A while ago I migrated quite a few sites from Hostgator as they didn't have free SSL. Paying for an SSL certificate for every site was just not cost effective. Moving quite a number of sites to another hosting service with free SSL covering all the sites for less than the cost one certificate from Hostgator just made sense.
Fast forward a couple of years and Hostgator now have free SSL available with their hosting. They've never let me know, and it's not at first clear how to use it, so I thought I'd share with others what I've found.
First, every add-on domain now has SSL available without doing anything. All you have to do is use https: instead of http: to access your site. But's there some catches.
The first is all those links out there using http: to access your site. To get around this you need to rewrite all requests to http to https.
Next you'll find Google Chrome gives you security warnings for some sites, but not for all sites. At first this made no sense. However, after a while I saw the pattern. The sites with forms would give security issues, whereas those that didn't have forms gave no issues. The reason. Remapping http to https happens on the server but there's no way for Google Chrome to know this will happen. Chrome assumes if it sees a form URL with http: there's a potential security issue. You need to update the form URLs to http:.
Once I'd made those changes that padlock appeared in Google Chrome and those pesky informational issues went away.
Kelvin Eldridge
www.OnlineConnections.com.au
IT support.
Update: 1 April 2019
For one site, even though the lock now showed in the address bar, the layout of the page had been quite severely affected. For this site stylesheets were used to create a responsive site. The stylesheets were referenced using http: and changing this to https: fixed the layout issue.
Also this site was giving the information message "Attackers might be able to see the images you're looking at on this site and trick you by modifying them." Images on the page where referenced using http:. Changing these images to be referenced using https: fixed this warning message.
Also note there were still plenty of places http: was used on this site (links used with images, links used with php, links in menus) but these were not causing an issue. Ideally if links can be made relative this will avoid the issue with http/https. This experience shows not all links need to be changed to migrate a site from http to https. If time and resources permit, it is however better to do a full job rather than half a job. Sometimes life forces us to compromise.
Fast forward a couple of years and Hostgator now have free SSL available with their hosting. They've never let me know, and it's not at first clear how to use it, so I thought I'd share with others what I've found.
First, every add-on domain now has SSL available without doing anything. All you have to do is use https: instead of http: to access your site. But's there some catches.
The first is all those links out there using http: to access your site. To get around this you need to rewrite all requests to http to https.
Next you'll find Google Chrome gives you security warnings for some sites, but not for all sites. At first this made no sense. However, after a while I saw the pattern. The sites with forms would give security issues, whereas those that didn't have forms gave no issues. The reason. Remapping http to https happens on the server but there's no way for Google Chrome to know this will happen. Chrome assumes if it sees a form URL with http: there's a potential security issue. You need to update the form URLs to http:.
Once I'd made those changes that padlock appeared in Google Chrome and those pesky informational issues went away.
Kelvin Eldridge
www.OnlineConnections.com.au
IT support.
Update: 1 April 2019
For one site, even though the lock now showed in the address bar, the layout of the page had been quite severely affected. For this site stylesheets were used to create a responsive site. The stylesheets were referenced using http: and changing this to https: fixed the layout issue.
Also this site was giving the information message "Attackers might be able to see the images you're looking at on this site and trick you by modifying them." Images on the page where referenced using http:. Changing these images to be referenced using https: fixed this warning message.
Also note there were still plenty of places http: was used on this site (links used with images, links used with php, links in menus) but these were not causing an issue. Ideally if links can be made relative this will avoid the issue with http/https. This experience shows not all links need to be changed to migrate a site from http to https. If time and resources permit, it is however better to do a full job rather than half a job. Sometimes life forces us to compromise.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.