Home  General questions  Secure connection fails  

Secure connection fails

If the following warning is displayed with the enabled secure connection on the General page in the administrator panel:

Warning: The secure connection check has failed. Check HTTPS settings in config.php file and make sure that SSL certificate is installed on your server.

  1. Check whether SSL certificate is installed on the server. The easiest way to do it is to make sure the same HTML page is accessible through HTTP and HTTPS. There is an HTML file in the CS-Cart root directory that can be used for that:
    http://www.your_store.com/store_closed.html
    and
    https://www.your_store.com/store_closed.html
    If the opened pages have the same content it means that SSL certificate is installed on the server. If you see the Not Found error (404 page), but your browser indicates the page is viewed through a secure connection, most probably there is a separate secure directory on your server and it does not point to the regular web root one. If your server is Unix-based and the secure directory is on the same server as the public_html one, it is required to create a symbolic link to the public html directory in the secure one. This will allow to have one CS-Cart installation on your server. If your server is Windows-based or your secure directory is on another server, it is required to copy all the files of existing installed CS-Cart (not to make a new CS-Cart installation) from regular server to secure one. Both CS-Cart installations must have access to the same MySQL database.
    NOTE: It is inconvenient to have 2 separate CS-Cart installations:
    - If you modify a file in one CS-Cart installation, you will have to apply the same file changes to the appropriate files of the second CS-Cart installation
    - HTML catalog will be generated in the catalog directory of the 'secure' CS-Cart installation and it is required to move it to the 'insecure' catalog directory manually
    - The 'Skin selector' and 'Template editor' features will affect only skins of the 'secure' CS-Cart installation.
  2. Check whether the host and directory where cs-cart is installed on the secure server are set up in the config.php file located in the root CS-Cart directory. The section that defines HTTP and HTTPS hosts should look like the code below:
    // Host and directory where cs-cart is installed on usual server
$cscart_http_host = 'YOUR_HTTP_DOMAIN';
$cscart_http_dir = '/store';

// Host and directory where cs-cart is installed on secure server
$cscart_https_host = 'YOUR_HTTPS_DOMAIN';
$cscart_https_dir = '/your_secure_directory';
  3. Check if there is proxy on your server. If it is, please follow the instructions in item #3 in this article.
  4. If everything is set up properly but the warning is displayed, most probably the problem is caused by the specific way of determining secure connection on your server.
  5. Compare PHP configuration of your regular and secure servers:
    1. Log in your administrator panel and click on the PHP information link at the bottom. The following page will open: http://www.your_domain.com/admin.php?target=tools&mode=phpinfo, where your_domain.com is the address of your store.
      1. Open the https://www.your_domain.com/admin.php?target=tools&mode=phpinfo page (note https instead of http in this link).
      2. Compare the content of the PHP Variables sections on the opened pages line by line.
        For example: There is the _SERVER["SERVER_PORT"] setting with the 80 value in the PHP configuration of insecure server, but the same setting has the 443 value on one of the secure servers.
      3. If a difference is found, add one more condition to the https_detect.php file located in the core directory.
        For example:
        1. Add the following part of code to the file:
          } elseif ($_SERVER['SERVER_PORT']=='443') {
    define('HTTPS', true);

          below this one:
          if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS']=='on')) {
    define('HTTPS', true);
        2. Save the file.
        3. Try to enable the secure connection settings.

Noticed an error in the article or it is not clear enough? Any suggestions to improve it? Please let us know by filling in the feedback form. Click here.