Please advice needed SSL .htaccess
-
Hi everyone, I recently installed verisign ssl. the idea to have page https://example.com
all redirect from non-http to https work properly, but in IE whenever smbdy types https://www.example.com it shows the red screen with invalid certificate. If you click "proceed" - everything goes to normal page and on server redirect www to non-www seem to work fine. Is there way to get rid of the warning? Is it server or certificate issue?
Here is the peice of code from htaccess. Please, advice needed!
RewriteEngine On
RewriteBase /RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Thanks in advance
-
Like I thought, you need to buy another certificate for https://www as it is considered another domain in modern browsers.
Thanks to all for responses
-
Thank you all guys, but Certificate installed correctly. I verified it several times with server administrator and VeriSign.
We have problems with intermediaries before but we fixed them.
As I understand the certificate is issued for "https://example.com", so whenever somebody types "https://www.example.com" it shows that certificate is not valid for this domain.
I am just about to find out, calling VeriSign
-
Thank you all guys, but Certificate installed correctly. I verified it several times with server administrator and VeriSign.
We have problems with intermediaries before but we fixed them.
As I understand the certificate is issued for "https://example.com", so whenever somebody types "https://www.example.com" it shows that certificate is not valid for this domain.
I am just about to find out, calling VeriSign
-
I wouldn't install the certificate to get around this problem. In fact, that could make things harder to fix because your browser has now been fixed but everyone else get a scary SSL error that drives them off. Your end user will not know how to install a certificate, nor should they need to.
You either need to fix this in Apache or your control panel software (if you use one).
-
It definitely sounds like your certificate is not installed correctly. I wouldn't worry about the htaccess until you have the SSL version working properly.
Something you might have missed is an intermediate certificate (sometimes called a CA certificate). That helps the end user browser validate the signature. I don't use Verisign so I don't know if they use one, but other SSL providers I use do.
-
Serge,
It sounds like the certificate is not properly installed on the server. The steps to install a Verisign SSL certificate are (from memory):
-
generate a CSR from your server. The method to do such varies based on your hosting setup. If you use WHM, there is an option within the panel. If none of this makes sense, contact your web host for guidance.
-
Verisign will provide you with the key. This key then needs to be installed on your server. You can do this via WHM or contact your web host provider.
-
Verisign has a tool which verifies the certificate has been properly installed. If the certificate is installed correctly, users will not see the warning you mentioned in IE nor any other browser.
-
htaccess is not related to the above process. What the change in htaccess allows you to do is ensure visitors can only view your site in https://
-
once the above is complete, you will want to review your code to ensure all images and other objects are presented only in https on secure pages. If you skip this step, users will receive a "not all items on this page are secure. Do you wish to view the unsecure objects" error.
-
now you can add your Verisign trust badge to your page(s)
Good Luck.
-
-
Thanks Harald. It is not about me, I don't want my visitors to run to the screen like that. I know that Bank of america had a problem like that, they fixes it.
Some other top websites still run like that on https
One friend today told me that you need to buy additional Certs or smth like that. I never worked with SSL before so this is smth that I need to find out.
I will call Verisign tomorrow and post here what they say
-
Hi Serge, First of all I want to SSL error is about the the certificate issue error & not of the server error.here I'm defining you the steps to fixed the error:
FIXED: Here’s how I fixed this problem (you do not need to buy or install any 3rd party certificates or software), the certification error is nothing to worry about. You can fix the error by following these steps:
1. Navigate to the page where you are presented with the Certificate Error and click on “Certificate Error” in the Address bar
2. Click on “View Certificates”
3. Click on “Install Certificate” and then Next
4. Select “Place all certificates in the following store” and click on Browse
5. Select “Trusted Root Certificate Authorities” and click on OK and then Next and Finish
6. Click on Yes and OK if you are asked whether you would like to install the certificate
7. Click on OK twice to exit windows and close and then open Internet ExplorerYou should no longer get the Certificate Error.
You can get more detailed information about how to fix this problem fromhttp://www.ubishops.ca/faqs/Cert.htm or http://www.brightvisions.co.uk/Secondly, the piece of code from htaccess ,Sometimes you may need to make sure that the user is browsing your site over securte connection. An easy to way to always redirect the user to secure connection (https://) can be accomplished with a .htaccess file containing the following lines:
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Please, note that the .htaccess should be located in the web site main folder.
In case you wish to force HTTPS for a particular folder you can use:
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} somefolder RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]
The .htaccess file should be placed in the folder where you need to force HTTPS.
I hope that your query had been solved.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
General SSL Questions After Move
Hello, We have moved our site to https, Google Analytics seems to be tracking correctly. However, I have seen some conflicting information, should I create a new view in analytics? Additionally, should I also create a new https property in Google search console and set it as the preferred domain? If so, should I keep the old sitemap for my http property while updating the sitemap to https only for the https property? Thirdly, should I create a new property as well as new sitemaps in Bing webmaster? Finally, after doing a crawl on our http domain which has a 301 to https, the crawl stopped after the redirect, is this a result of using a free crawling tool or will bots not be able to crawl my site after this redirect? Thanks for all the help in advance, I know there are a lot of questions here.
Technical SEO | | Tom3_150 -
Crawler issues on subdomain - Need resolving?
Hey Guys, I'm fairly new to the world of SEO and have a ton of crawler issues with a friends website I'm doing some work on. After Moz did a site crawl I'm getting loads of errors (Total of 100+ for critical crawler, content and meta data). Most of these are due to broken social links on a subdomain - so my question is do I need to resolve all of the errors even if they are on a sub-domain? Will it affect the primary website? Thanks, Jack
Technical SEO | | Jack11660 -
SEO advice on ecommerce url structure where categories contain "/c/"
Hi! We use Hybris as plattform and I would like input on which url to choose. We must keep "/c/" before the actual category. c stands for category. I.e. this current url format will be shortened and cleaned:
Technical SEO | | hampgunn
https://www.granngarden.se/Sortiment/Husdjur/Hund/Hundfoder-%26-Hundmat/c/hundfoder To either: a.
https://www.granngarden.se/husdjur/hund/hundfoder/c/hundfoder b.
https://www.granngarden.se/husdjur/hund/c/hundfoder (hundfoder means dogfood) The question is whether we should keep the duplicated category name (hundfoder) before the "/c/" or not. Will there be SEO disadvantages by removing the duplicate "hundfoder" before the "/c/"? I prefer the shorter version ofc, but do not want to jeopardize any SEO rankings or send confusing signals to search engines or customers due to the "/c/" breaking up the url breadcrumb. What do you guys say and prefer from the above alternatives? Thanks /Hampus0 -
I need help compiling solid documentation and data (if possible) that having tons of orphaned pages is bad for SEO - Can you help?
I spent an hour this afternoon trying to convince my CEO that having thousands of orphaned pages is bad for SEO. His argument was "If they aren't indexed, then I don't see how it can be a problem." Despite my best efforts to convince him that thousands of them ARE indexed, he simply said "Unless you can prove it's bad and prove what benefit the site would get out of cleaning them up, I don't see it as a priority." So, I am turning to all you brilliant folks here in Q & A and asking for help...and some words of encouragement would be nice today too 🙂 Dana
Technical SEO | | danatanseo0 -
Can anyone review my site please?
just wandering if anyone can review my site and give me some feedback please much grateful I have just really trying to get clients don't have any yet and any help would be great. reseolve.com
Technical SEO | | ReSEOlve0 -
Broken links shall i put them in my htaccess file to generate juice
Hi, when i had to rebuild my website after my hosting company made an error, i lost over 10,000 pages and lost many thousands of links coming to my site. What i want to know is, instead of trying to recreate those pages again which would take me a long time, should i put them into my htacess file and have them point back into my site. so for example, if i have a link coming to my site to an article which could be, holidays in benidorm are not selling well, would it be a good idea to have that link pointed at the main benidorm section which is benidorm news. And if i had an article which was people are finding it hard to lose weight, instead of writing a new article could i have the link pointing to my health section? If this is the correct way of doing it to grab back some link juice, would it slow my site down and how many links could i put in my htacess file. So what i am trying to say is, if i put in say 1000 redirects into my htaccess file, would it slow my site down and is this a wise thing to do or should i just let the links go.
Technical SEO | | ClaireH-1848860 -
Advice on strange URL problem
I'm considering doing some pro bono work for a local non-profit and upon initial review they have a number of serious issues but there is one in particular I'd like to check my thinking on. The developer who set up the site some years ago implemented a javascript redirect on their root domain so that it redirects to: http://domain.com/wordpress This is wrong for all kinds of reasons and I want to recommend eliminating this redirect and getting rid of the 'wordpress' part of the path altogether. However, the site is quite established with good PR and they would take a hit by changing the path. I'd do 301 redirects to the new URLs that would not have 'wordpress' in the path in addition to other remediation. My question - is my thinking here good? It's worth it, right? The other option is just get rid of the weird redirect and keep 'wordpress' in the path but this seems unacceptable to me. Any opinions?
Technical SEO | | friendlymachine0 -
Switching to another CMS with different permalink structure, how not to lose organic traffic and Google rankings? Urgent Please!
One of my customers is in online jewellery sales business and they are going to change their CMS; the problem is there is no co-relation between URL permalink structure of the current CMS and the new one. What should we do so that we don’t lose our current organic traffic (also Google rankings) coming from indexed URLs in Google due to permalink structure change ? Typical example: Current URL: http://www.abc.com/pirlanta-nedir,AR-3.html The new URL is going to look like this: http://www.abc.com/tek-tas-pirlanta-ar-4.html
Technical SEO | | merkal20050