got SSL Certt - next step?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Zander1983
Forum Newbie
Posts: 20
Joined: Mon Mar 21, 2011 2:26 pm

got SSL Certt - next step?

Post by Zander1983 »

I have a SSL Cert for my site. I've put all the files from the http folder to the https folder. What is normally done to redirect people to the https folder? Do i use a url rewrite rule in the .htaccess folder so everytime someone is looking at a http page, its actually a https page?
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: got SSL Certt - next step?

Post by flying_circus »

After your SSL certificate is installed, you can use the https scheme. https://example.org.

You dont need to create an https directory, just change the hyperlinks in your html files. If you want to force a page to display only if it's https, you can use php to check the protocol/port and redirect accordingly.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: got SSL Certt - next step?

Post by Christopher »

Zander1983 wrote:I've put all the files from the http folder to the https folder.
What? I don't understand why you have two directories? There no such thing as a http page or https page. Any page or file can be delivered with either http or https. They are protocols.

I always install the certificate so both http and https for a domain are for the same directory. It is up to your code to specify which URLs user http and which user https.
(#10850)
unplugme71
Forum Newbie
Posts: 13
Joined: Wed Jul 13, 2011 2:39 pm

Re: got SSL Certt - next step?

Post by unplugme71 »

I have my sites-available setup like this

<VirtualHost XXX.XXX.XXX.XXX:80>
ServerName domain.com
DocumentRoot /home/username/www/domain.com/
</VirtualHost>

<VirtualHost XXX.XXX.XXX.XXX:443>
ServerName secure.domain.com
DocumentRoot /home/username/www/secure.domain.com/
</VirtualHost>

XXX.XXX.XXX.XXX is the server's IP address. I have two IP addresses for the server I am on.

https://secure.domain.com works, but http://secure.domain.com does not display anything but a page cannot be found since there's no reference to port 80
http://www.domain.com works, but https://www.domain.com does not display anything but a page cannot be found since there's no reference to port 443

Or you can go with another option, make https://www.domain.com and http://www.domain.com both show the same content by sharing the same DocumentRoot

The user can choose if they want to browse securely, simply by using https://

Now if you want to make users only browse https:// you can use .htaccess or php to redirect the user. The choice is ultimately yours. Just make sure anything personal that is submitted is done through https://
Post Reply