Hi all,
This is driving me nuts. I was informed by a customer that wanted to place an order, but she noticed that there was no SSL padlock in her browser, so I looked into it.
At first I tried changing the only setting that I could find in the web.config file requireSSL="false" as there is no setting for SSL anymore on the admin page.
<authentication mode="Forms">
<forms name="NOPCOMMERCE.AUTH" loginUrl="~/login" protection="All" timeout="43200" path="/" requireSSL="false" slidingExpiration="true" />
</authentication>
The web.config file, if requireSSL="true" then no cookie is saved. (the site just logs you right back off), so I changed requireSSL back to false (so someone can place an order).
I also noticed that all the admin pages are unsecured (including the login page) unless you explicitly type in HTTPS:// into the URI bar (I had this saved in my browser, so I never even noticed that HTTP is never redirected to HTTPS).
I then tried checking the Force SSL for all site pages: box. This works ONLY if you already type in HTTPS first. Again, HTTP requests are not redirected to HTTPS like the setting implies.
I really don't want all the site's pages in SSL (slows things down), just the login, checkout, customer and all admin pages.
Is there a trick to get this to work? (I apparently had this same issue in version 3.0 and now version 3.1)
SSL not working on login, checkout, customer, and all admin pages
- 318
- 2134
- 5/12/2010
- United States
Ok, I finally found the answer in another post.
But for those who need an exact answer, follow the directions below:
For versions 3.0 and up, you can go to the database directly.
Find the table, "STORE", and run the query:
update [Store] set [SslEnabled]=1 where [Name]='your store name here'
But for those who need an exact answer, follow the directions below:
For versions 3.0 and up, you can go to the database directly.
Find the table, "STORE", and run the query:
update [Store] set [SslEnabled]=1 where [Name]='your store name here'