Please advice needed SSL .htaccess
-
Hi everyone, I recently installed verisign ssl. the idea to have page https://example.com
all redirect from non-http to https work properly, but in IE whenever smbdy types https://www.example.com it shows the red screen with invalid certificate. If you click "proceed" - everything goes to normal page and on server redirect www to non-www seem to work fine. Is there way to get rid of the warning? Is it server or certificate issue?
Here is the peice of code from htaccess. Please, advice needed!
RewriteEngine On
RewriteBase /RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Thanks in advance
-
Like I thought, you need to buy another certificate for https://www as it is considered another domain in modern browsers.
Thanks to all for responses
-
Thank you all guys, but Certificate installed correctly. I verified it several times with server administrator and VeriSign.
We have problems with intermediaries before but we fixed them.
As I understand the certificate is issued for "https://example.com", so whenever somebody types "https://www.example.com" it shows that certificate is not valid for this domain.
I am just about to find out, calling VeriSign
-
Thank you all guys, but Certificate installed correctly. I verified it several times with server administrator and VeriSign.
We have problems with intermediaries before but we fixed them.
As I understand the certificate is issued for "https://example.com", so whenever somebody types "https://www.example.com" it shows that certificate is not valid for this domain.
I am just about to find out, calling VeriSign
-
I wouldn't install the certificate to get around this problem. In fact, that could make things harder to fix because your browser has now been fixed but everyone else get a scary SSL error that drives them off. Your end user will not know how to install a certificate, nor should they need to.
You either need to fix this in Apache or your control panel software (if you use one).
-
It definitely sounds like your certificate is not installed correctly. I wouldn't worry about the htaccess until you have the SSL version working properly.
Something you might have missed is an intermediate certificate (sometimes called a CA certificate). That helps the end user browser validate the signature. I don't use Verisign so I don't know if they use one, but other SSL providers I use do.
-
Serge,
It sounds like the certificate is not properly installed on the server. The steps to install a Verisign SSL certificate are (from memory):
-
generate a CSR from your server. The method to do such varies based on your hosting setup. If you use WHM, there is an option within the panel. If none of this makes sense, contact your web host for guidance.
-
Verisign will provide you with the key. This key then needs to be installed on your server. You can do this via WHM or contact your web host provider.
-
Verisign has a tool which verifies the certificate has been properly installed. If the certificate is installed correctly, users will not see the warning you mentioned in IE nor any other browser.
-
htaccess is not related to the above process. What the change in htaccess allows you to do is ensure visitors can only view your site in https://
-
once the above is complete, you will want to review your code to ensure all images and other objects are presented only in https on secure pages. If you skip this step, users will receive a "not all items on this page are secure. Do you wish to view the unsecure objects" error.
-
now you can add your Verisign trust badge to your page(s)
Good Luck.
-
-
Thanks Harald. It is not about me, I don't want my visitors to run to the screen like that. I know that Bank of america had a problem like that, they fixes it.
Some other top websites still run like that on https
One friend today told me that you need to buy additional Certs or smth like that. I never worked with SSL before so this is smth that I need to find out.
I will call Verisign tomorrow and post here what they say
-
Hi Serge, First of all I want to SSL error is about the the certificate issue error & not of the server error.here I'm defining you the steps to fixed the error:
FIXED: Here’s how I fixed this problem (you do not need to buy or install any 3rd party certificates or software), the certification error is nothing to worry about. You can fix the error by following these steps:
1. Navigate to the page where you are presented with the Certificate Error and click on “Certificate Error” in the Address bar
2. Click on “View Certificates”
3. Click on “Install Certificate” and then Next
4. Select “Place all certificates in the following store” and click on Browse
5. Select “Trusted Root Certificate Authorities” and click on OK and then Next and Finish
6. Click on Yes and OK if you are asked whether you would like to install the certificate
7. Click on OK twice to exit windows and close and then open Internet ExplorerYou should no longer get the Certificate Error.
You can get more detailed information about how to fix this problem fromhttp://www.ubishops.ca/faqs/Cert.htm or http://www.brightvisions.co.uk/Secondly, the piece of code from htaccess ,Sometimes you may need to make sure that the user is browsing your site over securte connection. An easy to way to always redirect the user to secure connection (https://) can be accomplished with a .htaccess file containing the following lines:
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Please, note that the .htaccess should be located in the web site main folder.
In case you wish to force HTTPS for a particular folder you can use:
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} somefolder RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]
The .htaccess file should be placed in the folder where you need to force HTTPS.
I hope that your query had been solved.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Need for a modified meta-description every page for paginated content?
I'm currently working on a site, where there url structure which is something like: www.domain.com/catagory?page=4. With ~15 results per page. The pages all canonical to www.domain.com/catagory, with rel next and rel prev to www.domain.com/catagory?page=5 and www.domain.com/catagory?page=3 Webmaster tools flags these all as duplicate meta descriptions, So I wondered if there is value in appending the page number to the end of the description, (as we have with the title for the same reason) or if I am using a sub-optimal url structure. Any advice?
Technical SEO | | My-Favourite-Holiday-Cottages0 -
Content Organization Advice with Big Commerce
Hi folks, We have three places with unique content for our company. Our ecommerce site (hosted on big commerce), our help desk knowledge base (subdomain, hosted on zendesk), and our blog (separate domain, self hosted wordpress). We're about to refocus our efforts on generating high quality content, and I'm trying to figure out the best strategy to organize it. I think from an SEO perspective, if we had all of the content hosted directly on our ecommerce site, that would be best. Unfortunately Big Commerce doesn't have much by way of content management. We can't (yet) install a blogging platform or CMS onto our root domain. What's the next best option? Does it do any good to move our blog to a subdomain? Should I try to post all content on our root domain and just deal with the lack of content management (i.e. just make a new web page for each blog entry). Basically, what's the best strategy in this situation for SEO? Any advice appreciated. Thanks so much! Hal
Technical SEO | | AlabuSkinCare0 -
Do I need to do anything with masking?
Hello, I read up a bit on rel=cansomething where if a page has duplicate content you should put the tag there linking to the real page. I have a godaddy domain that uses blogger for it's posts currently (Foward with masking). Do I need this tag?
Technical SEO | | 6786486312640 -
Do I need a 301 redirect on htaccess if Apache is already configured to serve?
Apache is set up to serve both www and non-www versions the same content. Do I still need to put a 301 redirect in the htaccess file?
Technical SEO | | Ocularis0 -
Advice on importing content please to keep page fresh
Hi i am working on a site at the moment http://www.cheapflightsgatwick.com which is a travel news and holiday news site but i am trying to find out what is best reference content for the following section http://www.cheapflightsgatwick.com/humberside-airport What i am thinking of doing to keep google keep coming to my section of the site is to import content, what i mean is, to use google for keywords such as humerside airport and have the stories appear on this page as well as writing my own content. I was thinking of importing content because it would help keep the page fresh without my original content become too old but i am concerned about this and not sure if it is the right thing to do. i am concerned if i do this if my rankings would reduce because i am importing content and for people to read the rest of the story they will have to leave my site. i am also worried that google will reduct points for duplicate content. can anyone let me know what i should do, if i should just stick to original content and not import it or to import it and if i should import it using google news how would i do this. many thanks
Technical SEO | | ClaireH-1848860 -
.htaccess file in wordpress blog
I want to redirect non www to www in blog hosted by wordpress. Where can i find .htaccess file ? Shall i have to create a new one ? If yes, where should i upload it ? Thanks
Technical SEO | | seoug_20050 -
Help! Need advice for a new HTTPS URL!
Hi. We have just launched a new website that is fully secure with the HTTPS url. You can still access the home page with an ordinary HTTP address. That is what we want to change. Should we forward the HTTP url to the HTTPS? Redirect? It is the same URL for both. http://www.parrotmoon.com Thank you for all ideas! Jay
Technical SEO | | theideapeople0 -
I need some HTACCESS help (Magento)
Hi Guys, I need some help on this htaccess issue in Magneto. So here is what I am trying to do: I wanted to change mysite.com/index.php/etc to mysite.com/etc so I turned on the web friend URLS. That did that, BUT there are still two versions of every page on the site. www.mysite.com/etc and mysite.com/index.php/etc So that isn't good for SEO. So then I applied a 301 matching redirect, RedirectMatch 301 /index.php/(.*) http://www.mysite.com/$1 That solved that problem. But now I am not able to log into the admin. It is mysite.com/index.php/pg45admin. It should redirect to mysite.com/pg45admin but the page just hangs.... It goes into a continuous loop. I tired using the custom URL and then the site crashed and I had to redo it. So what do I need to do for this to work?
Technical SEO | | netviper0