VirtueMart Forum

[Update by Milbo] please look here http://www.ostraining.com/blog/joomla/how-to-enable-ssl-https-only-on-certain-joomla-pages/[/update] ;-)

Joomla v1.7.3/virtuemart v2.0.0

I've enabled SSL for sensible areas on the shop configuration page. But I don't know how to point VM to my secure webspace.

I'm using a shared server and have configured my shared SSL space successfully (I can access it at https://blahblahblah). The cart pages work fine up to the point of confirm order. I then get page not found when I click the confirm order button. I've trawled through various posts and it appears that it was possible to specify a secure url in vm1. How do I do this in VM2?

I've also seen another post advising to configure SSL in joomla too. But I can only see the option for entire site or individual menu items. As the cart isn't a menu item I can't understand how this is supposed to work.

You don't enter it, you just select "Enable SSL for sensible areas (recommended)" in shop configuration. If your site is http://www.thisdomain.com then VM will redirect checkout etc to https://www.thisdomain.com

Thanks Kelvyn. I think it might be due to how it's configured with my hosting provider. I'm with fasthosts using their 'white label ssl domains'. So they ask you to define a folder for your ssl pages and then allocate an ssl web address. I don't think I can use https:/www.mydomain.com with my hosting package. So for me this is

https://secure.prositehosting.co.uk/mydomain

When I enable ssl for sensible pages I get URL not found for the following:

https://www.mydomain.com/index.php/online-store/cart/checkout

Any ideas how I can get this to work?

No idea about that one. It is non-standard!

Oh dear! I thought you would probably say that. Thanks anyway. I'm new to joomla and virtuemart. This forum is brilliant and has helped me learn a lot in very short period of time.

Fasthosts make it sound like this is standard for them and recommend it for use with ecommerce sites so maybe it's something else I'm doing wrong. I'll check with them and see what they say. I'll post a solution here if I find one. In the meantime if anyone else has had this problem please let me know if/how you got around it.

Farcehost support has previously not been especially helpful, but hopefully they have got better. At the moment VM requires a standard https/dedicated certificate setup.

OK, Fasthosts confirmed that the shared ssl webspace is only available in a sub directory in a shared domain. I guess this is the drawback with shared hosting. Here's the thing, we're a small start-up on a shoestring budget. One of the reasons for choosing joomla and virtuemart was that it appeared easy and quick to get up and running the other was that it was free (I'll make a donation when/if we start making a profit). My option now is to go for dedicated hosting at a hefty price increase which we can't afford right now.

I got the impression from other posts that it was possible to specify a secure url in VM1. Is that correct? It also appears that it's possible in other ecommerce products. Is there any possibility of getting this added in future release? My thinking here that a lot of people must choose joomla/virtuemart for the same reason and therefore have budget constraints and have opted for shared hosting.

Yes, VM1.1.x allows the use of shared SSL certificates (available from around £25 (https://www.trustico.co.uk/rapidssl/who-is-rapidssl.php)) but this will not work for all server configurations. On most hosts it is possible to use your own SSL certificate without needing a dedicated server, you just need a dedicated IP address for the domain.

I'd guess it may be added to VM2 later as an option in the core admin, but most likely as a plugin. Most sites that use PayPal for payment do not use SSL on site, but when transfered to PayPal then the process is made under their SSL.

Thanks for clarifying that. Re: 'Most sites that use PayPal for payment do not use SSL on site, but when transfered to PayPal then the process is made under their SSL.'. The issue for me is that when the user returns from Paypal to my site they get a nasty message saying it's not secure and advising them not to proceed. This is using firefox, I've not tried in IE yet.

Anyhow, I'll continue building the rest of the store and live with this for the moment and have to review my hosting if that plugin doesn't come along. Thanks again.

Actually shared certificates are used a lot and being unable to use them in VM 2.0 sounds a bit odd. I'd throw my 2 cents in for it to be added as an option in the core....please.

Really!?   Why would you remove this feature, many many MANY hosts use shared secure certs.  How is 2.0 an upgrade from 1.x when you strip out a key feature.  Anyone know of a hack to make this work on a shared host?

In fact it is a joomla setting. Look for a joomla extension like "shared ssl with joomla".

 :o :o :o :o :o
This seems ridiculous!...
Ive always been a proud supporter of virtuemart, but my recent attempts at using the latest version has left me pretty disheartened.
I'm currently trying to update a clients site to Joomla 2.5.6 which has gone smoothly until I hit virtuemart 2

The current configuration and store pages are confusing and convoluted at best, I believe the older version was much simpler and straightforward to use.

My client has a dedicated SSL which is pointed to https://secure.domainname.com for various reasons. Having no ability to point to this SSL path means that virtuemart is basically useless now.

If anyone has a solution or hack to setup a custom SSL path it would be greatly appreciated

In Virtuemart 2.0 you cannot enter a securel (HTTPS) url which is different than your normal domain. So shared SSL is a problem. I found a solution to this problem.  :D

1. make sure that you enable mod_rewrite (in your joomla administrator console)

2. Place .htaccess in the root of your web folder (via ftp)

Place a code in your .htaccess file which redirects specific areas of your website to https. In this case I have a code in place which redirects the cart and the register section to https. It allows you to use a different url than your normal one, so you can use shared SSL as well! The code looks like this:

########## Begin - redirect to SSL Section
############# Use this section for custom redirects
#
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} component/virtuemart/cart
RewriteRule ^(.*)$ https://yoursecureurl.com/component/virtuemart/cart/$1 [R,L]
#
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} component/users
RewriteRule ^(.*)$ https://yoursecureurl.com/component/users/$1 [R,L]
#
########## End - SSL Section

Above didnt work for me. What did was this:

RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
rewriteCond %{HTTP_HOST} ^yournormalserver.com$
RewriteCond %{REQUEST_URI} component/virtuemart   (OR the menu item name you have like mine : order-online/cart)
RewriteRule ^(.*)$ https://yoursecureserver.com/index.php/component/virtuemart/ [R,L] 

index.php may, may not be there but i was using joomla's SEF urls without mod_rewrite so i had an index.php there. With mod_rewrite on and and without index.php it didnt work for me.

Just wondering if there is a fix for this issue. I have searched everywhere.
It seems rather odd for such thorough shopping cart software to have such little support for SSL considering how many people use SSL and that it worked fine in the previous versions of Virtuemart.
My site is www.electricfenceaustralia.com.au and my SSL is for secure.electricfenceaustralia.com.au

Joomla! 2.5.11
Virtuemart 2.0.20b

VirtueMart uses the standard Joomla SSL settings, so if your standard url is http://www.electricfenceaustralia.com.au the server must be set up so that the secure url is https://www.electricfenceaustralia.com.au  BUT you may be able to redirect the https using .htaccess as described above, although not all servers/hosts allow this and you may have to use a wildcard secure certificate.

What we do is just to use the normal joomla methods. So we can concentrate on ecommerce itself, here is a nice manual, explaining how todo it with joomla tools. http://www.ostraining.com/blog/joomla/how-to-enable-ssl-https-only-on-certain-joomla-pages/

Sorry but I had to post this. And I apologise now!

Is it only me but,  electricfenceaustralia has a separate secure area called secure.electricfenceaustralia

By definition the former implies the later!  ;D

Hutson im not smart enough to get your joke but im sure it is funny  ;)

Thanks Jenkinhill and Milbo for your informative replies but it was easier to change my ssl to https://www.electricfenceaustralia.com.au as the secure.electri.. one was conveniently running out.

It still has issues switching to and from https if you go in and out of checkout but i just made the whole virtuemart secure and it will do for now.

Milbo - No disrespect, you guys do a great job and I understand what you are saying and realise the mountains of tasks you guys have to deal with just to put your product out there but ecommerce and SSL go hand in hand and always should.
I will read that article you suggested and i hope it has a solution so i can just have the checkout secured.

Many thanks again.