Posted on Leave a comment

WordPress Rating-Widget shows blank reporting graph when using SSL

Wordpress Logo

By default, the free version of the WordPress Rating-Widget does not officially “support” SSL/https setups. In reality, there are no problems using it on SSL setups except when it comes to the reporting graph which is loaded via a http connection set in the configuration, thus causing CORS to kick and prohibit non-safe external requests: Rating-Widget empty reporting graph When looking at the failing request using the developer toolbar you can see the CORS warning: Rating-Widget CORS error So, at this point feel free to either buy the pro version or change one line in the configuration to enable SSL/HTTPS support for the free version too (which I find should be supported in the free version too).

Enabling SSL support for reporting graph

Having a quick look at how the widget assembles to reporting graph URL for the iframe reveals that only one constant needs to be changed: WP_RW__ADDRESS. In lib/config.common.php change the following line

define( 'WP_RW__ADDRESS', 'http://' . WP_RW__DOMAIN );


define( 'WP_RW__ADDRESS', WP_RW__PROTOCOL . '://' . WP_RW__DOMAIN );

to automatically set the correct protocol based on your current setup. Voila, the graph works with https too: rating-widget-graph-screen

Posted on 1 Comment

Can’t upload product image on eBay Error using M2ePro on Magento

Magento Logo

After a switch to a https only setup on a Magento 1.8.0 installation using M2ePro 6.1.6 the following error ocurred when trying to list items using images:

Can’t upload product image on eBay

A quick Google search revealed the following official statement from the company behind M2ePro:

This problem does not concern to m2e pro.

The setup here uses 301 redirects to permanently redirect http requests to https, in addition to Magento being set to use secure URLs only. Despite Magento`s setting to force links to be generated https-only a quick code review of M2EPro revealed that image URLs are generated for http only. In fact, possible https links are replaced by the http ones, as shown in the prepareImageUrl method in class Ess_M2ePro_Model_Magento_Product:

private function prepareImageUrl($url) {
  if (!is_string($url) || $url == '') {
    return '';

  return str_replace(array('https://', ' '), array('http://', '%20'), $url);

Now the first test was to change the str_replace(), thus forcing image URLs to be created https only:

return str_replace(array('http://', ' '), array('https://', '%20'), $url);

This forces links to be prefixed with the https:// protocol. Now it should work, right? Since M2ePro receives working secure image URLs that it can forward to eBay which in return fetches them on demand. Wrong! It seems like there is a general problem with eBay being able to process https image URLs. So, currently the only option seems to allow unsecure http image URLs to be fetched by eBay. An statement from eBay support did not resolve the problem at hand:

If the direct image upload is working and you are able to list products it’s not a problem related to eBay.

I will report back in case the SSL problem with image URLs get resolved.

Posted on Leave a comment

Remove Passphrase from SSL Keys

Source Code Icon

When it comes to generating SSL keys passphrases play an immanent role. They need to be specified when creating SSL keys and are checked each time the key is being used to ensure authorized access. For instance, when starting your Apache web server with a SSL certificate you will need to enter the original passphrase to verify authorized access. The following simple step shows you how to remove passphrase from SSL keys.

If you don’t already have a SSL key create a 2048 bit RSA key with triple DES block ciphering first and specify your passphrase as usual:

openssl genrsa -des3 -out your-server.key 2048

Of course you can choose any other modulus bits count and ciphering mode to generate your SSL key. Then, make a backup of the original certificate with the passphrase still set just in case:

cp your-server.key your-server.key.WITH_PASS

Remove Passphrase

And finally remove passphrase from your SSL key:

openssl rsa -in your-server.key.WITH_PASS -out your-server.key.WITHOUT_PASS

Now you can use this key without requiring the enter the passphrase on every single use, e.g. when Apache web server starts, etc. That’s it.