Shopping cart system implements a very flexible system to support secure connections (SSL). You can choose which storefront pages and Admin Area sections should be secured. These pages will open over HTTPS, while the rest of the pages will open over simple HTTP, and the shopping cart will transition between these protocols automatically.
Secure connections are disabled by default. You have to properly configure SSL connections in order to use SSL.
First, find out your website's HTTPS domain name and the URL pointing to the shopping cart installation directory. It is most often the same as the HTTP URL (and then the URL appears in the input field automatically), but some hosting companies make it different from it. The necessary information can usually be found in your hosting company's help system. It may also be necessary to contact their support department. You may need to purchase and install an SSL certificate for your website with their help prior to enabling HTTPS.
Note that while the HTTP (insecure) and HTTPS (secure) URLs of the storefront may differ, they both must point to the same server directory, otherwise SSL support is impossible. This is a requirement and you should inform your hosting provider of this fact in rare cases when this is not already implemented. They usually can configure your account as required.
Then, configure SSL for your Admin Area and Storefront.
This page includes the following fields:
|HTTPS URL||The HTTPS URL pointing to the shopping cart installation folder. If HTTPS URL and HTTP URL are identical, this field doesn't need to be modified because it contains the correct value by default. If the URL isn't detected automatically, you should enter one yourself. If you do not know the URL, ask your hosting provider. Note that the URL you specify should point to the installation folder. Some Windows hosting servers provide a "Check" button instead of a "Save" button. See Appendix 1 for details.|
The Secure Admin Area Sections area below helps you choose which Admin Area sections to protect. You can leave all options listed below unchecked, but you must specify a URL to provide full-fledged SSL connections in Storefront.
|Whole Admin Area (Backend)||Switches the whole Admin Area to the secure protocol. Keep in mind, however, that secure connection makes pages load substantially longer because additional time is required to encode and decode data being transferred, including images. Selecting this option is not recommended as it reduces the Catalog performance.|
|Sign-In & Admin Members Management||Secures the following pages: Sign In, Password Update, Password Recovery, and pages associated with the Admin Members section (List, Info, Add, Edit, Password Reset, and Delete).|
|Orders & Customers||Secures Orders (List, Info, Delete) and Customers (List, Info) pages.|
|Payment & Shipping Modules Settings||Secures pages with lists and settings associated with Payment and Shipping Methods.|
A similar method is used to secure your storefront pages. Select the sections that you want your customers to access using SSL.
After you have specified the HTTPS URL and selected the sections to protect, click the Save button.
If the URL is correct and no errors are encountered, the window closes and the https_config.php file is created in the Avactis-system/ directory on the server. If the window does not close, that means an error has occurred.
Certain Windows hosting spaces replace the "Save" button with the "Check" button. The latter helps make sure that the URL you specified actually exists. If the URL is typed correctly and it exists, the following message displays:
If a green message appears, select Yes and click "Close", otherwise select No and try typing the URL once again.
IMPORTANT! Do NOT select Yes if the green message The URL you entered is correct doesn't display. That can lead to system failure. If the failure occurred nonetheless, delete the Avactis-system/https_config.php file.
List of potential errors when saving HTTPS settings.
Please enter the HTTPS URL that points to the root directory of shopping cart.
1. The URL you entered contains syntax error(s).
2. The URL you entered is invalid. A test call to the system returned no response.
3. An error occurred when creating the configuration file due to insufficient rights to write to 'Avactis-system' folder.
4. An error occurred when creating a configuration file due to insufficient rights to write to file 'Avactis-system/https_config.php'.
5. You have deleted a previously entered URL. This means that secured connections will no longer be applied for Admin Area. This can also cause incorrect functioning of secured connections in Storefront (if they are enabled). If you want to stop using secured connections, click Save; otherwise, click Cancel.
6. Unable to delete the configuration file 'Avactis-system/https_config.php', possibly due to insufficient deletion rights. Please change the access rights for this file or delete it manually.