[SOLVED]SSL Problems

[Juandbbam]

Hello,

I have a certified SSL with it's own IP. I have a fresh install of Prestashop last version. When I go to the login screen it changes to https. If I go back to home, for example, a message appears on IExplorer 8 saying that some contents are not secure. And it keeps under https even if I go back to home. After asking my hosting they say that the alert message is because there are some links to http:// areas on the page. And yes, it's full of them, all of them coming from Prestashop's code (like the add to cart buttons on the featured products and others)

I have seen some posts about changing init.php but nothing seems to change. And I really don't like changing the core code.

Why it's all this happening? Is there any solution without touching the core code?

Thank you in advance for your help.

SOLVED- I changed the init.php and works ok. I will leave with that change.

[Mr Bombastic]

Good Source for quick looks at the source files. All php/html/css code files in browser quick

http://www.codeweblog.com/source/prestashop/nav.html?init.php.source.html

[cammo]

What exactly did you change to fix this?

Surely just enabling SSL in the back office is all that is needed, but I am having a similar problem.
Had my SSL certificate installed yesterday, and seemed to be working ok. But today when I try it I get the secure and non secure content warning and also once logged in under the https:// when I try click any link on the shop page i get a 404 error?

Can anyone shed some light on this?

Thanks

Just to add to this, it seems to work ok in firefox and on the iphone (safari), defaulting back to non-secure after logging in and checking out etc, but the problem seems to be in IE?

[Juandbbam]

I did two things:

Firstly I checked when in a https page if there where no-secure content. And I found that the logo and other hard coded links where making the problem. I just changed the hard-coded links ("http://www.mystore.com/img/logo.gif") to not-hard-coded links ("/img/logo.gif").

I changed all liks to {$base_url}/link (or something like that I don't remember now) so I go back to http and not https when going back to home and other pages that didn't need https

I also changed the init.php following this advise in this forum:
http://www.prestashop.com/forums/viewthread/3497/P15/security/solved_ssl

[cammo]

When I choose not to display the non-secure content, it's my logo links to social networking sites that dont appear in IE.
This makes me think the message in IE about secure and non-secure content is relating to these links i coded into the header of my shop.

Would haveing these http: links from my shop to twitter, facebook and skype cause this SSL warning?
If so, how to I write the links to fix it?.. As they're external links I can't do as you said above?!

An example of the link I've added to the header:

Thanks

[Juandbbam]

Probably that's the reason.

Try with taking them out for the secure pages to see what happens

[cammo]

Nope, that didn't fix it..

But I have also placed a heap of brand logos in the left column with links to manufacturer pages in the shop..
But I just tried renaming all those links to have https instead of http and still get the non-secure 'error'.

hmmm..

It's annoying, because I get no errors in Safari and it all looks good.
Firefox works but has a red apostrophe on the padlock and says it contains "unauthenticated content".
IE has the pop up with the security warning..
Google Chrome has an orange apostrophe in the address bar to say there is unsecure content.

[cammo]

Well I still haven't been able to track down the source of the non-secure content.
I've tried the Google Analytics fix, I've tried the init.php fix, I've checked firefox security info under the media tab and all are showing https:// prefixes..

I'm stumped.

I do know it is specific to my template, as when I switch back to the standard template, i no longer get the security warnings. So at least I know the SSL and everything is fine, it's just template related.

Maybe the next step is to go through my template files and check for any references to http: and change them to https:??
Is there any risk in putting https: for image locations etc if someone that is not logged in is just browsing without the https:?

[cammo]

Well I managed to fix my problem..

I did the Google Analytics fix, but not sure if that did anything, because I still had the problem.
Tracked it down to a CSS link in my header.tpl. Not sure why, but where it had {$base_dir} I changed it to {$base_dir_ssl} and now it works.. no more security errors in any browsers..

[shabazzi]

Tracked it down to a CSS link in my header.tpl. Not sure why, but where it had {$base_dir} I changed it to {$base_dir_ssl} and now it works.. no more security errors in any browsers..

Any pointers on exactly which CSS file and which line the {$base_dir} is on?

[cammo]

In my chosen theme, I opened the header.tpl file.
There was a stylesheet link to a print.css file.

I simply changed the start of that link url from {$base_dir} to {$base_dir_ssl}
It may be different for your theme, depending on what your header.tpl contains, but you could do a search through your code for {$base_dir} and update it to {$base_dir_ssl}.

[sm3004]

Tracked it down to a CSS link in my header.tpl. Not sure why, but where it had {$base_dir} I changed it to {$base_dir_ssl} and now it works.. no more security errors in any browsers..

Any pointers on exactly which CSS file and which line the {$base_dir} is on?

For everyone getting this issue, I can confirm that the problem lies in the fact that not all links are changed from {$base_dir} to {$base_dir_ssl} when switching to this option is the Back Office of PrestaShop.

To fix the issue, use Internet Explorer to debug your site, go through every page that has https:// as a prefix to your URL and if you get the IE warning, then somewhere on that page there is a link called {$base_dir} that needs to be changed to {$base_dir_ssl}

Make sure you check every .tpl that is in that page, most pages have more than one .tpl file associated with it.

It could be a footer, header, side bar, main content, etc...

If it's just a footer or header issue, then most likely changing the {$base_dir} to {$base_dir_ssl} will fix most of the other pages!

Hope that clears things up for the future!

[starxox]

Thanks so much, this help along with the changing of the init.php file has worked! :oD

[Scarletfactory]

Absolutely love u guys ! thanks

[Ailona]

I was able to fix this same issue by changing the css source from

<link href="{$css_uri}" rel="stylesheet" type="text/css" media="{$media}" />

to

<link href="{$content_dir}themes/yourtheme/css/global.css" rel="stylesheet" type="text/css" media="{$media}" />

This is a better fix since if you change the link to {base_dir_ssl} it pulls the css file from https:// on all urls.