Please advice needed SSL .htaccess
-
Hi everyone, I recently installed verisign ssl. the idea to have page https://example.com
all redirect from non-http to https work properly, but in IE whenever smbdy types https://www.example.com it shows the red screen with invalid certificate. If you click "proceed" - everything goes to normal page and on server redirect www to non-www seem to work fine. Is there way to get rid of the warning? Is it server or certificate issue?
Here is the peice of code from htaccess. Please, advice needed!
RewriteEngine On
RewriteBase /RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Thanks in advance
-
Like I thought, you need to buy another certificate for https://www as it is considered another domain in modern browsers.
Thanks to all for responses
-
Thank you all guys, but Certificate installed correctly. I verified it several times with server administrator and VeriSign.
We have problems with intermediaries before but we fixed them.
As I understand the certificate is issued for "https://example.com", so whenever somebody types "https://www.example.com" it shows that certificate is not valid for this domain.
I am just about to find out, calling VeriSign
-
Thank you all guys, but Certificate installed correctly. I verified it several times with server administrator and VeriSign.
We have problems with intermediaries before but we fixed them.
As I understand the certificate is issued for "https://example.com", so whenever somebody types "https://www.example.com" it shows that certificate is not valid for this domain.
I am just about to find out, calling VeriSign
-
I wouldn't install the certificate to get around this problem. In fact, that could make things harder to fix because your browser has now been fixed but everyone else get a scary SSL error that drives them off. Your end user will not know how to install a certificate, nor should they need to.
You either need to fix this in Apache or your control panel software (if you use one).
-
It definitely sounds like your certificate is not installed correctly. I wouldn't worry about the htaccess until you have the SSL version working properly.
Something you might have missed is an intermediate certificate (sometimes called a CA certificate). That helps the end user browser validate the signature. I don't use Verisign so I don't know if they use one, but other SSL providers I use do.
-
Serge,
It sounds like the certificate is not properly installed on the server. The steps to install a Verisign SSL certificate are (from memory):
-
generate a CSR from your server. The method to do such varies based on your hosting setup. If you use WHM, there is an option within the panel. If none of this makes sense, contact your web host for guidance.
-
Verisign will provide you with the key. This key then needs to be installed on your server. You can do this via WHM or contact your web host provider.
-
Verisign has a tool which verifies the certificate has been properly installed. If the certificate is installed correctly, users will not see the warning you mentioned in IE nor any other browser.
-
htaccess is not related to the above process. What the change in htaccess allows you to do is ensure visitors can only view your site in https://
-
once the above is complete, you will want to review your code to ensure all images and other objects are presented only in https on secure pages. If you skip this step, users will receive a "not all items on this page are secure. Do you wish to view the unsecure objects" error.
-
now you can add your Verisign trust badge to your page(s)
Good Luck.
-
-
Thanks Harald. It is not about me, I don't want my visitors to run to the screen like that. I know that Bank of america had a problem like that, they fixes it.
Some other top websites still run like that on https
One friend today told me that you need to buy additional Certs or smth like that. I never worked with SSL before so this is smth that I need to find out.
I will call Verisign tomorrow and post here what they say
-
Hi Serge, First of all I want to SSL error is about the the certificate issue error & not of the server error.here I'm defining you the steps to fixed the error:
FIXED: Here’s how I fixed this problem (you do not need to buy or install any 3rd party certificates or software), the certification error is nothing to worry about. You can fix the error by following these steps:
1. Navigate to the page where you are presented with the Certificate Error and click on “Certificate Error” in the Address bar
2. Click on “View Certificates”
3. Click on “Install Certificate” and then Next
4. Select “Place all certificates in the following store” and click on Browse
5. Select “Trusted Root Certificate Authorities” and click on OK and then Next and Finish
6. Click on Yes and OK if you are asked whether you would like to install the certificate
7. Click on OK twice to exit windows and close and then open Internet ExplorerYou should no longer get the Certificate Error.
You can get more detailed information about how to fix this problem fromhttp://www.ubishops.ca/faqs/Cert.htm or http://www.brightvisions.co.uk/Secondly, the piece of code from htaccess ,Sometimes you may need to make sure that the user is browsing your site over securte connection. An easy to way to always redirect the user to secure connection (https://) can be accomplished with a .htaccess file containing the following lines:
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Please, note that the .htaccess should be located in the web site main folder.
In case you wish to force HTTPS for a particular folder you can use:
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} somefolder RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]
The .htaccess file should be placed in the folder where you need to force HTTPS.
I hope that your query had been solved.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Please Help! Crawl & Site Errors - Will This Impact My SEO?
Hello Moz, I need urgent help. I remove a tonne of product pages and put everything into one product page to deal with duplicate content. I thought this was a good thing to do until I got an email from Google saying: "Googlebot identified a significant increase in the number of URLs on ****.com that return a 404 (not found) error. " I checked it out and found the problem: 4 Soft 404's
Technical SEO | | crocman
41 Not Found's What do I need to do to fix this? Is it a problem or should I just ignore? I removed all the pages on WordPress but I need to do it somehow manually through Google? I have worked so hard on my SERP's that this will destroy me if I'm penalised. Please can someone advise?0 -
Value of domain name for domain authority. Please help to figure out!
I am doing SEO for an appliance repair company. Their company website's domain doesn't have high authority, and I am going to increase that by link earning and content improving. I think a better domain name might also help me out. The current URL contain the word "appliance" but doesn't have "repair" in it. I am thinking a new domain that would contain both keywords will serve better. Could you please share with me your thought on this? Am I in the right direction, or not at all? I know Google penalizes mirror sites since this they are considered as duplicated content. I'll upload my content to the new domain and make the old one point to that new URL. I am wondering if canonical might help? Or 301 redirect will be a better solution? Any advise would be highly appreciated! Thank you!
Technical SEO | | kirupa0 -
Advice urgently needed on best practice for handling multiple product categories on Magento website
I have an ecommerce site built using Magento and urgently need advice on best practice for handling multiple product categories (where products appear in more than one category on the site creating multiple URLs to the same page). In April this year, based on advice from my SEO who felt that duplicate content issues were causing my rankings to be held back, I changed about 25% of the product categories to 'noindex, follow'. This has made organic traffic fall (obviously) as these pages fell out of Google's index. But, contrary to what I was hoping for, it didn't then improve rankings - not one iota, nothing - which was the ONLY reason why I did this. This has had a real negative impact on sales, so I'm starting to think this was actually an a terrible idea. Should I change them back? And to ask a wider question, what is best practice for this particular scenario?
Technical SEO | | Coraltoes770 -
My beta site (beta.website.com) has been inadvertently indexed. Its cached pages are taking traffic away from our real website (website.com). Should I just "NO INDEX" the entire beta site and if so, what's the best way to do this? Please advise.
My beta site (beta.website.com) has been inadvertently indexed. Its cached pages are taking traffic away from our real website (website.com). Should I just "NO INDEX" the entire beta site and if so, what's the best way to do this? Are there any other precautions I should be taking? Please advise.
Technical SEO | | BVREID0 -
I use All in one SEO pack for wordpress and i i have 2 meta tags i need to delete them is this the meta description tag ?
add_option("aiosp_post_meta_tags", '', 'All in One SEO Plugin Additional Post Meta Tags', 'yes'); add_option("aiosp_page_meta_tags", '', 'All in One SEO Plugin Additional Post Meta Tags', 'yes'); add_option("aiosp_home_meta_tags", '', 'All in One SEO Plugin Additional Home Meta Tags', 'yes'); add_option("aiosp_do_log", null, 'All in One SEO Plugin write log file', 'yes'); */
Technical SEO | | fhnhockey0880 -
.htaccess problem using POST method
Hi guys I'm after some help with trying to achieve the following: 1. Canonicalise to http://www. 2. Remove the index.php from root and subfolders. I have the .htaccess code below, which seemed to work fine, but the urls use the POST method and this isn't working with the rewrites. Can anyone please advise as to what I am doing wrong? As you can probably guess .htaccess isn't my strongest SEO discipline! The code I have is: http:// to http://www. RewriteEngine on
Technical SEO | | TrevorJones
RewriteCond %{HTTP_HOST} ^mydomainexample.com
RewriteRule (.*) http://www.mydomainexample.com/$1 [R=301,L] /index.php to / Options +FollowSymLinks
DirectoryIndex index.php RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index.php\ HTTP/
RewriteRule ^index.php$ http://www.mydomainexample.com/ [R=301,L] Subdirectory /index.php to / RewriteCond %{THE_REQUEST} ^[A-Z]+\ /([^/]+/)index.(php|html|htm?)[#?]?
RewriteRule ^(([^/]+/))index.(php|html|htm?)$ http://www.mydomainexample.com/$1 [R=301,L] Just to add to this I have found this which I think is what I need to restrict it to GET: RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,L] Thank you in advance for any suggestions as to how I may put this code together.. Trevor0 -
Verisign Trust Seal and Domain Metrics (Has noting to do with SSL)
Hi, Does anyone have any evidence or case studies that Verisign Trust seal actually raises trust metrics? I know there are the obvious benefits such as better CTR and Conversion (which could in turn raise trust metrics). But i am looking for actual sighted examples of Verisign increasing trust signals to search engines discrediting the correlation between search metrics improving. I modified this as i think people are getting confused between SSL products and the specific Versign product i am talking about Verisign Trust Seal seen here. https://www.verisign.com/trust-seal/index.html?tid=gnps This has nothing to do with security for transactions it is more geared towards all around safer user experience including Malware scans and enhanced "stand out" in SERPS. It is not just a Domain validation but an organizational or Branding authentication check" With that being said, the question still stands Does anyone have any case studies or direct examples of trust being elevated in metrics for the specific product mentioned above. Thanks.
Technical SEO | | Jinx146780 -
My uniques have dropped around 25% since following advice here
Hi, since posting a few threads here and following instructions (post more unique content, link building etc) my website traffic has dropped by around 25% My SERPS rremain pretty much unchanged. I'm posting tons more unique content. Am I just being penalised slightly because I've made drastic changes to my site (301 .com -> .co.uk) etc or am I doing something wrong?
Technical SEO | | craven220