Page 1 of 1
got SSL Certt - next step?
Posted: Mon Jul 11, 2011 12:36 pm
by Zander1983
I have a SSL Cert for my site. I've put all the files from the http folder to the https folder. What is normally done to redirect people to the https folder? Do i use a url rewrite rule in the .htaccess folder so everytime someone is looking at a http page, its actually a https page?
Re: got SSL Certt - next step?
Posted: Mon Jul 11, 2011 6:49 pm
by flying_circus
After your SSL certificate is installed, you can use the https scheme.
https://example.org.
You dont need to create an https directory, just change the hyperlinks in your html files. If you want to force a page to display only if it's https, you can use php to check the protocol/port and redirect accordingly.
Re: got SSL Certt - next step?
Posted: Tue Jul 12, 2011 2:47 am
by Christopher
Zander1983 wrote:I've put all the files from the http folder to the https folder.
What? I don't understand why you have two directories? There no such thing as a http page or https page. Any page or file can be delivered with either http or https. They are protocols.
I always install the certificate so both http and https for a domain are for the same directory. It is up to your code to specify which URLs user http and which user https.
Re: got SSL Certt - next step?
Posted: Wed Jul 13, 2011 2:48 pm
by unplugme71
I have my sites-available setup like this
<VirtualHost XXX.XXX.XXX.XXX:80>
ServerName domain.com
DocumentRoot /home/username/www/domain.com/
</VirtualHost>
<VirtualHost XXX.XXX.XXX.XXX:443>
ServerName secure.domain.com
DocumentRoot /home/username/www/secure.domain.com/
</VirtualHost>
XXX.XXX.XXX.XXX is the server's IP address. I have two IP addresses for the server I am on.
https://secure.domain.com works, but
http://secure.domain.com does not display anything but a page cannot be found since there's no reference to port 80
http://www.domain.com works, but
https://www.domain.com does not display anything but a page cannot be found since there's no reference to port 443
Or you can go with another option, make
https://www.domain.com and
http://www.domain.com both show the same content by sharing the same DocumentRoot
The user can choose if they want to browse securely, simply by using https://
Now if you want to make users only browse https:// you can use .htaccess or php to redirect the user. The choice is ultimately yours. Just make sure anything personal that is submitted is done through https://