X-Cart:Configuring HTTPS
Firstly, you should obtain a SSL certificate. Basically most hosting companies offer help with purchasing SSL certificates or provide their own Shared SSL URLs. If your hosting company doesn't offer you such services you will have to choose a certificate yourself. We will be glad to help you with this matter. You can purchase SSL certificates from our company. We sell SSL certificates and TrustLogo seals provided by the world leading Certification Authority Comodo Group http://www.comodogroup.com. For details, conditions and prices please see http://www.x-cart.com/trustlogo.html and http://www.x-cart.com/ssl_certificates.html.
If you are on dedicate server we are able to offer you our service to analyze and configure your server and/or install the SSL Certificate. Please note we need have 'root' SSH access or 'Administrator' MS Remote Access Desktop to perform the tasks.
To configure HTTPS server in X-Cart, you need modify <xcart_dir>/config.php file:
# # X-Cart HTTP & HTTPS host # and web directory where X-Cart installed # # NOTE: # You should put here hostname ONLY without http:// or https:// prefixes # Do not put slashes after the hostname # Web dir is the directory in the URL, not the filesystem path # Web dir must start with slash and have no slash at the end # The only exception is when you configure for the root of the site, # in which case you write single slash in it # # EXAMPLE 1: # $xcart_http_host ="www.yourhost.com"; # $xcart_https_host ="www.securedirectories.com/yourhost.com"; # $xcart_web_dir ="/xcart"; # will result in the following URLs: # http://www.yourhost.com/xcart # https://www.securedirectories.com/yourhost.com/xcart # # EXAMPLE 2: # $xcart_http_host ="www.yourhost.com"; # $xcart_https_host ="www.yourhost.com"; # $xcart_web_dir ="/"; # will result in the following URLs: # http://www.yourhost.com/ # https://www.yourhost.com/
If you are going to use secure server you should copy the whole X-Cart directory into HTTPS location (or secure server if it is different from HTTP server), then delete all files and directories from directory <xcart_dir>/templates_c on HTTPS location.
If both HTTP and HTTPS locations are located on the same Unix server you should just create symbolic link from HTTPS location to HTTP location of X-Cart. Contact your hosting administrators with this issue.
Finally you can turn on the following options: - to set up secure checkout, go to admin area, "Payment methods" page and select HTTPS as protocol for payment methods which you are going to use - "Use HTTPS for users' login and registration" ("General settings") - "Use secure login form on a separate page (HTTPS)" ("General settings"). If you need secure certain php scripts you should add https scripts to <xcart_dir>/https.php file, 'https_scripts' array.
If you want to switch the whole x-cart to secure mode edit https.php file. Find the line
function is_https_link($link, $https_scripts) {
and replace it with
function is_https_link($link, $https_scripts) { return true;