How to secure osCommerce SSL Configuration

If you follow along with the configuration documentation3, your site will be prepared to use SSL for your osCommerce. Even if you only accept a 3rd party payment gateway such as google wallet or paypal, you still need secure login and account creation. You owe it to your customers to keep your site secure. And, forcing SSL login through the configuration of osCommerce will go a long way to building trust and authority.

1If your site isn’t showing a browser padlock when you test your login or cart checkout, I have a few sections that you can edit in /includes/configure.php and /admin/includes/configure.php

osCommerce SSL configuration

<?php
define('HTTP_SERVER', 'http://www.domain.com');
define('HTTPS_SERVER', 'https://www.domain.com'); //HTTPS_SERVER is your osCommerce SSL URL
define('ENABLE_SSL', true); // Set this to true once you have SSL installed.
define('HTTP_COOKIE_DOMAIN', 'www.domain.com');
define('HTTPS_COOKIE_DOMAIN', 'www.domain.com');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '/');
define('DIR_WS_HTTP_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
define('DIR_FS_CATALOG', '/home/xxxxx/public_html/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

define('DB_SERVER', '192.168.0.2');
define('DB_SERVER_USERNAME', 'username');
define('DB_SERVER_PASSWORD', 'password');
define('DB_DATABASE', 'database_name');
define('USE_PCONNECT', 'false');
define('STORE_SESSIONS', 'mysql');
define('CFG_TIME_ZONE', 'America/New_York');
?>

osCommerce SSL Admin Configuration

<?php
define('HTTP_SERVER', 'http://www.domain.com');
define('HTTP_CATALOG_SERVER', 'http://www.domain.com');
define('HTTPS_CATALOG_SERVER', 'http://www.domain.com');
define('ENABLE_SSL_CATALOG', 'true');
define('DIR_FS_DOCUMENT_ROOT', '/home/xxxxx/public_html/');
define('DIR_WS_ADMIN', '/admin/');
define('DIR_FS_ADMIN', '/home/xxxxx/public_html/admin/');
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/oscomdemo/');
define('DIR_FS_CATALOG', '/home/xxxxx/public_html/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

define('DB_SERVER', '192.168.0.2');
define('DB_SERVER_USERNAME', 'username');
define('DB_SERVER_PASSWORD', 'password');
define('DB_DATABASE', 'database_name');
define('USE_PCONNECT', 'false');
define('STORE_SESSIONS', 'mysql');
define('CFG_TIME_ZONE', 'America/New_York');
?>

You can further enhance your osCommerce SSL configuration by reading this article about HSTS SSL Security

References

  1. osCommerce Force SSL Login
  2. Apache HSTS
  3. osCommerce Installation Steps

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.