Link to home
Start Free TrialLog in
Avatar of rich brown
rich brown

asked on

Change web Site from HTTP to HTTPS

I need to change my site to HTTPS. I have 3 sites on my server. Should I get 1 certificate using the server name or the site name? If I get a certificate using the server name, can all sites on the server use the same certificate? If so, is there a benefit in getting 1 certificate for all sites vs. getting each site its' own certificate?
 
 Also, can I get 1 certificate for 2 different servers\sites?
 
 Also, once I move to HTTPS, other than telling my users to start using the HTTPS in the URL, is there anything else I need to say to them?

note: using IIS8 
Avatar of Yujin Boby
Yujin Boby
Flag of India image

You can buy a SAN SSL, that support multiple domains, but you need to install all SSL same time. That means if you have 3 sites, all 3 sites need SSL requested same time. Later if you decide to make any changes to this SSL (say you need to change one of the domain name or add a new domain name), you need SSL for all the web sites reinstaled. For this reason I prefer seperate SSL for each of the sites.

SAN SSL won't include SSL for www, for www.yourdomain and yourdomain.com considered as 2 urls. So you may ended up paying more.

After installing SSL, you can redirect HTTP to HTTPS.

Also if web page have any resoucres loading with HTTP, that need to be changed to HTTPS to avoid mixed content errors.
ASKER CERTIFIED SOLUTION
Avatar of David Favor
David Favor
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You asked,  "Also, once I move to HTTPS, other than telling my users to start using the HTTPS in the URL, is there anything else I need to say to them?"

I guess you can... No real point though...

In your Webserver config, add rules to do the following promotions... using foo.com as an example.

http://foo.com -> https://foo.com
http://www.foo.com -> https://foo.com
https:/www.foo.com -> https://foo.com

Open in new window


If you use www as your terminal/final site name, the reverse the sense where https://www.foo.com receives all the promotions.

Adding these promotions in your Webserver config, auto-magically upgrades any HTTP -> HTTPS, so no requirement to tell any visitor (past/present/future) to take any new action.
I'm using https://letsencrypt.org/in conjunction with certbot (for auto renewal of certificates) and nginx web server as a reverse proxy (setup is similar to this one: https://webcodr.io/2018/02/nginx-reverse-proxy-on-raspberry-pi-with-lets-encrypt/).
You might give some of these a shot ;-)
Should I get 1 certificate using the server name or the site name?  

Since you mentioned http/https, it has to be the domain name.  You can have a domain that is on multiple servers covered under the same certificate. But you can not have one certificate for multiple top level domains like domain1.com and domain2.com.  You can have a wildcard cert for multiple sub domains like sub1.domain.com and sub2.domain.com. If you run sub1.domain.com on server1 and sub2.domain.com on server2, this can still be covered with one certificate. EDIT (One wildcard certificate)

SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial