Difference between revisions of "X-Cart:Configuring HTTPS"

From X-Cart 4 Classic
Jump to: navigation, search
Line 1: Line 1:
'''Firstly''', you should obtain a SSL certificate and have it installed and configured on your web-server.
+
'''Firstly''', you should obtain an SSL certificate and have it properly installed and configured on your web server.
  
Basically most hosting companies offer help with purchasing SSL certificates or provide their own Shared SSL URLs. If your hosting company doesn't offer you such services you will have to choose a certificate yourself.
+
The majority of hosting companies help their customers to purchase SSL certificates or provide their own Shared SSL URLs. If your hosting company doesn't render such services, you will need to purchase a certificate on your own.
  
We will be glad to help you with this matter. You can purchase SSL certificates from our company. We sell SSL certificates provided by the world leading Certification Authority Comodo Group http://www.comodogroup.com. For details, conditions and prices please see http://www.x-cart.com/ssl_certificates.html.
+
We will be glad to assist you with this issue. You can purchase SSL certificates from our company. We sell SSL certificates provided by the world's leading Certification Authority, Comodo Group http://www.comodogroup.com. For details, conditions and prices, please see http://www.x-cart.com/ssl_certificates.html.
  
If you are on dedicate server we are able to offer you our service to analyze and configure your server and/or install the SSL Certificate. Please note we need have 'root' SSH access or 'Administrator' MS Remote Access Desktop to perform the tasks.
+
If you are on a dedicated server, we can offer you our service on analyzing and configuring your server and/or install the SSL Certificate on it. Please note: we will need the 'root' access to your server over SSH or the 'Administrator' access over MS Remote Access Desktop to complete these tasks.
  
'''Secondly''', once you have the SSL certificate installed and configured, you should configure HTTPS server in X-Cart. To do it, you need modify <xcart_dir>/config.php file, and set the $xcart_https_host variable properly:
+
'''Secondly''', once you have the SSL certificate installed and configured, you should configure the HTTPS server in X-Cart. To do it, modify the <xcart_dir>/config.php file and set the $xcart_https_host variable properly:
  
 
<pre>
 
<pre>
Line 53: Line 53:
 
</pre>
 
</pre>
  
'''Thirdly''', if you are going to use secure server you should copy the whole X-Cart directory into HTTPS location (or secure server if it is different from HTTP server), then delete all files and directories from directory <xcart_dir>/var/templates_c on HTTPS location. In case both HTTP and HTTPS locations are located on the same Unix server you should just create symbolic link from HTTPS location to HTTP location of X-Cart. Contact your hosting administrators with this issue.
+
'''Thirdly''', if you are going to use a secure server, copy the entire X-Cart directory to the HTTPS location (or the secure server if it is different from the HTTP server), then delete all the files and directories from directory <xcart_dir>/var/templates_c at the HTTPS location. In case both the HTTP and HTTPS sites are located on the same Unix server, you can simply create a symbolic link from the HTTPS location to the HTTP location of X-Cart. Contact your hosting administrators to find out whether that's the case for your account.
 +
 
 +
'''Finally''', enable the secure checkout at your store by selecting the HTTPS protocol for the payment methods to be secure on the Payment Methods page. You can also adjust these HTTPS options on the Security page in the Settings:
  
'''Finally''', you can turn on the following options:
 
* to set up secure checkout, go to admin area, "Payment methods" page and select HTTPS as protocol for payment methods which you are going to use.
 
 
* "Use HTTPS for users' login and registration" ("General settings").
 
* "Use HTTPS for users' login and registration" ("General settings").
 
* "Use secure login form on a separate page (HTTPS)" ("General settings").
 
* "Use secure login form on a separate page (HTTPS)" ("General settings").
Line 63: Line 63:
  
 
<pre>
 
<pre>
    $https_scripts[] = 'login.php';
+
$https_scripts[] = 'login.php';
    $https_scripts[] = array(
+
$https_scripts[] = array(
        'cart.php',
+
'cart.php',
        "mode=checkout",
+
"mode=checkout",
    );
+
);
 
</pre>
 
</pre>
  
Line 82: Line 82:
 
return true;
 
return true;
 
</pre>
 
</pre>
 +
 +
'''Now''', if your web server does not use SSL certificates, and you are running an HTTPS Proxy instead, you may need to make additional settings to enable your X-Cart work over SSL (secure connection). In the include/https_detect.php file, define the proxy IP address and set the $HTTPS variable to 'true':
 +
 +
<pre>
 +
if ($_SERVER['REMOTE_ADDR'] == '192.160.1.1') {
 +
    $HTTPS_RELAY = true;
 +
    $HTTPS = true;
 +
}
 +
</pre>
 +
 +
If you are not sure whether your web server uses SSL certificates or runs behind an HTTPS Proxy, contact your hosting service provider or server administrator or email our technical support - we will help you find that out.
  
 
[[Category:X-Cart user manual]]
 
[[Category:X-Cart user manual]]

Revision as of 16:03, 11 January 2011

Firstly, you should obtain an SSL certificate and have it properly installed and configured on your web server.

The majority of hosting companies help their customers to purchase SSL certificates or provide their own Shared SSL URLs. If your hosting company doesn't render such services, you will need to purchase a certificate on your own.

We will be glad to assist you with this issue. You can purchase SSL certificates from our company. We sell SSL certificates provided by the world's leading Certification Authority, Comodo Group http://www.comodogroup.com. For details, conditions and prices, please see http://www.x-cart.com/ssl_certificates.html.

If you are on a dedicated server, we can offer you our service on analyzing and configuring your server and/or install the SSL Certificate on it. Please note: we will need the 'root' access to your server over SSH or the 'Administrator' access over MS Remote Access Desktop to complete these tasks.

Secondly, once you have the SSL certificate installed and configured, you should configure the HTTPS server in X-Cart. To do it, modify the <xcart_dir>/config.php file and set the $xcart_https_host variable properly:

/**
* X-Cart HTTP & HTTPS host and web directory
*
* This section defines the location of your X-Cart installation. If X-Cart is
* installed using Web installation, the variables of this section are
* configured via the Installation Wizard. If you install X-Cart manually, use
* this section to provide your web server details manually.
*
* $xcart_http_host - Host name of the server on which your X-Cart software is
* to be installed;
* $xcart_https_host - Host name of the secure server that will provide access
* to your X-Cart-based store via the HTTPS protocol;
* $xcart_web_dir - X-Cart web directory.
*
* NOTE:
* The variables $xcart_http_host and $xcart_https_host must contain hostnames
* ONLY (no http:// or https:// prefixes, no trailing slashes).
*
* Web dir is the directory where your X-Cart is installed as seen from the Web,
* not the file system.
*
* Web dir must start with a slash and have no slash at the end. An exception to
* this rule is when you install X-Cart in the site root, in which case you need
* to leave the variable empty.
*
* EXAMPLE 1:
* $xcart_http_host ="www.yourhost.com";
* $xcart_https_host ="www.securedirectories.com/yourhost.com";
* $xcart_web_dir ="/xcart";
* will result in the following URLs:
* http://www.yourhost.com/xcart
* https://www.securedirectories.com/yourhost.com/xcart
*
* EXAMPLE 2:
* $xcart_http_host ="www.yourhost.com";
* $xcart_https_host ="www.yourhost.com";
* $xcart_web_dir ="";
* will result in the following URLs:
* http://www.yourhost.com/
* https://www.yourhost.com/
*/

Thirdly, if you are going to use a secure server, copy the entire X-Cart directory to the HTTPS location (or the secure server if it is different from the HTTP server), then delete all the files and directories from directory <xcart_dir>/var/templates_c at the HTTPS location. In case both the HTTP and HTTPS sites are located on the same Unix server, you can simply create a symbolic link from the HTTPS location to the HTTP location of X-Cart. Contact your hosting administrators to find out whether that's the case for your account.

Finally, enable the secure checkout at your store by selecting the HTTPS protocol for the payment methods to be secure on the Payment Methods page. You can also adjust these HTTPS options on the Security page in the Settings:

  • "Use HTTPS for users' login and registration" ("General settings").
  • "Use secure login form on a separate page (HTTPS)" ("General settings").

Optionally, if you need secure certain php scripts you should add https scripts to <xcart_dir>/https.php file, 'https_scripts' array. You can find some examples in <xcart_dir>/https.php file:

$https_scripts[] = 'login.php';
$https_scripts[] = array(
'cart.php',
"mode=checkout",
);

Optionally, if you want to switch the whole x-cart to secure mode edit https.php file. Find the line

function is_https_link($link, $https_scripts) {

and replace it with

function is_https_link($link, $https_scripts) {
return true;

Now, if your web server does not use SSL certificates, and you are running an HTTPS Proxy instead, you may need to make additional settings to enable your X-Cart work over SSL (secure connection). In the include/https_detect.php file, define the proxy IP address and set the $HTTPS variable to 'true':

if ($_SERVER['REMOTE_ADDR'] == '192.160.1.1') {
    $HTTPS_RELAY = true;
    $HTTPS = true;
}

If you are not sure whether your web server uses SSL certificates or runs behind an HTTPS Proxy, contact your hosting service provider or server administrator or email our technical support - we will help you find that out.