SSL and admin section

[buddahboy]

Good day everybody

I installed an SSL cert and changing AbanteCart over to use SSL took all of 30 seconds and front end works perfectly - thank you for such a clean job of that function. 

I note that my admin section is not under SSL - am I missing something (once again LOL)?  I'd like to have it secured as well. 

Also, I have heard from a couple other people that after cert was installed they could not enter admin area - is there some work around in such cases?  I saw a couple of posts but didn't really apply. 

Thanks much in advance
Ron

[DavidLIR]

Hi Ron,

Thanks for your post.  I was just getting ready to post myself on this issue. 
I have had my webhosting service install the ssl on my website.  It is Rapid SSL  by Geotrust.

First, let me say that I am one you speak of...I cannot get into my admin section after they installed the ssl certs...etc   I get a 404 not found error on the page either for my site or for my admin...I guess it makes sense because they are all installed under http://mydomain.com/store ..
If I had only known I would have checked the little box to turn the ssl on before they installed the ssl and I believe that would have solved this problem...as it is, my website is down and I can't get in to my admin either...major problem!!

I can get into my files through my c-panel... Is there a way I can access the file that this ssl setting is in for the admin section through the c-panel and edit the file there to turn on the ssl?

I would need to know what files to look for and how to find them....and how to change them

If someone could tell me how to do this we might be able to solve it...

Thank you
David

[buddahboy]

Hey David - sounds like a real mess!  I also installed a Rapid SSL, since my payments are all PayPal I just wanted the customers to feel confident that their personal info is secure. 

What I would do in your place is try asking the host to delete the ssl for now and see if you can get back into the admin area switch the settings. If that works then have them re-install the cert.  Other than that I really don't know - even after checking the forum. 

I do hope that the developers will respond here as well - I wonder if there is a quick and easy fix in the database, hmmm.  I'm still looking around and will PM you if/when I get some other info unless Team AbanteCart get here first. 

All the best
Ron
 

[DavidLIR]

Ron,
Thanks for the quick response.

I was about 10 min too soon...my hosting service did get it so I can get back in to the site again...just received an email from them.

however, the page looks strange....all the nice stuff pictures,  slider were gone...
I had to reset my password to get back in to admin...turned on the ssl and changed the address for the site to the correct ssl version and voila it works now...

I have asked my hosting tech guys if they can tell me what they did to set it up...if I find out anything I will post it...
There are some other issues that I will need help with on this...as soon as I test out everything...

Thanks,
David

[DavidLIR]

one more thing I need help with.
 
the following is what Lee sent me...to set it up so people can get to the ssl site...
I need help to know how to do this...

Thanks,
David


"""Yes, the cert treats each as individual domains - with the www  is one,  without the www is another. Choose either one you want for your cert, you will be able to redirect or use rewrite to take make it transparent to your visitors.
 Clearly, you want visitors to be able to use an SSL connection whether they visit example.com or www.example.com. To enable this functionality, you can use Apache rewrite rules in a custom .htaccess file. 

 The following lines demonstrate how to redirect visitors who enter a domain name without the www prefix to a secure connection. With these settings enabled on your web site, visitors who go to example.com or www.example.com (where example.com represents your domain) both obtain an SSL connection:

RewriteEngine on
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

[abolabo]

if you turn on setting Use SSL all your customers will be redirected to https on checkout process pages and login page.
But you should to set up ssl support on your webserver first.

[llegrand]

Hi David,

Just to be sure you caught what abolabo indicated - he's saying the switch for turning on the SSL within the Admin panel should take care of the rewrites that I posted.  So you can ignore those instructions.

Lee

[layer]

if you turn on setting Use SSL all your customers will be redirected to https on checkout process pages and login page.
But you should to set up ssl support on your webserver first.

and about admin section? no ssl is active...

[buddahboy]

yeah, me too

[abolabo]

[quote ]
and about admin section? no ssl is active...
[/quote]

abantecart can not define is web-server support ssl, because ssl-layer is lower then data-layer. php works on data-layer inside ssl-layer. That's why abantecart can not to enable ssl-support in settings as default.
And all requests for admin side have no any difference with storefront side. We use special variable "s" with secret value to recognize request.
So... you should write special rule for mod_rewrite in your .htaccess file to redirect all requests with 's' var to https.

something like this

Code: [Select]

RewriteCond %{QUERY_STRING} s=(.*)  [NC]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
paste it in your .htaccess file after line with

Code: [Select]

RewriteBase /