rich brown
asked on
Change web Site from HTTP to HTTPS
I need to change my site to HTTPS. I have 3 sites on my server. Should I get 1 certificate using the server name or the site name? If I get a certificate using the server name, can all sites on the server use the same certificate? If so, is there a benefit in getting 1 certificate for all sites vs. getting each site its' own certificate?
Also, can I get 1 certificate for 2 different servers\sites?
Also, once I move to HTTPS, other than telling my users to start using the HTTPS in the URL, is there anything else I need to say to them?
note: using IIS8
Also, can I get 1 certificate for 2 different servers\sites?
Also, once I move to HTTPS, other than telling my users to start using the HTTPS in the URL, is there anything else I need to say to them?
note: using IIS8
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You asked, "Also, once I move to HTTPS, other than telling my users to start using the HTTPS in the URL, is there anything else I need to say to them?"
I guess you can... No real point though...
In your Webserver config, add rules to do the following promotions... using foo.com as an example.
If you use www as your terminal/final site name, the reverse the sense where https://www.foo.com receives all the promotions.
Adding these promotions in your Webserver config, auto-magically upgrades any HTTP -> HTTPS, so no requirement to tell any visitor (past/present/future) to take any new action.
I guess you can... No real point though...
In your Webserver config, add rules to do the following promotions... using foo.com as an example.
http://foo.com -> https://foo.com
http://www.foo.com -> https://foo.com
https:/www.foo.com -> https://foo.com
If you use www as your terminal/final site name, the reverse the sense where https://www.foo.com receives all the promotions.
Adding these promotions in your Webserver config, auto-magically upgrades any HTTP -> HTTPS, so no requirement to tell any visitor (past/present/future) to take any new action.
I'm using https://letsencrypt.org/in conjunction with certbot (for auto renewal of certificates) and nginx web server as a reverse proxy (setup is similar to this one: https://webcodr.io/2018/02/nginx-reverse-proxy-on-raspberry-pi-with-lets-encrypt/).
You might give some of these a shot ;-)
You might give some of these a shot ;-)
Should I get 1 certificate using the server name or the site name?Since you mentioned http/https, it has to be the domain name. You can have a domain that is on multiple servers covered under the same certificate. But you can not have one certificate for multiple top level domains like domain1.com and domain2.com. You can have a wildcard cert for multiple sub domains like sub1.domain.com and sub2.domain.com. If you run sub1.domain.com on server1 and sub2.domain.com on server2, this can still be covered with one certificate. EDIT (One wildcard certificate)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SAN SSL won't include SSL for www, for www.yourdomain and yourdomain.com considered as 2 urls. So you may ended up paying more.
After installing SSL, you can redirect HTTP to HTTPS.
Also if web page have any resoucres loading with HTTP, that need to be changed to HTTPS to avoid mixed content errors.