How to create 1 page with SSL [SOLVED]

[Boudi]

Hi,

Were in the final stage of a brandnew WB site with an online iDeal payment module. Therefore the client wishes a SSL. The problem that I'm facing is that you have to SSL the whole website. Parts seems not possible.

This is of course not good for the loading time and ranking in search engines.

So my question is: How can I secure only 1 page? Do I have to place this unique url into the config file? If so, how?

Boudi

(PS: I saw this topic before on this forum but was posted 5 years ago and did not gave a solution back then)

[crnogorac081]

Hi Boudi,

I hope someone more experienced will be able to give you exact answer, but under my opinion it is not possible. For example if you have WB_URL var stored in config.file , it is http and hot https, so if a page uses this var, the SSL conection will not be opened... Unless there is some other way to override this..

Just crossed my mind---> For example, if you create configHTTPS.php with same DB data but different WB_URL and then use include/require (../../../configHTTPS.php) in your module..

just my idea.. hope it helps

[kweitzel]

Exactly, the way WB was written, it is not possible to use SSL without issues at all.

cheers

Klaus

[Boudi]

Thank you both for your comments.

@ crnogorac081;

Tried your thing but no luck.

Another thing I did was to download the DB, searched for the specific page url and changed the http:// into https:// and replace the entire database. Sounds very logic to me but this too did not work. Even though in the DB the specific url says https:// it still does http:// on the Internet so no luck either.

Wrapping doesn't do the trick either. Like Klaus said that there is no way...but I still hope there is.

Boudi

[crnogorac081]

ty to replace WB_URL in config file to https (for all links)

Check do you have ssl suported and enabled on your server for your account ?

[Boudi]

Yes, that was no problem before my question. SSL is enabled for this website and to put the entire website under SSL is no problem. I only need 1 page so therefore I tried to change the specific url in the DB but no luck

[chio]

I dont know anything about ssl, but maybe a try:

Make that one page hidden.
Make a menue-link to this page with https://..

You can move a single access-file out of the pages-directory to any other (to the root also), just correct the paths.

Code:

<?php
$page_id = 22; //the real page_id
require("config.php");
require(index.php");
?>

[Boudi]

Hi Chio,

Thnq for thinking with us.

Your first solution did do the trick!!!..............only in Firefox. In Internet Explorer it doesn't work. So bummer!
Your other option I didn't get it to work. May be someone else?

Thnx again.

Boudi

[Boudi]

Update:

Inserting the code:

Code:

<?php if($_SERVER['SERVER_PORT'] != '443') { header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); exit(); } ?>

on top of the index.php does work fine to make a single page SSL.

This forces the page to be secure. Even if some paths are not https, the url itself is SSL. This works fine under Firefox and Chrome.

But...IE f***s it up as usual. So my question stays open how to SSL a single page within WB. I'm aware that that the current WB makes it (almost?) impossible but I think this is just one of those things that is important enough not to ignore in (future) WB versions.

Boudi

[Argos]

OK, here's what I did. It seems to work fine.

I want to make my contactform secure. It is created at
http://www.mydomain.com/wb/contact/webform.php

But I want to have it at:
https://www.mydomain.com/wb/contact/webform.php

1. I did all the stuff on my hosting to create a certificate, and modified DNS to point to a dedicated IP, needed for SSL.
2.  Then I added to my htaccess file:

Code:

Options +FollowSymlinks
RewriteEngine on
rewritecond %{http_host} ^mydomain.com [nc]
rewriterule ^(.*)$ http://www.mydomain.com/$1 [r=301,nc]
 
rewritecond %{SERVER_PORT} !^443$
rewriterule ^wb/contact/webform\.php(.*)$ https://www.mydomain.com/wb/contact/webform.php$1 [r=301]

That's it. When you go to the webform it automatically redirects to the secure page. It his a correct setup, or is it a false positive?

EDIT: Hm.. I think I miss something, because I don't see the lock icon in my browser bar, although the url starts with https and the certificate works allright....

[Boudi]

Thnx for your answer.

In first....it seems to work. But: when you have several bakery pages...then what to do?

Boudi

[Argos]

In first....it seems to work. But: when you have several bakery pages...then what to do?

Just add more lines like
rewriterule ^wb/contact/webform\.php(.*)$ https://www.mydomain.com/wb/contact/webform.php$1 [r=301]

But beware, I still don't know if this is a proper setup... It seems to work, but I'm not 100% sure.

[Boudi]

Thnx.

Well What I get is a warning that this page is run over a secure line but the correct certificate isn't installed yet (which is correct because I haven't set up one yet). So the notifications seems formilliar and correct.

I will puzzle this out and come back with this. Thnx.

UPDATE: There's a working solution. As soon as the website is online I'll provide you wìth more detailed information!

[Boudi]

SOLVED! I want to thank Argos for taking the time in this.

Ruud helped me out and he has a tutorial online on his new website here:

http://www.dev4me.nl/modules-snippets/opensource/webshop-ssl/

Great stuff! Taking WB on another higher level.

When the new build website is online I will put it on the showcase with the SSL information in it.

[Argos]

Nice! 

[Sokhim Sim]

Hi,

Anybody can advice how to make https work with website? need to contact hosting provider got get SSL work?

I have change from http to https but my page not working.

Please advice,

thanks

[Boudi]

You need an SSL certificate. The better hosting companies sell these certificates so ask yours.

Boudi

[Sokhim Sim]

Thanks for your reply back, so have any opensource or free SSL Certificate?

Thanks 

[Boudi]

No. Costs money every year. Your hoster has them I guess. We sell them too but then you need to host on our servers.

Boudi

[kweitzel]

Boudi is not entirely right in this matter. CACert offers certificates free of charge.

cheers

Klaus

[Boudi]

@ Klaus:

Please note a general limitation is that, unlike long-time players like Verisign, CAcert's root certificate is not included by default in mainstream browsers, email clients, etc. This means people to whom you send encrypted email, or users who visit your SSL-enabled web server, will first have to import CAcert's root certificate, or they will have to agree to pop-up security warnings (which may look a little scary to non-techy users).

[kweitzel]

Boudi, I know, but there are talks with the browser manufacturers to get the root certificate included. Anyway, with the high profile root CA hacks this year, I am not even sure if their certificates are worth the money you pay for them

I trust CA Cert already for some years and on several sites which would otherwise be running with self signed certificates (the worst option) and had no issue with them at all. I have to admit though, that I have only used them on backend authentication services and not e-commerce sites. The e-commerce sites I did always had enough funds to buy a certificate from the big players.

cheers

Klaus