Https "s" security

Our website has SSL enabled. However, when I take out the “s” in the https url, the url doesn’t rebuilt itself with the “s” posing a security issue. What can I do to make the “s” pop back in there? Try it -> Take out the “s” and see what happens. Thanks!

Are you running Apache? You should be able to setup the redirect either in httpd.conf or in your vhost.

is this a task for my hosting company?

Did they install the cert? If so, then yeah, I’d kick it back to them.

this isn’t really a matter for the hosting company. you obviously have the certificate set up and your website configured to use it. the thing is that someone putting in https just makes the server utilize the encryption. if they typed in http they would get the insecure version of the site because the user isn’t telling the server to process the information securely. you should edit your .htaccess file to make sure users are redirected to the secure version of your website if they type http instead of https. google is your friend (well not really but i’m sure good resources will come up if you do a search about it)

Taking the protocol declaration out is pretty counterproductive. Why are you intent on removing it?

The OP doesn’t want to take it out. He was just wanting us to do it to see what he was talking about as far as from the viewpoint of his users. He doesn’t want that sort of situation to even happen and writing redirection rules in the .htaccess file would take care of it :slight_smile: