIS DOES NOT EFFECT SUBFOLDERS !!)
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ https:// example.com/$1 [R=301,L]
</IfModule>

Gary

Edited by - ITZAP on 03/29/2017 19:36:09

Mikelli
Ecommerce Template Guru

USA
1613 Posts

Pre-sales questions only
(More Details...)

Posted - 01/26/2017 :  23:56:40  
I just looked at our main site with Google Chrome, I have so far done none of the above and Chrome shows all pages as "secure". I wonder if the main thought they have is the pages that exchange information are what needs to be secure.

Just to add, Chrome adds the HTTPS:// prefix on it's on

Michael

Edited by - Mikelli on 01/26/2017 23:59:50

Mikelli
Ecommerce Template Guru

USA
1613 Posts

Pre-sales questions only
(More Details...)

Posted - 01/27/2017 :  00:08:14  
Just to clarify, Chrome does go to HTTPS:// sometimes but not always. Depends on how the site is searched. So, the above is probably RIGHT ON POINT!

Michael

dbdave
ECT Moderator

USA
10223 Posts

Posted - 01/29/2017 :  16:51:05  
web.config to force site to https

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to https" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>



If you already have rules in your web.config, it's just a matter of adding another rule in there

<rule name="Redirect to https" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>


David
ECT Power User

Edited by - dbdave on 01/29/2017 16:51:42

Andy
ECT Moderator

95440 Posts

Posted - 02/01/2017 :  13:09:28  
Reasons from Google to add SSL to your store

https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html

Andy

Please feel free to review / rate our software

Andy
ECT Moderator

95440 Posts

Posted - 02/01/2017 :  13:11:11  
Free SSL certificates (not supported by all hosts)

https://letsencrypt.org/

Andy

Please feel free to review / rate our software

dbdave
ECT Moderator

USA
10223 Posts

Posted - 02/01/2017 :  14:51:06  
Converted our whole site last weekend.
Google was already pointing some of our search results to https anyway.

With the new pop-up login in 6.6 version, there is a login on every page now, so we were seeing warnings in GWT saying that is not secure, so another reason to fall into line.

David
ECT Power User

DeeAnna
Advanced Member

USA
266 Posts

Posted - 02/28/2017 :  12:48:38  
In the steps for migrating to SSL in post 1, is there a step missing if you want the entire website to run fully on https? Don't you need to copy all website files from the http folder into the https folder? I know this is an elementary question, but before I launch into this update, I want to have the correct process firmly in mind.

DBDave -- Thank you for providing an example of the redirect rule for web.config to help us ASP users. I don't know much about this, so I really appreciate your clear example and directions. (And I gather Gary is doing the same for htaccess and PHP -- kudos to him as well.)

--DeeAnna

Classic Bells, Postville, Iowa, USA, http://classicbells.com/

Andy
ECT Moderator

95440 Posts

Posted - 02/28/2017 :  12:59:35  
It really shouldn't be necessary if you have your own ssl certificate to move any files to a new location.

Andy

Please feel free to review / rate our software

dbdave
ECT Moderator

USA
10223 Posts

Posted - 02/28/2017 :  13:35:06  
Right DeeAnna, I think you might be hosting with Servelink, and if so, you can have all files in the http folder and no need for the https folder at all.
I think I deleted mine some time back.

David
ECT Power User

DeeAnna
Advanced Member

USA
266 Posts

Posted - 02/28/2017 :  14:04:59  
Oh! Okay. Yes, I'm with Servelink and the folks there just set up my dedicated SSL. I want to summarize my current understanding of things to make sure I'm following y'all correctly --

I can stick with my current setup if I want to use https just for checkout and login stuff. But the trend is moving away from this mode of operation and to run everything on https.

If I want to move everything to https, I need to now do Steps 4-8 --

Step 4 regarding the "301 redirect." I understand this to be the point at which I would add DBDave's rule to my web.config to redirect all traffic from http to https.

And then follow Sinbad's Step 5 to test the site...
...and follow Steps 6-8 to update and test Google and Bing.

Am I on the right track now? Thanks for setting me straight.

--DeeAnna

Classic Bells, Postville, Iowa, USA, http://classicbells.com/

Sinbad
ECT Moderator

USA
65936 Posts

Posted - 02/28/2017 :  14:16:11  
Hi sounds like you have a grasp on things. The only thing I would add is if you already have a web.config make a backup prior to editing.

Winners never quit, quitters never win
[green]CSS and Responsive Designs</font>
User Manual for Ecommerce Templates

DeeAnna
Advanced Member

USA
266 Posts

Posted - 02/28/2017 :  14:52:21  
Thanks, Marlene. I now have my marching orders straightened out.

Hopefully my questions and your patient answers will be helpful to other people new to this https stuff. :)

Classic Bells, Postville, Iowa, USA, http://classicbells.com/

Positivek9
Ecommerce Template Guru

USA
4061 Posts

Pre-sales questions only
(More Details...)

Posted - 03/29/2017 :  16:31:14  
Hi all!

Need some help... I have checked our site and everything is showing as secure when viewed under https. The only part I have left is the web.config. I already have a redirect there so do I remove that or change it? Not sure how to proceed. See below.

When in admin back end - do I need to be on https when adding/editing products? Confused on that part.

Any help would be hugely appreciated. :)

Current webconfig:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="IP block">
<match url=".*" ignoreCase="false" />
<conditions logicalGrouping="MatchAll">
<add input="{REMOTE_ADDR}" pattern="^174\.132\.105\.226|97\.254\.226\.177$" ignoreCase="false" />
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
<rule name="Canonical name" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="^mysitename\.com" />
</conditions>
<action type="Redirect" url="http://mysitename.com/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
<httpErrors errorMode="Detailed" />
<security>
<requestFiltering>
<requestLimits maxQueryString="2148" />
</requestFiltering>
</security>
</system.webServer>
</configuration>


Julie
Browns Summit NC USA

dbdave
ECT Moderator

USA
10223 Posts

Posted - 03/29/2017 :  16:43:44  
Julie, see my post above.
Add that into your rules.

David
ECT Power User

Positivek9
Ecommerce Template Guru

USA
4061 Posts

Pre-sales questions only
(More Details...)

Posted - 03/29/2017 :  16:52:08  
Okay, got that.

But what about the other redirect? Should that be changed to https?

<rule name="Canonical name" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="^mysitename\.com" />
</conditions>
<action type="Redirect" url="https://mysitename.com/{R:1}" redirectType="Permanent" />
</rule>

Julie
Browns Summit NC USA

dbdave
ECT Moderator

USA
10223 Posts

Posted - 03/29/2017 :  18:30:54  
I don't think so - that's just the part that tells it to use www or not to use www.
Add the new rule after that rule and you should be fine.
Give it a try and put it back if it's not working as expected.

David
ECT Power User

Edited by - dbdave on 03/29/2017 18:32:06

Positivek9
Ecommerce Template Guru

USA
4061 Posts

Pre-sales questions only
(More Details...)

Posted - 03/29/2017 :  18:58:08  
That makes sense!

It all seems to be working, so far.

I even updated LiveZilla to the latest version...

Julie
Browns Summit NC USA

martinOV
Advanced Member

United Kingdom
424 Posts

Posted - 03/30/2017 :  01:28:11  
For anyone that uses Worldpay for payments & is changing to HTTPS, it seems you need to go to your worldpay settings & change the URL to your site to HTTPS. We had a few days of orders being charged but received no details & nothing in the admin but a missing order number. Paypal does not seem to have been affected.

Martin

evolutionweed
New Member

USA
58 Posts

Pre-sales questions only
(More Details...)

Posted - 05/02/2017 :  23:30:36  
I added the rule to my web.config file. It redirects only on pages that don't involve products, product detail or categories.

It works if you go to: [url]www.evolutionweed.com/about.asp[/url] You will find you are on the https version once you arrive.

but if you go to [url]http://www.evolutionweed.com/products/Hand-Pipes[/url] or a product detail page [url]http://www.evolutionweed.com/Chubby-Spoon--Charcoal[/url] or a category [url]http://www.evolutionweed.com/category/Toking-Tools[/url] the site quite happily let's you go to the unsecured version of the page

Do I need to change something in the rules that already exist for these types of pages?

Here is my complete web.config file:

<configuration>
<system.webServer>
<httpErrors errorMode="Detailed" />
<asp scriptErrorSentToBrowser="true"/>
<rewrite>
<rules>
<rule name="Categories Match" stopProcessing="true">
<match url="^category/([^/]*)/?$" />
<action type="Rewrite" url="categories.asp?cat={UrlEncode:{R:1}}" />
</rule>
<rule name="Product Match" stopProcessing="true">
<match url="^products/([^/]*)/?$" />
<action type="Rewrite" url="products.asp?cat={UrlEncode:{R:1}}" />
</rule>
<rule name="Manufacturer Match" stopProcessing="true">
<match url="^manufacturer/([^/]*)/?$" />
<action type="Rewrite" url="products.asp?man={UrlEncode:{R:1}}" />
</rule>
<rule name="Product Detail Page Match" stopProcessing="true">
<match url="^([^/]+)/?$" />
<conditions>
<add input="{URL}" pattern="\.asp" negate="true" />
<add input="{URL}" pattern="\.css" negate="true" />
</conditions>
<action type="Rewrite" url="proddetail.asp?prod={UrlEncode:{R:1}}" />
</rule>
<rule name="Redirect to https" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
<system.web>
<customErrors mode="Off"/>
<compilation debug="true"/>
</system.web>
</configuration>
Page: of 3 « Topic »  
Next Page
Jump To:
Shopping Cart Software Forum for Ecommerce Templates © 2002-2022 ecommercetemplates.com
This page was generated in 0.05 seconds. Snitz Forums 2000