Page 1 of 1

got SSL Certt - next step?

Posted: Mon Jul 11, 2011 12:36 pm
by Zander1983
I have a SSL Cert for my site. I've put all the files from the http folder to the https folder. What is normally done to redirect people to the https folder? Do i use a url rewrite rule in the .htaccess folder so everytime someone is looking at a http page, its actually a https page?

Re: got SSL Certt - next step?

Posted: Mon Jul 11, 2011 6:49 pm
by flying_circus
After your SSL certificate is installed, you can use the https scheme. https://example.org.

You dont need to create an https directory, just change the hyperlinks in your html files. If you want to force a page to display only if it's https, you can use php to check the protocol/port and redirect accordingly.

Re: got SSL Certt - next step?

Posted: Tue Jul 12, 2011 2:47 am
by Christopher
Zander1983 wrote:I've put all the files from the http folder to the https folder.
What? I don't understand why you have two directories? There no such thing as a http page or https page. Any page or file can be delivered with either http or https. They are protocols.

I always install the certificate so both http and https for a domain are for the same directory. It is up to your code to specify which URLs user http and which user https.

Re: got SSL Certt - next step?

Posted: Wed Jul 13, 2011 2:48 pm
by unplugme71
I have my sites-available setup like this

<VirtualHost XXX.XXX.XXX.XXX:80>
ServerName domain.com
DocumentRoot /home/username/www/domain.com/
</VirtualHost>

<VirtualHost XXX.XXX.XXX.XXX:443>
ServerName secure.domain.com
DocumentRoot /home/username/www/secure.domain.com/
</VirtualHost>

XXX.XXX.XXX.XXX is the server's IP address. I have two IP addresses for the server I am on.

https://secure.domain.com works, but http://secure.domain.com does not display anything but a page cannot be found since there's no reference to port 80
http://www.domain.com works, but https://www.domain.com does not display anything but a page cannot be found since there's no reference to port 443

Or you can go with another option, make https://www.domain.com and http://www.domain.com both show the same content by sharing the same DocumentRoot

The user can choose if they want to browse securely, simply by using https://

Now if you want to make users only browse https:// you can use .htaccess or php to redirect the user. The choice is ultimately yours. Just make sure anything personal that is submitted is done through https://