SSL Not working at all

I am running nopCommerce V1.3 on IIS 7.0 with SQL 2008 on seperate box.

I have a dedicated SSL certificate configurerd on the site.

If I check the  box to use SSL in the admin section; when I try to logon, the site just hangs and after some time I get the error that the site has exceeded the http requests configured for the site. Same if I try and go to the site directly using https://  

What could possibly be the problem?

JK

Thanks to Andrei at nopCommerce and Microsoft Support this problem has been solved.

If you are using nopCommerce with SSL enabled and you have the site published via Microsoft Internet Security and Acceleration Server (ISA), there is one additional step required when creating the publishing rule for the site that is not usually required.

Two link translation definitions need to be added to the publishing rule for the site as follows:

http://www.domain.com to http://www.domain.com
and
https://www.domain.com to https://www.domain.com

Once these two link translation rules are added, the nopCommerce site funtions as expected.

Hope this helps anyone else experiencing problems with ISA server and SSL on nopCommerce.

JK

I have the same issue, after enabling the SSL.  Not I can't get the login page to display.  Where should I go to on the Hosting Control Panel to add two more pages you mentioned.

Hey guys,

Do you have issues that I've described in my post:

http://nopcommerce.com/Boards/Topic.aspx?TopicID=1350

Please let me know, It looks like my post was not answered for almost 2 months. :-(

Thank you.

I saw identical behavior with a site I'm managing with a new SSL configuration, but MS ISA Server was not involved. In hosting environments which use load balancing such as Rackspace Cloud (Mosso) some code changes may need to be made to properly detect secure connections since they stop at the load balancer, and communication between the load balancer and the web server uses standard HTTP. Below are the changes I made to my application which seems to be working fine now.

        public static void EnsureSSL()
        {
            // ES Edit - In a load balanced environment, Request.IsSecureConnection doesn't 
            // work due to non-secure communication between the load balancer and the web server

            //if (!HttpContext.Current.Request.IsSecureConnection)
            if (HttpContext.Current.Request.ServerVariables["HTTP_CLUSTER_HTTPS"] != "on")
            {
                if (SettingManager.GetSettingValueBoolean("Common.UseSSL"))
                {
                    if (!HttpContext.Current.Request.Url.IsLoopback)
                    {
                        ReloadCurrentPage(true);
                    }
                }
            }
        }

As you can see in the comments below, I also made some other changes to the handling of SSL for authenticated sessions that I wanted for my site, but there may be a case against it depending on individual situations. Also, there is probably a better way to implement these changes, and I'd love to hear them. :)

In Nop.Common\CommonHelper.cs:

        public static void EnsureNonSSL()
        {
            // ES Edit - Added this override to enforce a secure connection on all pages when 
            // the user is authenticated
            if (NopContext.Current.User != null && !NopContext.Current.User.IsGuest)
            {
                EnsureSSL();
            }
            else
            {
                // ES Edit - In a load balanced environment, Request.IsSecureConnection doesn't 
                // work due to non-secure communication between the load balancer and the web server

                //if (HttpContext.Current.Request.IsSecureConnection)
                if (HttpContext.Current.Request.ServerVariables["HTTP_CLUSTER_HTTPS"] == "on")
                {
                    ReloadCurrentPage(false);
                }
            }
        }

I then had the problem with prompts to display secure and non-secure content on pages that contain product images, so I made the following change in Nop.Common\PictureManager.cs:

        public static string GetPictureUrl(Picture picture, int TargetSize, bool showDefaultPicture)
        {
            ...
            
            url = CommonHelper.GetStoreLocation(false) + "images/thumbs/" + localFilename;

            // ES Edit - SSL breaking on pages containing images with non-secure URLs
            if (HttpContext.Current.Request.ServerVariables["HTTP_CLUSTER_HTTPS"] == "on")
            {
                url = url.Replace("http://", "https://");
            }
            return url;
        }

I hope this comes in handy for someone else!

Jason

GREAT WORK..

Thanks so much. I had this problem.. I host on rackspace as well.. your code works like a charm.. :)

Thanks !!

I'm using a pure HTTPS environment.
I'm having some IE issues related to master pages but the site runs great in other browsers.

I did a quick fix and changed from using the [SettingManager] .... I forgot how to reference it, not being immediately accessible or reference-able

Thought this may help someone in a rush (like myself)

//if (SettingManager.GetSettingValueBoolean("Common.UseSSL"))                
  if (ConfigurationManager.AppSettings["SharedSSL"].ToString() == "true")            

DY

I'm having the problem, when I check the use SSL, every page without ssl works but all the pages that need the ssl is not accessible or that part of the site goes down.

carlelmore wrote:

Hello,
Is the problem resolved? I also have the same problem.

The very simplest way to do this is:

 if (IsHttps())
{
    url = url.Replace("http://", "https://");
}

public static bool IsHttps()
        {
            return HttpContext.Current.Request.IsSecureConnection;
        }

Enjoy !

(This change is currently live on my website)