I am about to move my website/App from https://www.example.xx to https://www.example.com
I am thinking about making a redirection in the .htaccess from the .xx to the .com
The question is shall I renew the https certificate on the .xx bearing in mind that some users might have bookmarks to https://www.example.xx ?
What would happen if a user tries to reach the .xx url on https after the certificate expires and the .htaccess having a redirection to the .com?
If application is hosted on the same server (assuming, you just change DNS address for your app) and you own both domains, you would need to purchase single certificate for both URLs: www.example.tld and www.example.com and bind this certificate to web site.
and you will have to maintain both URLs in the certificate until all users update their bookmarks to point to a new web site.
HTTPS redirection requires valid SSL certificate for all redirection URL.
Related
I have a wordpress installation and I have a security certificate installed for the main site, however, it is a subsite installation and how do I make the security certificate work for all the wildcard (*) subsites?
For securing sub domains of the main domain you will have to enable wildcard ssl certificate at only main domain name.
For example:
If you have domain name xyz.com and want to secure its all sub domain names then you will have to enable wildcard ssl certificate at *.xyz.com then it will automatically will secure its all first level sub domains like blog.xyz.com, payment.xyz.com etc.
As per you requirements, you need to obtain a new Wildcard SSL certificate to protect your subsites (sub-domains). It will protect your entire website and its multiple sub-domains. To obtain this certificate, you have to add a single asterisk (*) just before your domain name (i.e. - *.yoursite.com), it will allow to secure all first-level sub-domains.
As you mentioned that you already have an SSL certificate for your main website, but managing individual certificates for your main site and each sub-domain will be horrible and time consuming for administrators. Wildcard SSL certificate is perfect, flexible and money saving certificate in the state of sub-domains security.
I have a domain (let's call it Domain1 or https://img.{domain_name_1}.com) where I stored images for serving a wordpress staging website, which is currently hosted on a different server. For the latter I have only an IP public address (so not a real FQDN at the moment), let's call it Domain2 or https://99.999.999.999. On this server I installed a self-signed SSL certificate, just to encrypt the credential I use for phpMyAdmin and wordpress admin area. Meanwhile, Domain1 is SSL secured by Let's encrypt. I can access Domain1 by http or https indifferently, because I have a redirection from http to https.
Now, I pointed all my database records about images of the wordpress staging website to the Domain1. When I visit the Domain2 at the page https://99.999.999.999/postcat-postname/, all contents are visible except for images.
The Google Chrome Console tool displays:
Mixed Content: The page at '...' was loaded over HTTPS, but requested
an insecure image 'http://...'. This request has been blocked; the
content must be served over HTTPS.
It is strange and I cannot understand that error because:
the Domain1 which serves images for the staging area has been secured;
the wp_post of wordpress database for any image shows the link to the pictures with htpps.
This is a picture of the state:
Domain1: it serves pictures for Domain2, SSL secured via Let's encrypt
Domain2: the wordpress staging website. Self-signed SSL. Media file records in the MySql DB linked to https address of Domain1.
The redirect you are using on the image domain is only resolved when the request is sent to the server. If you are linking to an HTTP protocol in the main site the browser will block the request before sending it and therefore your HTTP to HTTPS redirect will not happen. Make sure the src has HTTPS in the protocol and that should fix the issue. You can either update the links directly in the DB or you can use a plugin that will allow you to track your assets.
Here are a couple:
SSL Insecure Content Fixer
WordPress HTTP
You may also want to check out this post that talks about shared certificates in your situation.
We are setting up a website with secure and non secure pages. These have been added for mapping in uriworker.properties. The domain name in the urls are different . Example nonsecure url is x-y-z.a.b.org and our secure url is x-y-secure-z.a.b.org.Both of these domains are part of our DNS entry. We do not have any redirect rules configured within the webserver. But when we try to access the secure url https://x-y-secure-z.a.b.org, webserver is sending the request as http://x-y-secure-z.a.b.org:443. Due to the scheme not being https , the application does not identify this as secure request and is returning a 302 to the https url. This redirection happens infinitely and then an error appears which says that page is not redirecting properly.
After a lot of analysis , we figured out that the application had a hardcoded check on the scheme of the domain name to be in a certain format as secure.xyz.
I have website hosted on azure, and I need to make the payment pages use https, but the rest of the pages as http. for local testing I created a self signed certificate and in web role properties > certificates , selected the certificate . then on the endpoints have made it https and associated the certificate. Now when I run the site it runs it as https. Can I run only a few pages in https and the rest on http?
swaraj
Chandermani is right. For details on how to set this all up, http://blog.smarx.com/posts/redirecting-to-https-in-windows-azure-two-methods will probably help.
Yes you can runs some pages on http and https. For this you need to
Create 2 endpoints one for each http and https
Associate the certificate with https endpoint
Now you can browse the site in both http and https. Now all links to these payment pages should refer to https urls.
Also you need to add a IIS url rewrite module to redirect user to https payment pages in case he directly types the http url of the payment pages.
If I type http://example.com and login to my site and close my browser, re-open it and retype http://example.com then I am logged in.
However, when I type http://example.com, login, close the browser, re-open it, type http://www.example.com then I am NOT logged in.
I do not use ASP .NET authentication classes.
I run IIS 6 with both example.com and www.example.com URLs added to "Multiple identities for this web site" in IIS.
I do not wish the current behavior. Are there other things that can be affected because of this behavior?
Please make sure from your domain panel that it is referring to same IP Address and code.
I was having same issue and found that IP Address was different.
The problem is that you can't share cookies between example.com and www.example.com, due to a quirk in the cookie specification.
Instead, what you should do is pick one of the domains as your primary. Then, detect references to the other domain, and redirect users from there back to the primary. For example, you could choose www.example.com as the primary, and redirect references to example.com back to www.example.com.
That way, the authentication cookies will be present if the user tries to switch from one domain to another.