Hi,
I want to hire an SSL certificate in my hosting to go from http to https. But I wonder, what steps and what settings do I have to make in OJS. Indicate that I have version 2.4.7-1. I’m waiting.
Hi @gardbeat,
There’s nothing particular you need to do with OJS to accomplish this – it’s more a matter of configuring your web server with the SSL certificate. There are a few settings in OJS’s config.inc.php that you can use to adjust OJS’s behavior, e.g. force_ssl and force_login_ssl, but these will depend on the certificate already being configured with your server.
Regards,
Alec Smecher
Public Knowledge Project Team
Hi @asmecher smecher,
how can I know those changes? My question comes mainly to if the SSL certificate is compatible, in this case the hosting is from HostPapa, I attach link to ask if it is compatible, since they do not know if I have to make changes to adapt the web to https. I’m waiting.
OJS is compatible with any type of SSL certificate.
Once you have installed the certificate in your webserver, you will want to turn on at least force_login_ssl in config.inc.php.
Otherwise, as @asmecher said, installing the SSL certificate happens at the webserver level, not the OJS level.
After installing the SSL certificate, you’ll want to consider these OJS settings in “config.inc.php” in your OJS directory:
The setting force_ssl requires HTTPS for all access to OJS.
The setting force_login_ssl requires HTTPS for only logins.
how does it work when we have hosted multiple journal websites on a single OJS installation??
You will need to configure the SSL certificate(s) at the webserver level.
If you have multiple domains resolving to OJS, you likely have multiple virtual hosts. One SSL certificate with multiple SANs or with a wildcard can be used across multiple virtual hosts; or, each virtual host might have a dedicated SSL certificate.
The force_ssl and force_login_ssl directives, however, apply sitewide, so if you use these directives, you’ll need all of your domains to be SSL enabled.
we are not using virtual host instead redirecting through .htaccess. how to proceed in such scenario’s
Can you give a specific example?
ya sure. below are the redirection rules we have written in .htaccess for sites example1 & example2
RewriteEngine On RewriteCond %{HTTP_HOST} ^(www.example1.)?co.in$ RewriteCond %{REQUEST_URI} !^/index.php/example1/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ /subdir/$1 RewriteCond %{HTTP_HOST} ^(www.example1.)?co.in$ RewriteRule ^(/)?$ index.php/example1 [L] RewriteEngine On RewriteCond %{HTTP_HOST} ^(www.example2.)?co.in$ RewriteCond %{REQUEST_URI} !^/index.php/example2/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ /subdir/$1 RewriteCond %{HTTP_HOST} ^(www.example2.)?co.in$ RewriteRule ^(/)?$ index.php/example2 [L]In this case, you would need one certificate with multiple Subject Alternate Names (one SAN for each DNS entry).
I was able to activate it, but in the browsers I get the certificate with yellow alert. I attach the translation of the error that indicates:
Parts of this page are not secure (like images).
This means that your certificate is installed, but some of the content on the page is referenced by “http://” instead of “https://”. This is usually found in links to embedded images or stylesheets.
To see the particular item that is being served over http instead of https, use the Web Inspector and view the Console log.
Helli @ctgraham,
Ok, and I have to do that one by one, or there is some option to be able to do it multiple, since they are quite a few images.
I’m waiting
You will need to address each instances of a hardcoded protocol individually.
You probably want to change these from absolute urls (e.g. “http://mysite/path/to/file”), to either relative urls (e.g “/path/to/file”), or to protocol relative urls (e.g. “//mysite/path/to/file”).
1 Like