Yireo support forum

TOPIC: Checkout not using https

Created a new topic. 14 Sep 2009 06:05 #910

Checkout not using https

Hi again...

So I'm slowing working my way through this thing and this is where I'm at:

I go to the checkout page and I notice that the checkout page is not using SSL. The checkout is URL starts with http: and not https: so...

I went through the Joomla Magebridge configuration and yes the Magento Server Settings ---- Protocol


HTTPS, is selected. What else do I need to do to make it use the SSL certificate so the checkout will be https:// not http://

Thanks again

Paul.

The administrator has disabled public write access.
jisse@yireo.com Replied the topic. 14 Sep 2009 09:45 #911

Re: Checkout not using https

Hi Paul,

The MageBridge configuration mentions HTTPS under the API-tab which means that HTTPS will be used to communicate between Joomla! and Magento. But what you are asking for is to enable HTTPS between Joomla! and the browser (client).

What you need to is enable SSL in Joomla! (not MageBridge). Go to "Global Configuration", then the tab "Server" and select under "Force SSL" the option "Entire site".

MageBridge does not have an option to just enable SSL for the Magento checkout. In fact, this is in accordance to what all the browser manufacturors and security specialists agree on: SSL should secure the entire site and not just the few pages that actually require it. If you would have a mixed HTTP / HTTPS environment, your visitors will be annoyed by the browser telling that "the site might be insecure because HTTPS and non-HTTPS items are mixed up". So turning on SSL for the whole site is for the good for all of us.

Regards,

Jisse Reitsma
Yireo Team
The administrator has disabled public write access.
Replied the topic. 14 Sep 2009 12:54 #915

Re: Checkout not using https

Thank-you. And thank-you for your prompt response. That seems to have done the trick.

The administrator has disabled public write access.
Replied the topic. 14 Sep 2009 13:04 #916

Re: Checkout not using https

Ok...not really. I am still getting a dialog box in Internet Explorer (v8) asking if I want to view only the webpage content that was delivered securely (see attachement). Is this is a magento / joomla or magebridge configuration issue and how do I fix it?

The administrator has disabled public write access.
Replied the topic. 14 Sep 2009 13:17 #917

Re: Checkout not using https

Another problem with using https for all joomla content is that EVERYTHING will have to go through encryption...even content I don't have control over like Google Maps (for business directions). Internet explorer gives warnings to the user for even benign content like this. It would scare a potential customer to get a warning box for almost every page of our site.

The administrator has disabled public write access.
jisse@yireo.com Replied the topic. 14 Sep 2009 18:06 #923

Re: Checkout not using https

Hi Paul,

Exactly. The point of this security warning is that HTTP is not safe, but the silly thing is that a lot of times the content you're serving is out of your hands (for example Google). However, a lot of remote JavaScripts like Google, Woopra, Twitter, etcetera offer HTTPS-based versions of their scripts to bypass this problem. If you're using Joomla! modules or plugins to connect to these services, those extensions either provide such a thing (or determine the switch automatically) or you need to hack the code - which is of course less recommendable.

MageBridge does not have a feature to set HTTPS for only the MageBridge pages yet, but we will try to include this in the next version. However, this version is only due in 2 weeks and this doesn't help you meet your deadline.

Note that if MageBridge is able to convince Joomla! to use HTTPS, you still need to make sure all content on the MageBridge pages which is not part of MageBridge (template, modules, plugins, etcetera) is also HTTPS. So this only limits your problem to the MageBridge pages.

Regards,

Jisse Reitsma
Yireo Team
The administrator has disabled public write access.
Replied the topic. 15 Sep 2009 03:36 #938

Re: Checkout not using https

Hmmm....well...not sure how to go about this for now. Yes, my deadline is in 2 days but it is for my brother-in-law. It'll take him a couple weeks just to populate and learn the cart once it is delivered. I just want to make sure the customer has a smooth experience. I might end up needing to pony up some more dough to get some help with securing everything if it comes to that.

The administrator has disabled public write access.
Powered by Kunena Forum