ShopSite Forums

[schnur]

I purchased an SSL certificate from my webhost, but I am finding the pages in my shopsite account are showing up as insecure. I did a little experimenting and if I build a page completely empty of content, it displays as secure. If I place an image, or item through the shopsite interface the page reloads as "This page has insecure content".
I viewed the the page source I found that all images are listed as:
http://www.MYSITE.com/shop/media/IMAGE.jpg

Of course if I change that url to https, that image loads fine and secure.

Why is shopsite building these pages with insecure links, and urls? I feel like I'm missing some bigger problem that is causing this.

Help!

[Jim]

The images and store pages are based on the the authorized url that you specified when your store was created. If you have a secure certificate for you site and you have the settings on Preferences > Hosting Services configured correctly, then ShopSite will use the appropriate urls for images used on secure screens. There is no reason to have most of the of your store pages secure. Secure pages are encrypted on the server and the size of the data that the shopper needs to download is significantly increased so it adds overhead on your server and the shopper's computer that they are browser on.

The only screens that need to be secure are the ones that the shopper enters personal information on, like the billing screen and confirmation screen and the customer registration screens. If the images on those screens that are not secure, and you are using one of the ShopSite templates, then the secure setting under Preferences > Hosting services are probably not configured correctly. Another possibility is that you have hard coded the urls in the header/footer sections for the shopping cart screens on Commerce Setup > Order System > (Shopping cart, Checkout, Confirmation, Thanks You ).

If you really want all of your pages to be secure, that can be done but you must specify a secure url for the authorized url that is in your <storeid>.auth file that is the license key. If you get a new .auth file for your store, you will also need to have some settings manually reconfigured so that the appropriate urls will be specified. The file that contains these settings is called <storeid>.aa and is in the ss directory of the store (linux, freebsd, Solaris or in both the sc and ss directories on Windows servers). You will probably need to have your host make the modifications for you.

[schnur]

Jim, thanks so much for your help and logic. This is my first time setting something like this up, and I didn't realize until you said it, of course only the billing information needs to be secure - I was trying to make the whole site secure and that isn't necessary. I just ran a test and it works perfectly. Cheers!

There is no reason to have most of the of your store pages secure.