I had not been able to get shared SSL to work until now. Yes, I know about the web.config settings "UseSSL" and "SharedSSL".
When you set the SharedSSL value to a subdirectory of a secure site, the store behaves erracticly. For example, here is my SharedSSL setting:
<add key="SharedSSL" value="https://secure.etgroup.net/etgnop" />
When I run the site, very often it will modify the URL to this:
https://secure.etgroup.net/etgnop/ETGNOP
Notice the extra ETGNOP that it generates.
Futhermore, on some links it will attempt to remove the "s" from "https" and clobber the store that way.
Here is how I fixed it.
1. Open up the Nop.Common project in Visual Studio.
2. Find the GetStoreLocation function and change the lines below highlighted in bold
public static string GetStoreLocation(bool UseSSL)
{
string result = GetStoreHost(UseSSL);
if (result.EndsWith("/"))
result = result.Substring(0, result.Length - 1);
//ETG - Fix for shared SSL.
//result = result + HttpContext.Current.Request.ApplicationPath;
if (!result.EndsWith("/"))
result += "/";
return result;
}
3. Find the EnsureNonSSL function and change the lines below highlighted in bold
public static void EnsureNonSSL()
{
if (IsCurrentConnectionSecured())
{
//ETG - Fix for shared SSL.
//ReloadCurrentPage(false);
}
}
4. Compile the project and copy the updated DLL to your sites Bin folder.
How to Get Shared SSL to Work
- 3
- 15
- 4/20/2010
- United States
UPDATE:
I am the one that posted this work around for shared SSL. I got it partially working. The only remaining issues were when NOP would switch back and forth between SSL and non-SSL.
The carts and wishlists and whether or not you were logged or not would confuse NOP - as well it should be confused because the shared SSL URL is a completely different domain. The cookies and session state is totally different.
So, here is really the only way i could get it to work.
1. Change the web config values:
<add key="UseSSL" value="true" />
<add key="SharedSSLUrl" value="https://secure.etgroup.net/keywhitmanstore" />
<add key="NonSharedSSLUrl" value="https://secure.etgroup.net/keywhitmanstore" />
Make sure the NonSharedSSLUrl is the same as SharedSSLUrl otherwise NOP will get a runtime error.
2. Modify and recompile the Nop.Common.dll. To do this download the NOP source code and open the project the project named Nop.Common located in the Libraries\Nop.Common folder.
Make these changes inside the CommonHelper.cs class located in the Utils folder:
Find the GetStoreLocation function and change the lines below highlighted in bold
public static string GetStoreLocation(bool UseSSL)
{
string result = GetStoreHost(UseSSL);
if (result.EndsWith("/"))
result = result.Substring(0, result.Length - 1);
//ETG - Fix for shared SSL.
//result = result + HttpContext.Current.Request.ApplicationPath;
if (!result.EndsWith("/"))
result += "/";
return result;
}
Find the EnsureNonSSL function and change the lines below highlighted in bold
public static void EnsureNonSSL()
{
if (IsCurrentConnectionSecured())
{
//ETG - Fix for shared SSL.
//ReloadCurrentPage(false);
}
}
Compile the project and copy the updated DLL to your site's Bin folder.
3. The site will work now in shared SSL. But if you try and add a product to the shopping cart, it will come up empty on the SSL side. The non-SSL side will say you have items in the cart.
The only way that I have been able to fix this problem is to force the non-SSL site to run under the shared SSL URL the whole time.
You can accomplish this a number of ways.
1. Have the hosting provider redirect your main site to the shared SSL site on IIS Manager
2. Write ASP.NET code to sense the site is running in non-SSL and redirect it to the SSL Url. Ideally, you woud put this code in the Root.Master so it would apply to all pages.
This is a lot of work and it would be much easier to buy an dedicated SSL certificate. But if you need to preserve IP addresses and need it to work under shared SSL, this is the only way I could get it to work.
I am the one that posted this work around for shared SSL. I got it partially working. The only remaining issues were when NOP would switch back and forth between SSL and non-SSL.
The carts and wishlists and whether or not you were logged or not would confuse NOP - as well it should be confused because the shared SSL URL is a completely different domain. The cookies and session state is totally different.
So, here is really the only way i could get it to work.
1. Change the web config values:
<add key="UseSSL" value="true" />
<add key="SharedSSLUrl" value="https://secure.etgroup.net/keywhitmanstore" />
<add key="NonSharedSSLUrl" value="https://secure.etgroup.net/keywhitmanstore" />
Make sure the NonSharedSSLUrl is the same as SharedSSLUrl otherwise NOP will get a runtime error.
2. Modify and recompile the Nop.Common.dll. To do this download the NOP source code and open the project the project named Nop.Common located in the Libraries\Nop.Common folder.
Make these changes inside the CommonHelper.cs class located in the Utils folder:
Find the GetStoreLocation function and change the lines below highlighted in bold
public static string GetStoreLocation(bool UseSSL)
{
string result = GetStoreHost(UseSSL);
if (result.EndsWith("/"))
result = result.Substring(0, result.Length - 1);
//ETG - Fix for shared SSL.
//result = result + HttpContext.Current.Request.ApplicationPath;
if (!result.EndsWith("/"))
result += "/";
return result;
}
Find the EnsureNonSSL function and change the lines below highlighted in bold
public static void EnsureNonSSL()
{
if (IsCurrentConnectionSecured())
{
//ETG - Fix for shared SSL.
//ReloadCurrentPage(false);
}
}
Compile the project and copy the updated DLL to your site's Bin folder.
3. The site will work now in shared SSL. But if you try and add a product to the shopping cart, it will come up empty on the SSL side. The non-SSL side will say you have items in the cart.
The only way that I have been able to fix this problem is to force the non-SSL site to run under the shared SSL URL the whole time.
You can accomplish this a number of ways.
1. Have the hosting provider redirect your main site to the shared SSL site on IIS Manager
2. Write ASP.NET code to sense the site is running in non-SSL and redirect it to the SSL Url. Ideally, you woud put this code in the Root.Master so it would apply to all pages.
This is a lot of work and it would be much easier to buy an dedicated SSL certificate. But if you need to preserve IP addresses and need it to work under shared SSL, this is the only way I could get it to work.
- 135
- 717
- 10/25/2010
- Australia
I have a question, why you have done this change ?
For enabling ssl on the website the only change that needs to be done is
replace
<add key="UseSSL" value="false" />
with
<add key="UseSSL" value="true" />
why filling values in this fields ?
<add key="UseSSL" value="true" />
<add key="SharedSSLUrl" value="https://secure.etgroup.net/keywhitmanstore" />
<add key="NonSharedSSLUrl" value="https://secure.etgroup.net/keywhitmanstore" />
what's the use of these fields ?
even i am planning to get ssl certificate for my website what should I keep in mind ? what's different btw shared and dedicated ssl? is because of this difference you are filling these extra fields ?
plz clear my confusion.
For enabling ssl on the website the only change that needs to be done is
replace
<add key="UseSSL" value="false" />
with
<add key="UseSSL" value="true" />
why filling values in this fields ?
<add key="UseSSL" value="true" />
<add key="SharedSSLUrl" value="https://secure.etgroup.net/keywhitmanstore" />
<add key="NonSharedSSLUrl" value="https://secure.etgroup.net/keywhitmanstore" />
what's the use of these fields ?
even i am planning to get ssl certificate for my website what should I keep in mind ? what's different btw shared and dedicated ssl? is because of this difference you are filling these extra fields ?
plz clear my confusion.