Enabling SSL as default for website

dpalme said:
Is there anything special that I need to do, in order to enable SSL as the default for a website?
Click to expand...

If the question is, how a website would default (force) to https, and if your web server is Apache then enable the rewrite module and apply the following rewrite directives for the website:
Code: 
RewriteEngine      on
RewriteCond        %{HTTPS} off
RewriteRule        ^(.*)$  https://%{HTTP_HOST}%{REQUEST_URI}
 
Without using mod_rewrite this also works:
Code: 
<VirtualHost *:80>
  ServerName www.example.com
  Redirect / https://www.example.com
</VirtualHost>

<VirtualHost *:443>
  ServerName www.example.com
  ...
  ...
</VirtualHost>
 
Sorry I didn't get back until now - the dog ate my homework ;) Seriously that was my daughters' excuse this morning....

So I purchased an SSL certificate from THAWTE last evening - the 123SSL. I created a CSR and sent it to them along with the pertinent information and they responded with what looks like a "combined" file - the top says "web Server CERTIFICATE" followed by an "intermediate CA".

I'm just not sure how to install this now.

I uncommented the following line in http.conf:
Code: 
Include etc/apache22/extra/httpd-ssl.conf
I added a VirtualHost section to the httpd-ssl.conf.

Apache loads OK but when I try to access a secure page, using Firefox I get an untrusted connection message, and on IE from another machine I get some page "It Works", which I'm assuming is the default install and its not hitting my file at all.

Suggestions on where to back up to and start over at?
 
Ok I believe I got it working. I split the intermediate and the web key into two separate files and reconfigured the <VirtualHost> section of the ssl.conf file.... and it comes up, no errors and the padlock is locked.
 
dpalme said:
I uncommented the following line in http.conf
Code: 
Include etc/apache22/extra/httpd-ssl.conf

I added a VirtualHost section to the httpd-ssl.conf

Apache loads ok but when I try to access a secure page, using Firefox I get an untrusted connection message, and on IE from another machine I get some page "It Works", which I'm assuming is the default install and its not hitting my file at all.
Click to expand...
To each his own I guess, but I simply add files in /usr/local/etc/apache2[24]/Includes/. If you number them, like 000-default.conf and 001-example.com.conf, you can control which gets loaded first. I do enable and edit extras/httpd-default.conf but that's about it.

I would suggest defining a default site. You have to realize virtual hosts only work on the "Host:" header. It's this feature of HTTP version 1.1 that allows you to host multiple, independent, websites on a single IP address. The default website is what's being called if a client sends a "Host:" header that's not defined. Or if the client uses a HTTP version 1.0 request. So it's a good idea to have it point somewhere safe. The default Apache installation should be relatively safe to keep.
 
dpalme said:
Ok I believe I got it working. I split the intermediate and the web key into two separate files and reconfigured the <VirtualHost> section of the ssl.conf file.... and it comes up, no errors and the padlock is locked.
Click to expand...
I'm a little concerned about this though it sounds like you got it working. I haven't used Apache in quite a while but I have to combine the intermediate and root certs from some authorities while others do that for you and I think yours did. The key should not be tied into those as I guess you found out.
dpalme said:
Is there any SEO impact with Google or Bing with using the redirect versus mod-rewrite?
Click to expand...
Since you are doing the whole site in ssl, you want to do a redirect cause rewriting will still accept incoming traffic to non-ssl pages. This splits up traffic count between the two while redirecting combines them all into one. You can also notify Google of this in Webmaster Tools.

Screw Bing. No one cares.
 
Thanks for the replies everyone, SirDice - thanks for the "Thanks" it is appreciated. I don't always get it right the first time, but I do eventually learn :)

I set it to do a redirect and that took care of the SSL issue.

SirDice, I'll set a default with the httpd-default.conf to cover for those issues you stated.

Again, thanks to everyone for your help.
 
You must log in or register to reply here.
Back
Top