Solved

How do I upgrade a Web site to use HTTPS/SSL?

Posted on 2009-04-01
14
573 Views
Last Modified: 2013-11-30
I have a Web site and hosting at FreeHostia.com and want to upgrade the site so that it uses HTTPS/SSL to protect transferred information. I have never set up a secure Web site and need a basic tutorial. FreeHostia offers paid upgrades such as IP addresses, but if many extras will be required an alternate hosting provider can be considered.
0
Comment
Question by:greatcomputing
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +2
14 Comments
 
LVL 10

Expert Comment

by:cyberstalker
ID: 24042326
According to their beginners guide you can set it up from their control panel.
0
 
LVL 7

Expert Comment

by:CorruptedLogic
ID: 24042329
Check here and then take a look in your account control panel...
http://forum.freehostia.com/viewtopic.php?t=3736&highlight=ssl


0
 

Author Comment

by:greatcomputing
ID: 24065354
Do I need to purchase a dedicated IP address to use SSL, or just to get a certificate?
0
Monthly Recap

May was a big month for new releases from Linux Academy! Take a look at what our team built recently in our blog. You can access the newest releases from our blog.

 
LVL 10

Expert Comment

by:cyberstalker
ID: 24066726
A dedicated IP address is not required. It will work just as well on shared hosting.
0
 

Author Comment

by:greatcomputing
ID: 24067989
When enabling SSL support in the control panel, the options are to either generate or upload a certificate. After selecting either one, it says "If you intend to use SSL certificates of your own, you will need a different IP address for each one of these SSL certificates." and reverts to the 'Do not use SSL' option.
0
 

Author Comment

by:greatcomputing
ID: 24073021
According to the control panel help files and other posts in the support forum, a dedicated IP address is required to use SSL. After upgrading to 1 dedicated IP address, I am given the option to enable it when creating a new subdomain, such as 'www'. Enabling it for a second subdomain returns the error saying that an additional IP address is required. Is a dedicated IP address required for each subdomain or is this a limitation of FreeHostia? Regardless, while I am able to view my site through 'http://' I cannot connect securely through 'https://'.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24194651
--> Is a dedicated IP address required for each subdomain or is this a limitation of FreeHostia?

No, this is how SSL works.  SSL negotiation takes place before any data is really passed to the Web server, its done when the TCP connection is being setup between the client and the server.  At this point in time the server does not know which host name the client is attempting to connect to so it has to use the cert that is associated with the IP address the client is attempting to connect to.
0
 
LVL 51

Accepted Solution

by:
Steve Bink earned 175 total points
ID: 24201255
>>> Is a dedicated IP address required for each subdomain or is this a limitation of FreeHostia?

Well, yes and no, actually.  The restriction is actually that you can only have a single SSL certificate on any given IP, due to the same technical reasons explained by glitjr.  Since a certificate is normally assigned to a single common name, that means you need one IP per unique domain name.

There are work-arounds, though.  With shared hosting, you commonly share an IP with many other people.  The host will own the cert on the single IP, and dish out subdirectory entries to the clients.  For example, say you are hosting on server1.mywaycoolhost.com.  The certificate will use that as the common name, and any SSL-enabled directories you have will be available through a separate link like https://server1.mywaycoolhost.com/mydomain.  Another alternative is to use a wildcard SSL (*.mywaycoolhost.com), and the host provides for sub-domains like https://mydomain.mywaycoolhost.com.

All of that, however, assumes you're OK with having your customers go to your HOST'S domain to serve your secured content.  Since most laymen know nothing about SSL and are (hopefully) really paranoid about phishing and other scams, that could lead to a drop in business.  The better option, though more expensive, is to get a dedicated IP for your domain and purchase your own certificate.  Once installed, your SSL-enabled content is available through https://www.mydomain.com.  Costs vary by host for the dedicated IP, and a generic certificate will run from $100 to $150 depending on the vendor you use.  Some hosts are resellers for CAs, so talk to them to see if they have a better deal for you.

As far as the restriction of one cert/domain per IP, it is a restriction in the technology, not in reality.  You COULD put two domains on the same IP and use the same cert, but only the matching domain name will display content seamlessly.  The other domain will raise certificate errors on the client side, alerting them that your domain name does not match the certificate's common name.  This might not be an issue for you if the second domain is internal-only, and you just need the certificate for encryption purposes.  If it faces the public, however, you will want to use a second certificate.  For example, if I have domain1.com and domain2.com, and I purchase a certificate for the common name domain1.com, browsing to https://domain1.com will be fine.  Browsing to https://domain2.com (or https://www.domain1.com!!) will raise a certificate error.
0
 

Author Comment

by:greatcomputing
ID: 24208541
I ordered a trial certificate from Comodo and installed it; now the website is available through 'http://' and 'https://' with or without the 'www' subdomain and does not present any certificate errors. Finally, I need to ensure that access is only available through SSL. How do I disable or redirect traffic to accomplish this?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 75 total points
ID: 24208722
There are few ways to do this and it depends on how much control you have over the site.  If this is a typical shared hosted site assuming mod_rewrite is installed, you can setup the following in a .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

If you have full control over everything though, you can put:

Redirect permanent / https://a.b.c/

in your httpd.conf file where a.b.c is your host name.  If you have full control over everything and this is a virtual host, put the above in the virtual host defintion.
0
 

Author Comment

by:greatcomputing
ID: 24209068
Can the RewriteEngine code be modified to include all subdirectories and files?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24209306
With the example I gave anytime a request comes in that is NOT https (meaning it is http), the rule will rewrite the request to be https.

This should cover any and all requests no matter what the directory.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
When crafting your “Why Us” page, there are a plethora of pitfalls to avoid. Follow these five tips, and you’ll be well on your way to creating an effective page.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question