Rawand Amin
asked on
Where to apply public SSL certificate on website
Dears,
Where do you recommend i should apply SSL certificate on locally hosted website? on the entire website (all pages), or just on the pages were user require to authenticate?
I would like to apply SSL certificate on all pages, that way visitors will be certain that the page is trusted, however, my concern is performance. I am not sure if Applying SSL on all website would cause performance issue, due to encryption and descriptions mechanism.
if you visit YouTube, SSL is applied everywhere, while some website like bbc.co.uk it is only applied on the login page.
does applying SSL on all website cause any performance issue?
Thanks
Where do you recommend i should apply SSL certificate on locally hosted website? on the entire website (all pages), or just on the pages were user require to authenticate?
I would like to apply SSL certificate on all pages, that way visitors will be certain that the page is trusted, however, my concern is performance. I am not sure if Applying SSL on all website would cause performance issue, due to encryption and descriptions mechanism.
if you visit YouTube, SSL is applied everywhere, while some website like bbc.co.uk it is only applied on the login page.
does applying SSL on all website cause any performance issue?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
From what you recommended, i will apply SSL https for the whole site, as it will not cause create a performance issue, that is because handshake and key exchanges are done at the first stage of the connection.
Is there a way to redirect all http request to https without using following script below, or using using .htaccess file? is that something you can specify under the certified authority, or it has to be done locally on the server?
Thanks for your help
Is there a way to redirect all http request to https without using following script below, or using using .htaccess file? is that something you can specify under the certified authority, or it has to be done locally on the server?
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Thanks for your help
I suggest you can have another new question so that ypu get larger pool of expert from the starting as well.
For the HTTP to https, it is as shared below and mod_rewrite is enabled in Apache, which I assumed. You just need to edit your httpd.conf file or the file where your virtual host is specified and have those lines ( in article) to redirect http to https.
The main configuration file is usually named httpd.conf. In most cases the <VirtualHost> blocks will be at the bottom of this httpd.conf file. Sometimes you will find the <VirtualHost> blocks in a separate file in a directory like /etc/httpd/vhosts.d/ or /etc/httpd/sites/ or in a file called ssl.conf.
Htaccess can be done as well and it is applicable at folder level depending on where the file is stored.
https://www.sslshopper.com/apache-redirect-http-to-https.html
The web server is to install the ssl on the system and binding it for any web traffic.
https://www.sslshopper.com/apache-server-ssl-installation-instructions.html
For the HTTP to https, it is as shared below and mod_rewrite is enabled in Apache, which I assumed. You just need to edit your httpd.conf file or the file where your virtual host is specified and have those lines ( in article) to redirect http to https.
The main configuration file is usually named httpd.conf. In most cases the <VirtualHost> blocks will be at the bottom of this httpd.conf file. Sometimes you will find the <VirtualHost> blocks in a separate file in a directory like /etc/httpd/vhosts.d/ or /etc/httpd/sites/ or in a file called ssl.conf.
Htaccess can be done as well and it is applicable at folder level depending on where the file is stored.
https://www.sslshopper.com/apache-redirect-http-to-https.html
The web server is to install the ssl on the system and binding it for any web traffic.
https://www.sslshopper.com/apache-server-ssl-installation-instructions.html
ASKER
thanks
The BBC for example can be accessed at http://bbc.co.uk and https://bbc.co.uk. The first link would be unsecured, the second secured. When writing code for your site you can check if the connection is HTTPS or not, and redirect if not. I presume YouTube do the latter as even typing http://youtube.com redirects you to https.
If your site contains private information I would recommend forcing a redirect to a HTTPS connection across the board.
As for overhead I believe it is fairly small penalty as the server does have to encrypt the responses and the client decrypts them. However, I have never run comparisons.