By webdev2 on

I have an SSL certificate for the site. I need the user to log in using an SSL login page so I was considering using the Secure Pages module (http://drupal.org/project/securepages). On that page for the module, it states, "Make sure that your web server has SSL enabled and you Drupal installation has been configured to support SSL access".

How do you do that? What changes must I make to Drupal itself?

Many thanks!

Comments

webdev2’s picture

webdev2 commented

Any modules or ideas how to force SSL for some pages without using Apache conf file?

polskikrol’s picture

polskikrol commented

Would be very useful, looking to use a StartCom SSL cert to provide secure login. Does any module or documentation exist for enabling SSL logins?

webdev2’s picture

webdev2 commented

With I used that module, you can configure which pages are under SSL cert encryption. So I defined /user and you could also define , or / I think.

Dubber Dan’s picture

Dubber Dan commented

On that page for the module, it states, "Make sure that your web server has SSL enabled and you Drupal installation has been configured to support SSL access".

Was just wondering that myself... Anyone got any pointers?

webdev2’s picture

webdev2 commented

Candid advice, do a mod_rewrite in apache conf file instead of here.

Dubber Dan’s picture

Dubber Dan commented

Can you explain more?

webdev2’s picture

webdev2 commented

Create a .htaccess file in your root folder and rewrite all incoming web page request to httpS://

Here's an article:
http://www.besthostratings.com/articles/force-ssl-htaccess.html

Dubber Dan’s picture

Dubber Dan commented

Ok thanks for the link.

A question re the pages in Drupal, do I just create those as normal, and then use the securepages.module to designate them as needing SSL?

webdev2’s picture

webdev2 commented

That's right, from what I understand.

stanb’s picture

stanb commented

"Warning: Do not enable this module without configuring your web server to handle SSL with this installation of Drupal"

Is this simply saying that the URL must be configured for HTTPS and HTTP or is there a bit that needs to be set in Drupal before enabling the module?

Can this be used WITH Apache mod_rewrite in the htaccess file or should that be disabled?

Any help is appreciated. Thanks.

Stan B

Strae’s picture

Strae commented

I have a valid certificate and secure pages works, but when i click on the 'test link', i got 404.

My question is: should i copy my drupal installation from /vhosts/example.com/httpdocs to /vhosts/example.com/httpsdocs/ ?

You HAVE to assume your visitor is a maniac serial killer, out to destroy your application. And you have to prevent it.

reybryand’s picture

reybryand commented

BUMP BUMP!

I am looking for the same information. I have a webform with Authorize.net payment information. It requires the form to be SSL, so I downloaded Secure Pages module but all the instructions are limited and there is nothing intuitive about implementing this feature. Any help would be greatly appreciated.

Thanks you.

barbnooch’s picture

barbnooch commented

Hi reybryand,
Did you ever get this figured out?
I have ssl set up and everything and I can access the pages I manually put under my https folder, its just that I'm having hard time accessing my entire drupal install under http from https. In my httpd.conf, I put an Alias for '/' to point to my http folder and the front page works fine, but if i try to go anywhere else it doesn't work.

wireyourworld’s picture

wireyourworld commented

Yep me too. Can we have a REAL step by step for newbies on this? I've gotten as far as purchasing a cert from godaddy, and I'm using ubercart. It's crazy here that one thing does not follow the other in order. It's like, get the cert, and oh yeah you need this, but to use that, you need this, and this, and before you do that, go here first...... I'm scared to even try to implement the cert on my domain for fear I'll tell it the wrong page to secure. So, ok, I think I don't secure the whole domain, whats the url for the page I'll want to secure? Where do I find that out? Do I create that page myself using the Secure pages mod? How? Will they have to create a login to check out? I'm very confused too! Its enough to just stick with paypal but I really understand that some customers hate paypal. I'm a google merchant to accept checkout but I've never used it, my customers on other sites, when given the options, choose amazon payments.

A complete set of instructions is badly needed here. I'd write it if I knew what to do myself!

wireyourworld’s picture

wireyourworld commented

To follow up, I ended up calling godaddy to get tech help. Their instructions didn't match what was in my cpanel. turns out my host greengeeks.com will have to charge me $30 a year for a dedicated IP to install the cert. I gave them an earful on how I didn't appreciate finding that additional charge out after I paid for 2 years of hosting. I mean, their site shows all these wonderful ecommerce options but doesn't mention additional charges for a simple SSL. Now I'm back to wishing I could use AMAZON PAYMENTS OR CHECKOUT!!! Will someone PLEASE develop that payment module for ubercart? I requested in there, and apparently people have been asking for it for 3 years to no avail. I really wanted to accept something besides paypal on my personal site but now I'm reconsidering with these extra fees for setup. Paypal just looks SO last decade.

wireyourworld’s picture

wireyourworld commented

And I wasted an entire day on this, again. I seem to waste lots of days configuring drupal. Hope these posts help out someone else.

barbnooch’s picture

barbnooch commented

Just as a follow up, I did figure this out.
In case this might help someone else...

My set up is like this (I use virtual hosts):
I have two paths
1) /virtualhost/myvhost/http
and
2) /virtualhost/myvhost/https

My Drupal install is under the first path (the http one)

In my httpd.conf under https, I just pointed the DocumentRoot at '/virtualhost/myvhost/http/html/' and then set the 'Directory' directive to allow access to the http path as well. Everything seems to be working...

fehin’s picture

fehin commented

subscribing

Matthew Woodard’s picture

Matthew Woodard commented

For some reason my Secure Pages module is not recognizing sessions when going from http to https.

You can see here, http://matthewwoodard.com/products, if you add to cart, you will see the cart is empty...?

Any suggestions greatly appreciated.

rennsix’s picture

rennsix commented

@matthewwoodard

In your .htaccess file in the drupal installation take a look at the Rewrite settings. You need to uncomment and use WITH www or WITHOUT www for the SSL and for the items to go to the cart. Change the (example) text to your own site.

# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment and adapt the following:
RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]

aoturoa’s picture

aoturoa commented

When using DirectAdmin for you websites and want to use SSL, first make sure you have secure pages available in your hosting packet.
You will find private_html and public_html in you user directory.

When using sub-domains, in both directories sub-directories are created where to put your stuff.
When using only one Drupal core in the main public_html directory, make sure to remove the created subdomain-directory and replace it with a symlink:

<?php
// Point subdomain to main Drupal core
symlink('/home/USER/domains/YOURDOMAIN/public_html', '/home/USER/domains/YOURDOMAIN/public_html/SUBDOMAIN');
// For secure pages
symlink('/home/USER/domains/YOURDOMAIN/public_html/SUBDOMAIN', '/home/USER/domains/YOURDOMAIN/private_html/SUBDOMAIN');
?>

For using your Drupal site in HTTPS, create a symlink from private_html to you public_html:

<?php
symlink('/home/USER/domains/YOURDOMAIN/public_html', '/home/USER/domains/YOURDOMAIN/private_html');
?>

The code comes up with an permission error if the parent directory is not writable. Change the permissions temporaraly!

Hope this helps some folks using DirectAdmin or similar hosting setup.
Please correct me if you have better solutions.