CiviCRM Community Forums (archive)

G'day,

I am in a shared hosting environment and was wondering if "Force Secure URLs (SSL)" can be made to work with a shared certificate.
So that if my site is http://mysite.com critical operations could be redirected to an address I specify, like https://mysite.myprovider.com, and then return when finished (or stay there if that makes things simpler).

As I'm seeing no way to specify a target for https, I assume that by default the forced secure URLs would just be replacing http with https but keep using the same server and path (i.e. replace http://mysite.com with https://mysite.com). I have looked at using a redirect or rewrite directive in .htaccess, but get a "missing certificate" message as soon as I hit the site with https, so that would not do the trick.

Is there a way to do what I am after?

TIA,

Ronald

Thanks Lobo.
I guess those with the funds to potentially sponsor the functionality don't have the problem because they get their own certificate in the first place.

Cheers,

Ronald

Sounds good, thanks. 

Ronald

I think the below is fine and an acceptable hack (IMO). You might also want to check: CRM/Utils/System/Drupal.php, function mapConfigToSSL( ) (thought i think this function is not needed in drupal 6)

lobo

Ok, so I did enable "Force secure URL" and got a blank page with an "https" URL.
Trying to go back- or forward, or directly access known pages (substituting "https" with "http"), resulted in blank pages with "https" URLs as well.

Not so good. I tried to find the setting in the database and my guess is it's somewhere in civicrm_domain.config_backend, however the contents of that field proved completely incomprehensible to me. (Seems like there's a whole bunch of settings squeezed into that single field in some pattern I could not quite work out. Surely worth a comment as well but I'll skip that for now... )

So I looked around the code some more and found more places where string replacements take place:
/CRM/Admin/Form/Setting/Url.php
/CRM/Core/Config.php

Patched those as well and then I got at least a certificate warning, telling me that the certificate for https://mydomain.com belongs to https://*.myprovider.com.
[Edit] (Seems my provider has installed that certificate for my domain to allow for https connections, even if they induce certificate errors.) [/Edit]

So I "allow an exception" and finally come back into the CiviCRM admin section, with a red warning at the top stating

warning: file_put_contents(Config.IDS.ini): failed to open stream: Permission denied in /path/to/civicrm/CRM/Core/IDS.php on line 108.

However the URL shown in the location bar still is https://mydomain.com even though that can't really be. (Again, because that domain does not have a certificate installed at all.) So it seems a bit as if the URL the browser shows was different from the one that's actually accessed. Can that be? If so, why would that have happened? If not, what else could be going on?

Also, it seems that since I got a white page rather than an error message on my first attempt, this code
...
in civicrm/CRM/Admin/Form/Setting/Url.php does not really seem to do what one would expect. Or am I missing something?

I guess for now I'll revert that setting again, but I'd really like to know what's going on there and how to get it to work.
[Edit] Reverting that setting was tricky, too, because the links on the site happily pointed to and fro between https://mydomain.com and https://mydomain.myprovider.com, so I had to login to both. Also note that both are https URLs - I would have understood if it were http://mydomain.com and https://mydomain.myprovider.com, in fact that would have been close to my original intentions, but though the host was exchanged, the protocol stayed at https.[/Edit]

TIA for any hints,

Ronald

Thanks for the information, Lobo, much appreciated.
There's only one settings file but maybe that's part of the problem - have to do some more playing around with this.

Ronald