how to install ssl

Permalink
We have site "http://strefa.amberinvest.org"
and we have problems with activate ssl.
When we write "https://strefa.amberinvest.org" in browsers we get errors and certificate doesn't work.

We searched forum and we found something like that:
if($c->getCollectionAttributeValue('force_ssl')){
header ("Location:http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit;
}

We add this code to the header in template file eg. fullview.php and we add atttribute "force_ssl" to the home page.
In site.php we add define('REDIRECT_TO_BASE_URL', false);

And when we add all this code the site didn't open as https and http.

What we are doing wrong?
How we can install SSL to all sites in our website?

cssninja
 
jordanlev replied on at Permalink Reply
jordanlev
Do you want the entire site to be SSL, or just some pages? If you want the entire site, try doing this through the apache .htaccess file instead (google for "force https apache .htaccess" to find some instructions on this).

If you only want that on some pages, then what you're trying might work, but there's a couple of potential problems with it. First of all, you have your redirect location set to "http://", not "https://". Also, make sure that is the very first line of code in your template (before the opening <html tag) -- it doesn't work if anything (even an empty space) has been outputted already.

Hope that helps.
tagey replied on at Permalink Reply
I have my site installed with ssl but it automatic go to http not https, i try google but they had so much info that i got crazy, is there any simple way to use these certificate, i don't care if i need to put the whole site secure, can anyone help me pls to get these done?
tageytv@gmail.com
jordanlev replied on at Permalink Reply
jordanlev
Change the BASE_URL setting in the "site.php" in the "config" folder so that it has "https://" in front of it, instead of "http://"

That should make the entire site use SSL.

Doing it on a page-by-page basis is trickier -- see this thread if interested:http://www.concrete5.org/community/forums/customizing_c5/https-on-o...
jordanlev replied on at Permalink Reply
jordanlev
Just thought of something for the OP -- if you're using $this->getStyleSheet() in your theme templates to include CSS files, and those CSS file reference images, they will be loaded at the "http://" address instead of "https://", resulting in browser errors for having mixed content. To fix this, you need to use:
$this->getThemePath() . '/style.css'

instead of
$this->getStyleSheet('style.css')
WebStudioEast replied on at Permalink Reply
Nice tip!

It really would be nice if there was an easy way to make an entire C5 site use https without having to change stuff though. I would think setting the base_url would make the change in the css sheet as well.
zanedev replied on at Permalink Reply
zanedev
Thanks jordanlev, you saved my butt with the https theme css url trick. Seems like this should be a bug in concrete5 or is it the theme creator fault that it uses getstylesheet instead of themepath?
jordanlev replied on at Permalink Reply
jordanlev
It probably is a bug in the system, but it's also a failure in the documentation because it should be specifically stated in the docs that using $this->getStyleSheet() will have these side-effects.
zanedev replied on at Permalink Reply
zanedev
Yeah I would vote its a bug since any function that gets the current url path should take into account the current url scheme in use by the browser at that moment. I bet a lot of people using themes with ssl don't even know that this is affecting them since browsers other than IE have gotten less obvious about partially encrypted content. So for people googling this problem, the issue is images referenced in secure theme css files are not being converted to their https equivalent. Thanks again for the help!