• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 506
  • Last Modified:

After SSL certificate is installed on my site, how do I make it so all visitors will always see https, not http?

I have recently purchased an SSL certificate for my website from Network Solutions. I also host the site with them, so they have installed the certificate for me. It seems to be working fine -- if I go to my site using https instead of http, I see the little padlock icon which shows that my site is secure. However, I am also still able to access my site by using http, and then the padlock icon does not appear.

So... here is my question: how do I make sure all visitors who come to my site will see https and the padlock icon? Is there something I must do to make that happen? Is this a matter of setting some kind of special properties or permissions on individual site files or directories?

In answering, please keep in mind that I am hosting with Network Solutions, so I don't have too much direct control over the web server. As part of my hosting package, they give me a hosting control panel with a file manager and some other tools for managing my site, but I'm not very sophisticated about using those. I originally created and published the site using Dreamweaver, which I am still using to update the content (connecting to Network Solutions' server via Dreamweaver FTP).

In other words, I am not very knowledgeable about web server admin/configuration. I do know that my site is hosted on an NT server, but that's about the extent of my server-related knowledge, so please dumb down your answer accordingly. Thanks for your patience with my stoopidity.
0
tgritter
Asked:
tgritter
1 Solution
 
thenoneCommented:
Here is what I would do. I would setup a landing page letting people know that they will be entering a secure site and then have a button with the https url in it. Or you can have them setup the site to require 128bit encryption.
0
 
yawnsCommented:
instruct your isp to redirect all http traffic to https.  this is a fairly common procedure.  
0
 
Dave HoweCommented:
set up a second virtual server for the same URL on port 80 - then have it host merely a redirect page to the https url. Configure the existing site to be https only.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
coreybryantCommented:
The hosting company can set it up via IIS - just ask them.

Also if it is ASP, add this before the <html> element:
<%
dim servPro
servPro = Request.ServerVariables("HTTPS")

if servPro = "off" then
    response.redirect  "https://www.example.com/"
    response.end
end if

%>

And this will redirect http://www.example.com to https://www.example.com

-Corey
0
 
tgritterAuthor Commented:
Hi, Corey,

I tried your code, but got into an infinite loop where my page just kept redirecting to itself over and over and over, and never actually displayed.

To try to get a better idea of what was happening, I commented out the conditional containing the redirect and I just put Response.Write(servPro) so that I could see what the value of that variable was.

I found that the value was always "off" whether I tried coming to the page with http at the beginning of the URL or with https at the beginning of the URL. Either way, servPro is "off". What does this mean, do you think? I am mystified.

I guess maybe I just have to contact Network Solutions, my web host, and ask them to do whatever it takes to make this work.  I assume this is what you mean by having my hosting company do it via IIS.

Thank you, and thanks to everyone else, for trying to help me. I have designed/published about 30 websites over the past five years without a hitch, but none of them were secure sites. This is my first attempt at making a site secure and I'm finding it pretty baffling.

Every online tutorial/how-to I read about this subject seems to assume that the reader already has considerable expertise/knowledge of server configuration/administration, which I don't.  I wish I could find a true "absolute beginner" level discussion of this subject -- "secure sites for dummies."  If anyone can point me to such a resource on the web, I would study it closely.

Thanks for all your help so far.

Teresa
0
 
coreybryantCommented:
>>>I tried your code, but got into an infinite loop where my page just kept redirecting to itself over and over and over, and never actually displayed
That's odd, we use that on a number of sites without any problems.  Let me copy and past it again from the code without changing anything
<%
dim servPro
servPro = Request.ServerVariables("HTTPS")

if servPro = "off" then
    response.redirect  "https://www.loudcommerce.com/merchant_account/brick_application.asp"
    response.end
end if

%>

I wonder if you should redirect it to a page?  like https://www.example.com/default.asp perhaps?  

>>I guess maybe I just have to contact Network Solutions, my web host, and ask them to do whatever it takes to make this work.  I assume this is what you mean by having my hosting company do it via IIS
Yes that is what we have done a few websites for the connection on 443

-Corey
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now