Solved

How do I upgrade a Web site to use HTTPS/SSL?

Posted on 2009-04-01
14
516 Views
Last Modified: 2013-11-30
I have a Web site and hosting at FreeHostia.com and want to upgrade the site so that it uses HTTPS/SSL to protect transferred information. I have never set up a secure Web site and need a basic tutorial. FreeHostia offers paid upgrades such as IP addresses, but if many extras will be required an alternate hosting provider can be considered.
0
Comment
Question by:greatcomputing
  • 5
  • 3
  • 2
  • +2
14 Comments
 
LVL 10

Expert Comment

by:cyberstalker
Comment Utility
According to their beginners guide you can set it up from their control panel.
0
 
LVL 7

Expert Comment

by:CorruptedLogic
Comment Utility
Check here and then take a look in your account control panel...
http://forum.freehostia.com/viewtopic.php?t=3736&highlight=ssl


0
 

Author Comment

by:greatcomputing
Comment Utility
Do I need to purchase a dedicated IP address to use SSL, or just to get a certificate?
0
 
LVL 10

Expert Comment

by:cyberstalker
Comment Utility
A dedicated IP address is not required. It will work just as well on shared hosting.
0
 

Author Comment

by:greatcomputing
Comment Utility
When enabling SSL support in the control panel, the options are to either generate or upload a certificate. After selecting either one, it says "If you intend to use SSL certificates of your own, you will need a different IP address for each one of these SSL certificates." and reverts to the 'Do not use SSL' option.
0
 

Author Comment

by:greatcomputing
Comment Utility
According to the control panel help files and other posts in the support forum, a dedicated IP address is required to use SSL. After upgrading to 1 dedicated IP address, I am given the option to enable it when creating a new subdomain, such as 'www'. Enabling it for a second subdomain returns the error saying that an additional IP address is required. Is a dedicated IP address required for each subdomain or is this a limitation of FreeHostia? Regardless, while I am able to view my site through 'http://' I cannot connect securely through 'https://'.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 57

Expert Comment

by:giltjr
Comment Utility
--> Is a dedicated IP address required for each subdomain or is this a limitation of FreeHostia?

No, this is how SSL works.  SSL negotiation takes place before any data is really passed to the Web server, its done when the TCP connection is being setup between the client and the server.  At this point in time the server does not know which host name the client is attempting to connect to so it has to use the cert that is associated with the IP address the client is attempting to connect to.
0
 
LVL 50

Accepted Solution

by:
Steve Bink earned 175 total points
Comment Utility
>>> Is a dedicated IP address required for each subdomain or is this a limitation of FreeHostia?

Well, yes and no, actually.  The restriction is actually that you can only have a single SSL certificate on any given IP, due to the same technical reasons explained by glitjr.  Since a certificate is normally assigned to a single common name, that means you need one IP per unique domain name.

There are work-arounds, though.  With shared hosting, you commonly share an IP with many other people.  The host will own the cert on the single IP, and dish out subdirectory entries to the clients.  For example, say you are hosting on server1.mywaycoolhost.com.  The certificate will use that as the common name, and any SSL-enabled directories you have will be available through a separate link like https://server1.mywaycoolhost.com/mydomain.  Another alternative is to use a wildcard SSL (*.mywaycoolhost.com), and the host provides for sub-domains like https://mydomain.mywaycoolhost.com.

All of that, however, assumes you're OK with having your customers go to your HOST'S domain to serve your secured content.  Since most laymen know nothing about SSL and are (hopefully) really paranoid about phishing and other scams, that could lead to a drop in business.  The better option, though more expensive, is to get a dedicated IP for your domain and purchase your own certificate.  Once installed, your SSL-enabled content is available through https://www.mydomain.com.  Costs vary by host for the dedicated IP, and a generic certificate will run from $100 to $150 depending on the vendor you use.  Some hosts are resellers for CAs, so talk to them to see if they have a better deal for you.

As far as the restriction of one cert/domain per IP, it is a restriction in the technology, not in reality.  You COULD put two domains on the same IP and use the same cert, but only the matching domain name will display content seamlessly.  The other domain will raise certificate errors on the client side, alerting them that your domain name does not match the certificate's common name.  This might not be an issue for you if the second domain is internal-only, and you just need the certificate for encryption purposes.  If it faces the public, however, you will want to use a second certificate.  For example, if I have domain1.com and domain2.com, and I purchase a certificate for the common name domain1.com, browsing to https://domain1.com will be fine.  Browsing to https://domain2.com (or https://www.domain1.com!!) will raise a certificate error.
0
 

Author Comment

by:greatcomputing
Comment Utility
I ordered a trial certificate from Comodo and installed it; now the website is available through 'http://' and 'https://' with or without the 'www' subdomain and does not present any certificate errors. Finally, I need to ensure that access is only available through SSL. How do I disable or redirect traffic to accomplish this?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 75 total points
Comment Utility
There are few ways to do this and it depends on how much control you have over the site.  If this is a typical shared hosted site assuming mod_rewrite is installed, you can setup the following in a .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

If you have full control over everything though, you can put:

Redirect permanent / https://a.b.c/

in your httpd.conf file where a.b.c is your host name.  If you have full control over everything and this is a virtual host, put the above in the virtual host defintion.
0
 

Author Comment

by:greatcomputing
Comment Utility
Can the RewriteEngine code be modified to include all subdirectories and files?
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
With the example I gave anytime a request comes in that is NOT https (meaning it is http), the rule will rewrite the request to be https.

This should cover any and all requests no matter what the directory.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Read about why website design really matters in today's demanding market.
The purpose of this video is to demonstrate how to set up the permalinks on a WordPress Website. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Go t…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now