25 January 2010, 10:44

Hello All,

I read that version 1.2 supports HTTPS logins, but I cannot find any documentation on this or figure out how to enable it.

Did support for HTTPS actually make it into 1.2.2?

Thanks, Jez

25 January 2010, 12:13

Yes it did .

Have a look at config-dist.php and you'll see these lines:

// You will only need to specify this if you want to use HTTPS for
// logins, but not for regular pages. If you want to serve all of your
// Mahara content via HTTPS, just set $cfg->wwwroot to use HTTPS instead.
//$cfg->httpswwwroot = 'https://myhost.com/mahara';

Once you have SSL configured and enabled in your web server, just add a line like the above (without the comment characters and with the right URL, of course ;-)) to config.php and you'll be done.

Saludos,
Iñaki.

26 November 2010, 2:17

hello inaki,

we have the SSL configured and enabled in our web server  but i have a problem when i m using IE8, (no such problem with Firefox ) , the page appear to be corrupted when i click yes on this message ( Do you want to view only the webpage content that was delivered securely?)

i add the line $cfg->httpswwroot in the config.php and still have the same corrypted page.

If you can help to resolve this issue

thank you

Bahaa

26 November 2010, 11:05

Could you please post an screenshot showing the problem? The only box with IE 8 that I have access to doesn't show a problem like the one you describe.

Saludos.
Iñaki. 

29 November 2010, 1:05

Dear Iñaki

below you can see a screenshot of the message  , the other photo for the website when we click the button yes on the security warning.

29 November 2010, 16:09

Does this happen when you fill in your user name and password and click on login button? Or when you either leave the username or password empty an click on login?. It might be a bug and I'd need to narrow it down.

On the other hand, clicking on 'No' at the security dialog box should show all the content right (see http://ebersys.blogspot.com/2009/03/do-you-want-to-view-only-webpage.html to know what clicking on 'No' implies).

Saludos.
Iñaki. 

30 November 2010, 0:38

its happen when i enter our mahara website, also when i press on login button whether its blank or not.

by clicking the button no everything is ok.

Thank you

02 December 2010, 8:56

Hello Bahaa,

There is currently an IE issue with enabling https for login page only, I have filled in the tracker issue: https://bugs.launchpad.net/mahara/+bug/684190

Though it works fine if you have https enabled to all site content (not for login page only), so try using both:

$cfg->wwwroot = 'https://yourwebsite'

$cfg->httpswwroot = 'https://yourwebsite'

It should help.

22 December 2010, 6:31

We are not using SSL any more so I have not lookd into this... but I assume you know that IE is doing that because the styleSheet is not being called on an https URL?

Just thought Id mention this... all .js .css includes will need to be on https...

18 March 2011, 9:47

I found it was the gravatar link using http that caused  IE to complain about insecure content. Add this to your config.php to fix

$cfg->remoteavatarbaseurl = 'https://secure.gravatar.com/avatar/';

I use https for all sessnions so my config is

$cfg->wwwroot = 'http://mysite.ac.uk/mahara/';

// You will only need to specify this if you want to use HTTPS for
// logins, but not for regular pages. If you want to serve all of your
// Mahara content via HTTPS, just set $cfg->wwwroot to use HTTPS instead.
//$cfg->httpswwwroot = 'https://mysite.ac.uk/mahara';

I couldn't get https for login only working set like this :-

$cfg->wwwroot = 'http://mysite.ac.uk/mahara/';

$cfg->httpswwwroot = 'https://mysite.ac.uk/mahara';