Please advice needed SSL .htaccess
-
Hi everyone, I recently installed verisign ssl. the idea to have page https://example.com
all redirect from non-http to https work properly, but in IE whenever smbdy types https://www.example.com it shows the red screen with invalid certificate. If you click "proceed" - everything goes to normal page and on server redirect www to non-www seem to work fine. Is there way to get rid of the warning? Is it server or certificate issue?
Here is the peice of code from htaccess. Please, advice needed!
RewriteEngine On
RewriteBase /RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Thanks in advance
-
Like I thought, you need to buy another certificate for https://www as it is considered another domain in modern browsers.
Thanks to all for responses
-
Thank you all guys, but Certificate installed correctly. I verified it several times with server administrator and VeriSign.
We have problems with intermediaries before but we fixed them.
As I understand the certificate is issued for "https://example.com", so whenever somebody types "https://www.example.com" it shows that certificate is not valid for this domain.
I am just about to find out, calling VeriSign
-
Thank you all guys, but Certificate installed correctly. I verified it several times with server administrator and VeriSign.
We have problems with intermediaries before but we fixed them.
As I understand the certificate is issued for "https://example.com", so whenever somebody types "https://www.example.com" it shows that certificate is not valid for this domain.
I am just about to find out, calling VeriSign
-
I wouldn't install the certificate to get around this problem. In fact, that could make things harder to fix because your browser has now been fixed but everyone else get a scary SSL error that drives them off. Your end user will not know how to install a certificate, nor should they need to.
You either need to fix this in Apache or your control panel software (if you use one).
-
It definitely sounds like your certificate is not installed correctly. I wouldn't worry about the htaccess until you have the SSL version working properly.
Something you might have missed is an intermediate certificate (sometimes called a CA certificate). That helps the end user browser validate the signature. I don't use Verisign so I don't know if they use one, but other SSL providers I use do.
-
Serge,
It sounds like the certificate is not properly installed on the server. The steps to install a Verisign SSL certificate are (from memory):
-
generate a CSR from your server. The method to do such varies based on your hosting setup. If you use WHM, there is an option within the panel. If none of this makes sense, contact your web host for guidance.
-
Verisign will provide you with the key. This key then needs to be installed on your server. You can do this via WHM or contact your web host provider.
-
Verisign has a tool which verifies the certificate has been properly installed. If the certificate is installed correctly, users will not see the warning you mentioned in IE nor any other browser.
-
htaccess is not related to the above process. What the change in htaccess allows you to do is ensure visitors can only view your site in https://
-
once the above is complete, you will want to review your code to ensure all images and other objects are presented only in https on secure pages. If you skip this step, users will receive a "not all items on this page are secure. Do you wish to view the unsecure objects" error.
-
now you can add your Verisign trust badge to your page(s)
Good Luck.
-
-
Thanks Harald. It is not about me, I don't want my visitors to run to the screen like that. I know that Bank of america had a problem like that, they fixes it.
Some other top websites still run like that on https
One friend today told me that you need to buy additional Certs or smth like that. I never worked with SSL before so this is smth that I need to find out.
I will call Verisign tomorrow and post here what they say
-
Hi Serge, First of all I want to SSL error is about the the certificate issue error & not of the server error.here I'm defining you the steps to fixed the error:
FIXED: Here’s how I fixed this problem (you do not need to buy or install any 3rd party certificates or software), the certification error is nothing to worry about. You can fix the error by following these steps:
1. Navigate to the page where you are presented with the Certificate Error and click on “Certificate Error” in the Address bar
2. Click on “View Certificates”
3. Click on “Install Certificate” and then Next
4. Select “Place all certificates in the following store” and click on Browse
5. Select “Trusted Root Certificate Authorities” and click on OK and then Next and Finish
6. Click on Yes and OK if you are asked whether you would like to install the certificate
7. Click on OK twice to exit windows and close and then open Internet ExplorerYou should no longer get the Certificate Error.
You can get more detailed information about how to fix this problem fromhttp://www.ubishops.ca/faqs/Cert.htm or http://www.brightvisions.co.uk/Secondly, the piece of code from htaccess ,Sometimes you may need to make sure that the user is browsing your site over securte connection. An easy to way to always redirect the user to secure connection (https://) can be accomplished with a .htaccess file containing the following lines:
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]Please, note that the .htaccess should be located in the web site main folder.
In case you wish to force HTTPS for a particular folder you can use:
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} somefolder RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]The .htaccess file should be placed in the folder where you need to force HTTPS.
I hope that your query had been solved.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
.htaccess code
I've got a .htaccess file set up on a site to redirect specific old pages to specific new pages on a different site: eg Redirect 301 /oldpage.html https://www.newsite.co.uk/newpage.html Redirect 301 /oldpage2.html https://www.newsite.co.uk/folder/ I have two questions: 1. Is that all the file needs? Or does it need any "rewrite engine on" type code? 2. I would also like to include code to "mop up" any other URLs and redirect them to the root, so that /anyotherpage.html redirects to newsite.co.uk Is there a way to do this?
Technical SEO | | abisti20 -
I have made my new website live. But while checking in Google it is not showing in search result ( site: www.oomfr.com ). Can anybody please advice.
Hi Team, I have made my new website live. But while checking in Google it is not showing in search result ( site: www.oomfr.com ). Can anybody please advice.
Technical SEO | | nlogix0 -
SSL, www issue. Should we buy WWW license or just add redirect from www to non-www site?
Hi, We've installed SSL certificate (Symantec Safe Site).
Technical SEO | | Ryan_V
Now our site shows with https, but when someone types www before site name it leads to http and shows strikethrough https unsafe icon in the browser. As it appears, our SSL was purchased without www domain name license. Should we buy www license or just add redirect from www to without www site? If so how to set up this redirect properly. Thanks.0 -
Manual Actions tab advice on message
Ok so I have this message in manual actions (with no examples of links): Manual Actions
Technical SEO | | pauledwards
Site-wide matches None
Partial matches Some manual actions apply to specific pages, sections, or links
Reason Affects
Unnatural links to your site—impacts links
Google has detected a pattern of unnatural artificial, deceptive, or manipulative links pointing to pages on this site. Some links may be outside of the webmaster’s control, so for this incident we are taking targeted action on the unnatural links instead of on the site’s ranking as a whole. Learn more. I am not surprised by this as an agency a few years ago did mass aritcle submissions for the same anchor text, I have manually removed 119 or so domains in the last year and a half and 4 weeks ago i disavowed the last 40ish domains left. Obviously the back-link profile can be seen to have an unnatural anchor-text distribution still but not as bad. In terms of rankings we lost some core terms on the homepage, not completely but most have gone from say page one to page 2/3/4 etc We are still getting good traffic to internal pages, so i am assuming action was taken to the homepage - where the mass of those links are pointing to. Where do you guys recommend I go from here, shall i go ahead and click the reconsideration request? or wait longer for the disavow. I am still also trying to remove bad links. Any advice much appreciated.0 -
Need joomla help. site rankings dropped since upgrade
Hi, really having problems here with www.in2town.co.uk our site was always in the top ten for a large number of important keywords and since our upgrade from joomla 1.5 a month ago to joomla 3.0 we have vanished out of a lot of the search engines for important keywords I am concerned that we could be doing something wrong. two of our important keywords is lifestyle magazine and also gastric band hypnotherapy, but we are nowhere to be seen for these keywords. I must be doing something wrong. The site is an old site, we have been around for many years and have always ranked well up until now. We use K2 and i am just wondering if we have set up things wrong. for example under this article it comes under the category of trip advisor http://www.in2town.co.uk/trip-advisor/t ... -term-stay now when you delete the article name and just keep the trip advisor you get a list of the articles and i am wondering if this is damaging my site. http://www.in2town.co.uk/trip-advisor any help in helping me to understand why my site has dropped in rankings would be great.
Technical SEO | | ClaireH-1848860 -
Home Page Not Ranking... Need an EXPERT
Hi, for about a year now, our home page seems to have been "removed" from Google (except for our branded keywords). The home page is clearly indexed, but none of the keywords for the home page rank in the top 500 (again, except for our brand, trophycentral). Other pages in the site are fine and we rank in the top 10 positions for hundreds of keywords. We are also okay on Yahoo and Bing. So the issue is the home page from non-branded words. There have been no manual penalties, but since the words, such as trophies and trophies and awards are all but gone, something is going on. It has been almost exactly a year now and I have tried everything from removing backlinks (although I still can't tell which are "bad links", to changing titles, to improving speed and structure. I have had quite a few really nice people try to help, but their suggestions don't seem to work or are too vague. I really need an expert as the impact to the business of not having a home page performing is very damaging. Thank you!!!
Technical SEO | | trophycentraltrophiesandawards0 -
I need to know more clearance on rel=canonical usage than 301 redirects ?
Hi all SEOmozs, As we all know purposes of rel=canonical , I have a query to ask that If we don't have any possibility to use 301 redirects on a domain , can it be really right to use rel=canonical on an old domain to let search engine to treat those all pages should be not priority where the domain we are being promoted in the market to list up instead that. I found this interesting Matt Cutts video http://www.youtube.com/watch?v=gJK5Uloy76g where he has told or cleared the point very nicely, yes we can use it if there is no possibility in your older domain or pages. So here i am asking the same to know more detailed clarity on this so that i can be more confidence on it. I have been seeing issues in my domains where old one domain comes than new domain why with new domain contents, and can it be really very good to bring new domain with **rel=canonical without using 301 redirect :
Technical SEO | | Futura
Old : kanin.com (leaving) New : kangarokanin.com (promoting) Where i might have not used yet the rel=canonical in old domain, will be going to use it soon , after finishing this discussion.** Regards,
Teginder Ravi tcSnN.jpg tcSnN.jpg dGd34.jpg0 -
Advice on strange URL problem
I'm considering doing some pro bono work for a local non-profit and upon initial review they have a number of serious issues but there is one in particular I'd like to check my thinking on. The developer who set up the site some years ago implemented a javascript redirect on their root domain so that it redirects to: http://domain.com/wordpress This is wrong for all kinds of reasons and I want to recommend eliminating this redirect and getting rid of the 'wordpress' part of the path altogether. However, the site is quite established with good PR and they would take a hit by changing the path. I'd do 301 redirects to the new URLs that would not have 'wordpress' in the path in addition to other remediation. My question - is my thinking here good? It's worth it, right? The other option is just get rid of the weird redirect and keep 'wordpress' in the path but this seems unacceptable to me. Any opinions?
Technical SEO | | friendlymachine0