Please advice needed SSL .htaccess
-
Hi everyone, I recently installed verisign ssl. the idea to have page https://example.com
all redirect from non-http to https work properly, but in IE whenever smbdy types https://www.example.com it shows the red screen with invalid certificate. If you click "proceed" - everything goes to normal page and on server redirect www to non-www seem to work fine. Is there way to get rid of the warning? Is it server or certificate issue?
Here is the peice of code from htaccess. Please, advice needed!
RewriteEngine On
RewriteBase /RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Thanks in advance
-
Like I thought, you need to buy another certificate for https://www as it is considered another domain in modern browsers.
Thanks to all for responses
-
Thank you all guys, but Certificate installed correctly. I verified it several times with server administrator and VeriSign.
We have problems with intermediaries before but we fixed them.
As I understand the certificate is issued for "https://example.com", so whenever somebody types "https://www.example.com" it shows that certificate is not valid for this domain.
I am just about to find out, calling VeriSign
-
Thank you all guys, but Certificate installed correctly. I verified it several times with server administrator and VeriSign.
We have problems with intermediaries before but we fixed them.
As I understand the certificate is issued for "https://example.com", so whenever somebody types "https://www.example.com" it shows that certificate is not valid for this domain.
I am just about to find out, calling VeriSign
-
I wouldn't install the certificate to get around this problem. In fact, that could make things harder to fix because your browser has now been fixed but everyone else get a scary SSL error that drives them off. Your end user will not know how to install a certificate, nor should they need to.
You either need to fix this in Apache or your control panel software (if you use one).
-
It definitely sounds like your certificate is not installed correctly. I wouldn't worry about the htaccess until you have the SSL version working properly.
Something you might have missed is an intermediate certificate (sometimes called a CA certificate). That helps the end user browser validate the signature. I don't use Verisign so I don't know if they use one, but other SSL providers I use do.
-
Serge,
It sounds like the certificate is not properly installed on the server. The steps to install a Verisign SSL certificate are (from memory):
-
generate a CSR from your server. The method to do such varies based on your hosting setup. If you use WHM, there is an option within the panel. If none of this makes sense, contact your web host for guidance.
-
Verisign will provide you with the key. This key then needs to be installed on your server. You can do this via WHM or contact your web host provider.
-
Verisign has a tool which verifies the certificate has been properly installed. If the certificate is installed correctly, users will not see the warning you mentioned in IE nor any other browser.
-
htaccess is not related to the above process. What the change in htaccess allows you to do is ensure visitors can only view your site in https://
-
once the above is complete, you will want to review your code to ensure all images and other objects are presented only in https on secure pages. If you skip this step, users will receive a "not all items on this page are secure. Do you wish to view the unsecure objects" error.
-
now you can add your Verisign trust badge to your page(s)
Good Luck.
-
-
Thanks Harald. It is not about me, I don't want my visitors to run to the screen like that. I know that Bank of america had a problem like that, they fixes it.
Some other top websites still run like that on https
One friend today told me that you need to buy additional Certs or smth like that. I never worked with SSL before so this is smth that I need to find out.
I will call Verisign tomorrow and post here what they say
-
Hi Serge, First of all I want to SSL error is about the the certificate issue error & not of the server error.here I'm defining you the steps to fixed the error:
FIXED: Here’s how I fixed this problem (you do not need to buy or install any 3rd party certificates or software), the certification error is nothing to worry about. You can fix the error by following these steps:
1. Navigate to the page where you are presented with the Certificate Error and click on “Certificate Error” in the Address bar
2. Click on “View Certificates”
3. Click on “Install Certificate” and then Next
4. Select “Place all certificates in the following store” and click on Browse
5. Select “Trusted Root Certificate Authorities” and click on OK and then Next and Finish
6. Click on Yes and OK if you are asked whether you would like to install the certificate
7. Click on OK twice to exit windows and close and then open Internet ExplorerYou should no longer get the Certificate Error.
You can get more detailed information about how to fix this problem fromhttp://www.ubishops.ca/faqs/Cert.htm or http://www.brightvisions.co.uk/Secondly, the piece of code from htaccess ,Sometimes you may need to make sure that the user is browsing your site over securte connection. An easy to way to always redirect the user to secure connection (https://) can be accomplished with a .htaccess file containing the following lines:
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Please, note that the .htaccess should be located in the web site main folder.
In case you wish to force HTTPS for a particular folder you can use:
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} somefolder RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]
The .htaccess file should be placed in the folder where you need to force HTTPS.
I hope that your query had been solved.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Moving from http to https - what do I need to do in Google Search Console?
Hi all, I have moved my site from http to https. I current have two profiles in Google Search Console: http://mysite.com
Technical SEO | | Bee159
http://www.mysite.com Do I need to set up the same but with https and if so, what do I then do with the http profiles? Do I delete them? Or just remove the sitemaps? Confused.0 -
.htaccess redirect question
Hi guys and girls Please forgive me for being an apache noob, but I've been trawling for a while now and i can't seem to find a definitive guide for my current scenario. I've walked into a but of a cluster$%*! of a job, to rescue a horribly set up site. One of many, many problems is that they have 132 302redirects set up. Some of these are identical pages but http-https, others are the same but https-http and some are redirects to different content pages with http-http. A uniform redirecting of http to https is not an option so I'm looking to find out the best practice for reconfiguring these 302s to 301s within .htaccess? Thanks in advance 🙂
Technical SEO | | craig.gto0 -
Rel Canonical ? please help again!
Hi, I have been looking at the on page section and the grading. And I have noticed on nearly all of my pages an error. No More Than One Canonical URL Tag Moderate fix <dl> <dt>Number of Canonical tags</dt> <dd>2</dd> <dt>Explanation</dt> <dd>The canonical URL tag is meant to be employed only a single time on an individual URL (much like the title element or meta description). To ensure the search engines properly parse the canonical source, employ only a single version of this tag.</dd> <dt>Recommendation</dt> <dd>Remove all but a single canonical URL tag</dd> </dl> <a class="more expanded">Minimize</a> Please how do I make sure these canonicals are working properly, My rankings are getting worst fro long tail and short tail keywords. I am not even ranking for the main keywords "Probate" at all now! Our site is probate, we sell probate, we talk aout probate and now we are out of the top 200??? http://www.finalduties.co.uk Kind Regards Elissa HAyes
Technical SEO | | Chris__Chris0 -
Rel Canonical ? please help
Can some one please answer a question for me, I have a crawl error stating that I have [#### Rel Canonical 326](http://pro.seomoz.org/campaigns/243472/issues/18) Can you please advise me on how serious these Errors are? I was told by one person not to worry but It seems far to many to me. thanks
Technical SEO | | Chris__Chris0 -
RegEx help needed for robots.txt potential conflict
I've created a robots.txt file for a new Magento install and used an existing site-map that was on the Magento help forums but the trouble is I can't decipher something. It seems that I am allowing and disallowing access to the same expression for pagination. My robots.txt file (and a lot of other Magento site-maps it seems) includes both: Allow: /*?p= and Disallow: /?p=& I've searched for help on RegEx and I can't see what "&" does but it seems to me that I'm allowing crawler access to all pagination URLs, but then possibly disallowing access to all pagination URLs that include anything other than just the page number? I've looked at several resources and there is practically no reference to what "&" does... Can anyone shed any light on this, to ensure I am allowing suitable access to a shop? Thanks in advance for any assistance
Technical SEO | | MSTJames0 -
Site Got Hacked! Need Help!
Hi Guys. One of my friend's site got hacked 2 weeks ago, because of bad php script hole and Google indexed the pages which got hacked and all the Title Tags and Descriptions are indexed in the Google which is very embarssing situation. All adult content texts. Right now we have solved the problem and closed the hole submitted the new sitemap, but Google is no longer coming back and refreshining the SERP. We have been waiting for 3 weeks for now? What should we do? Methods we tried so far: 1.Cleaned all meta tags generate new sitemap and submitted that to Google 2.Built some backlinks 3.Built some social bookmarks Thanks!
Technical SEO | | DigitalJungle0 -
.htaccess when integrating one website into another
My client would like to integrate one of it's smaller websites into its main website. I've identified around 20 pages which I'd like to 301 redirect to specific pages on the main website, and this is simple enough. The problem I have is that I am not sure how I can then put a catch-all to redirect all other pages on the site to the homepage of the main website. I'd originally though something like this would work: redirect 301 / http://www.mainwebsite.com/ (catch-all)
Technical SEO | | AndrewAkesson
redirect 301 /about.asp http://www.mainwebsite.com/about (specific redirect 1)
redirect 301 /latest.asp http://www.mainwebsite.com/news (specific redirect 1)
etc. Any ideas?0 -
My uniques have dropped around 25% since following advice here
Hi, since posting a few threads here and following instructions (post more unique content, link building etc) my website traffic has dropped by around 25% My SERPS rremain pretty much unchanged. I'm posting tons more unique content. Am I just being penalised slightly because I've made drastic changes to my site (301 .com -> .co.uk) etc or am I doing something wrong?
Technical SEO | | craven220