I just bought an SSL certificate from GoDaddy. They installed it for me and it is ready to go.
The problem is, I don’t know how to make it work?!
When you go to my website, you end up at “http://www.SomeSite.com” which is fine for the home page.
But lets say a user clicks on “Register” or “Log-In”.
At that point, I need to switch from “HTTP://” to “HTTPS://” but don’t know how to do that?!
Someone told me that is set by my ISP, but I say that is nonsense.
I would say I am 95% sure that this needs to be handled by PHP, but I’m not sure how to do it.
Can someone please help me out?
Thanks,
Debbie
You have to configure web-server to accept connections on http/443 port (default HTTPS) and to use certificate that you got from GoDaddy. So if you do not have access to web-servers configuration - you might have to ask your hosting provider to do it for you.
You can check your server for installation problems using this tool:
From PHP side you have to make sure that generated content does not have pointers to non-ssl parts of your site, because otherwise visitors will get warning about “mixed content” e.g.:
<img src="http://yoursite.com/image.jpg">
should also be served through ssl
<img src="https://yoursite.com/image.jpg">
Of course, if your resources have relative paths, then you do not have to worry about that.
This applies to style sheets and more importantly to any external JavaScript file and AJAX request that is made.
Also if there are some cookies that should only be passed over SSL channel (e.g. session cookies), then you must make sure that appropriate parameters are set:
http://lv.php.net/manual/en/function.setcookie.php (parameter $secure and possibly $httponly as well).
But lets say a user clicks on “Register” or “Log-In”.
At that point, I need to switch from “HTTP://” to “HTTPS://” but don’t know how to do that?!
One way is to simply create link with explicitly set https protocol:
<a href="https://www.example.com/register">Register</a>
That comes with buying the certificate…
One way is to simply create link with explicitly set https protocol:
<a href="https://www.example.com/register">Register</a>
Except if someone types in the URL then you will get HTTP.
The tech at GoDaddy said to use a .htaccess file, but that doesn’t seem correct because I have heard that it is bad to have more than one .htaccess file, and he was saying to put it in every directory where I want to control the files.
Debbie
You don’t have to define .htaccess in every subdirectory.
I think this document covers everything you might need:
Apache SSL in htaccess examples
Make one .htaccess and make a few rules to move any links that have “register” “login” in them etc to https://
You’ll have to search on how to do that.