Forums

Shared SSL

Permalink
Hello,

I have seen several examples posted of forcing a site to use SSL on a regular certificate (changing from HTTP to HTTPS). However, I have a shared ssl cert where the secured ssl resolves tohttps://masterdomain.com/sharedsitename_com... (in this format, not actual domain)

Using the tricks I've found I am unable to get it to work. Including changing the base domain in the site.php file.

Is there a way to get this to work?
 
myself replied on at Permalink Reply
myself
I got the same issue. I have spent a lot of time with google trying to find an answer.

I can use htaccess to redirect an http login page to https login but it doesnt find the do_login.
jbx replied on at Permalink Reply
jbx
sethdh - when you say "it doesn't find the do_login", do you mean you get a 404 once it redirects? If so, is it the C5 404 page or a standard server page (ie does it have the C5 logo at the top) If it's just a standard one, then it could be because your server is configured to server https pages out of a different directory to the http pages.

Can you reply with some more information on what happens and details of your server setup please?

Thanks!

Jon
myself replied on at Permalink Reply
myself
Jon,
thank you for the quick reply and sorry for not responding sooner, I have been away.

Yes, It used to come up with a 404. then I found another post and suggestions. I added some code to my config/site.php file to have two base_urls. Like this:
if(isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) {
define('BASE_URL', 'https://secure.site.com);
} else {
define('BASE_URL', 'http://site.com);
}

Thank Ryan (I think of the concrete 5dev team) for the code. This way the shared ssl can be accessed. I use hostmonster and the shared ssl is throughhttps://secure.hostmonster.com/~yourunixusername...



So now it does find the do_login. But if I type in a username and password it pops up a login page with "do_login" in the address but it states "A username and password are required." as if it did not sense the info I had typed.

How do I get it to find the user entered info?
jbx replied on at Permalink Reply
jbx
Hmmm, I'm wondering if this could be a session issue. What I mean by that, is if your login page is onhttp://secure.yourdomain.com and then when you login, it redirects you tohttp://www.yourdomain.com, then the session may not be valid any longer (different subdomain). Therefore it thinks you're not logged in and kicks you back to the login page. The net panel in firebug might give you an idea of what's going on, by showing you what redirects are taking place. I suppose one possible solution is to try and stay in https whilst logged in.

Kinda guessing a bit here though...

Can you check in the net panel in firebug and confirm what's going on?

Jon
myself replied on at Permalink Reply
myself
Jon,
Thanks! I think you are right about trying to stay in an ssl once logged in. It makes sense to me anyway.

Now how do I do that? Anyone got any clues?
jordanlev replied on at Permalink Best Answer Reply
jordanlev
The answer by @sethdh is close, but I needed to add something else to prevent getting stuck in a continuous redirect loop -- seehttp://www.concrete5.org/community/forums/customizing_c5/custom-ssl...

So the final code that worked (for me) is to put this into your config/site.php file:
//Fix "mixed content" warnings for C5 assets on SSL pages
if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) {
    define('BASE_URL', 'https://example.com');
    define('REDIRECT_TO_BASE_URL', false);
} else {                                 
    define('BASE_URL', 'http://example.com');
}


IMPORTANT NOTE: Make sure you remove the old BASE_URL definition from your config/site.php file when you add this -- if you don't you'll get php errors because you can't define the same constant more than once.