?
Solved

How do I upgrade a Web site to use HTTPS/SSL?

Posted on 2009-04-01
14
Medium Priority
?
594 Views
Last Modified: 2013-11-30
I have a Web site and hosting at FreeHostia.com and want to upgrade the site so that it uses HTTPS/SSL to protect transferred information. I have never set up a secure Web site and need a basic tutorial. FreeHostia offers paid upgrades such as IP addresses, but if many extras will be required an alternate hosting provider can be considered.
0
Comment
Question by:greatcomputing
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +2
14 Comments
 
LVL 10

Expert Comment

by:cyberstalker
ID: 24042326
According to their beginners guide you can set it up from their control panel.
0
 
LVL 7

Expert Comment

by:CorruptedLogic
ID: 24042329
Check here and then take a look in your account control panel...
http://forum.freehostia.com/viewtopic.php?t=3736&highlight=ssl


0
 

Author Comment

by:greatcomputing
ID: 24065354
Do I need to purchase a dedicated IP address to use SSL, or just to get a certificate?
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 10

Expert Comment

by:cyberstalker
ID: 24066726
A dedicated IP address is not required. It will work just as well on shared hosting.
0
 

Author Comment

by:greatcomputing
ID: 24067989
When enabling SSL support in the control panel, the options are to either generate or upload a certificate. After selecting either one, it says "If you intend to use SSL certificates of your own, you will need a different IP address for each one of these SSL certificates." and reverts to the 'Do not use SSL' option.
0
 

Author Comment

by:greatcomputing
ID: 24073021
According to the control panel help files and other posts in the support forum, a dedicated IP address is required to use SSL. After upgrading to 1 dedicated IP address, I am given the option to enable it when creating a new subdomain, such as 'www'. Enabling it for a second subdomain returns the error saying that an additional IP address is required. Is a dedicated IP address required for each subdomain or is this a limitation of FreeHostia? Regardless, while I am able to view my site through 'http://' I cannot connect securely through 'https://'.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24194651
--> Is a dedicated IP address required for each subdomain or is this a limitation of FreeHostia?

No, this is how SSL works.  SSL negotiation takes place before any data is really passed to the Web server, its done when the TCP connection is being setup between the client and the server.  At this point in time the server does not know which host name the client is attempting to connect to so it has to use the cert that is associated with the IP address the client is attempting to connect to.
0
 
LVL 51

Accepted Solution

by:
Steve Bink earned 700 total points
ID: 24201255
>>> Is a dedicated IP address required for each subdomain or is this a limitation of FreeHostia?

Well, yes and no, actually.  The restriction is actually that you can only have a single SSL certificate on any given IP, due to the same technical reasons explained by glitjr.  Since a certificate is normally assigned to a single common name, that means you need one IP per unique domain name.

There are work-arounds, though.  With shared hosting, you commonly share an IP with many other people.  The host will own the cert on the single IP, and dish out subdirectory entries to the clients.  For example, say you are hosting on server1.mywaycoolhost.com.  The certificate will use that as the common name, and any SSL-enabled directories you have will be available through a separate link like https://server1.mywaycoolhost.com/mydomain.  Another alternative is to use a wildcard SSL (*.mywaycoolhost.com), and the host provides for sub-domains like https://mydomain.mywaycoolhost.com.

All of that, however, assumes you're OK with having your customers go to your HOST'S domain to serve your secured content.  Since most laymen know nothing about SSL and are (hopefully) really paranoid about phishing and other scams, that could lead to a drop in business.  The better option, though more expensive, is to get a dedicated IP for your domain and purchase your own certificate.  Once installed, your SSL-enabled content is available through https://www.mydomain.com.  Costs vary by host for the dedicated IP, and a generic certificate will run from $100 to $150 depending on the vendor you use.  Some hosts are resellers for CAs, so talk to them to see if they have a better deal for you.

As far as the restriction of one cert/domain per IP, it is a restriction in the technology, not in reality.  You COULD put two domains on the same IP and use the same cert, but only the matching domain name will display content seamlessly.  The other domain will raise certificate errors on the client side, alerting them that your domain name does not match the certificate's common name.  This might not be an issue for you if the second domain is internal-only, and you just need the certificate for encryption purposes.  If it faces the public, however, you will want to use a second certificate.  For example, if I have domain1.com and domain2.com, and I purchase a certificate for the common name domain1.com, browsing to https://domain1.com will be fine.  Browsing to https://domain2.com (or https://www.domain1.com!!) will raise a certificate error.
0
 

Author Comment

by:greatcomputing
ID: 24208541
I ordered a trial certificate from Comodo and installed it; now the website is available through 'http://' and 'https://' with or without the 'www' subdomain and does not present any certificate errors. Finally, I need to ensure that access is only available through SSL. How do I disable or redirect traffic to accomplish this?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 300 total points
ID: 24208722
There are few ways to do this and it depends on how much control you have over the site.  If this is a typical shared hosted site assuming mod_rewrite is installed, you can setup the following in a .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

If you have full control over everything though, you can put:

Redirect permanent / https://a.b.c/

in your httpd.conf file where a.b.c is your host name.  If you have full control over everything and this is a virtual host, put the above in the virtual host defintion.
0
 

Author Comment

by:greatcomputing
ID: 24209068
Can the RewriteEngine code be modified to include all subdirectories and files?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24209306
With the example I gave anytime a request comes in that is NOT https (meaning it is http), the rule will rewrite the request to be https.

This should cover any and all requests no matter what the directory.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article was originally published on Monitis Blog, you can check it here . Today it’s fairly well known that high-performing websites and applications bring in more visitors, higher SEO, and ultimately more sales. By the same token, downtime…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question