I recently moved servers and redeveloped the website at the same time. Previously all pages were served via https and I wanted to change this so only cart pages were via https. Also I wanted to clean up the url a bit. Old urls were:
https://secure.mydomain.com/onlinestore/index.php
and I removed the secure prefix and the subfolder so it is now:
http://www.mydomain.com/index.php
Problem is I wanted people who clicked on old links or bookmarks to be redirected to the new page. I got this working with htaccess. However the new SSL only covers the root domain and not the secure subdomain. So if someone clicks an old link it brings up "This Connection is Untrusted" before it can redirect. Works fine if i change https to http.
So what I want to know is if there is anyway I can force http instead of https before it checks the SSL cert.
Hope that makes sense!
The short answer is no. With conventional SSL, your web server doesn't even get to see the URL before certificate negotiation happens. It just sees a connection on port 443 and starts doing SSL negotiation. The browser then sees the mismatched cert and throws an exception.
However, more modern browsers and web servers (see Wikipedia for the list) support a TLS extension called Server Name Identification (SNI), which allows the client to send the hostname it's requesting before the server has to respond with a certificate. At that point you'll need to have certificates for both secure.mydomain.com and www.mydomain.com on that server, and it'll need to be configured to respond with the proper certificate.
Related
Just updated our website, and migrated our DNS routing to the new server. The issue we are having now, is sometimes when a user types in our website 'example.com', it will sometimes route them to an HTTPS://example.com which isn't currently enabled.
Is there a way to have users routed to our HTTP://example.com instead of HTTPS://example.com, while we are waiting for SSL to be enabled on the new site?
No.
DNS is for resolving the hostname (example.com) to an IP address. You can't tell the browser to use HTTPS or HTTP via DNS.
I'm assuming that in the past, you've supported HTTPS. Once you've done that, the browsers often remember. The best thing to do is get your certificate place ASAP. You can use Lets Encrypt and Certbot and be done in a couple minutes in most cases.
I am using CentOS Linux 7.3.1611 with Plesk Onyx 17.0.17 to forward (301) myolddomain.com to mynewdomain.com. mynewdomain.com has a valid SSL certificate.
However, if I go to https://myolddomain.com, then I get a certificate error and the domain does not get forwarded. How do I make https://myolddomain.com forward too. Do I need to host my old domain and use .htaccess to make the redirect? I don´t want to leave it as it is because that means having duplicate content and that´s obviously bad for SEO.
EDIT
The forwarding works fine for all non https requests.
This free service will forward the old domain to the new one...
https://redirect.pizza/
Once you set up the account there, you then need to update your A record and CNAME record in the DNS for the old domain to point to the redirect.pizza servers.
They use LetsEncrypt to generate the certificate for the old domain. I have been using it and it works perfectly.
Note that doing this could potentially let redirect.pizza put up anything they wanted on your old domain rather than forwarding to new domain, so you have to trust them. If you are worried about this, you could monitor the old domain and if they ever stop forwarding, then you could defensively update you DNS to no longer point to them.
You need to have a server at the old domain, and it has to have a valid certificate for the old domain name, in order to provide a redirect under https.
This is because of how https works. First the secure connection must be established, which requires the certificate. Only then can the http request and the redirect response be made.
I just inherited a new site but messed up the SSL cert by losing the private key.
The url would have been https for anyone using the site meaning right now they are clicking on a broken site, or an SSL error to be more clear.
Is there any way around this for now, ideally just a redirect to a holding page would suit me fine.
I cant redirect to http using htaccess as I think htaccess doesnt even get a chance to kick in at that stage
Thank you
In short: What you want is not possible.
Details: HTTPS is HTTP inside a SSL tunnel. The redirect is done with HTTP. Since you messed up the establishment of the SSL tunnel it will not be able to start with HTTP (inside the non-existing tunnel) and thus cannot do a redirect.
We have a Windows Server 2008 with IIS. One of the sub domains (i.e. HTTPS.TEST.COM) is bound to https and the other sub domain is bound to http (i.e. HTTP.TEST.COM). If the user enters https://HTTP.TEST.COM the user gets an ugly error about incorrect certificate - for some reason IIS uses the certificate for HTTPS.TEST.COM because user typed https instead of http.
My question is, how do I make sure visits to https://HTTP.TEST.COM gets redirected to http://HTTP.TEST.COM? It is not necessary to redirect to same sub page, the important thing is to get rid of the ugly error message. I have seen other posts about URL rewrites, but I get the feeling there are easier ways to solve this.
That is not possible, because when the client first connects to the https port of the server, there is an SSL handshake that results in the server certificate being presented to the client before the client is even allowed to tell the server which URL it is trying to access.
It is the client that gives the error that the server certificate for does not match what is expected and this happens before the server can do a redirect to the correct subdomain.
However, if you place a wildcard certificate for *.test.com on the server, you can effectively bypass the error and get the redirection to work. Another way would be to have separate SSL certificates for both HTTP.TEST.COM and HTTPS.TEST.COM, but for the above reasons you must then have them on separate IP addresses.
I'm a beginner in .htaccess and I need help. We have this website with its store module in https. We also have a parked domain pointing to this website. The problem is, when I type "https://www.parked_domain_name.com/store/" in the address bar, I get an SSL error. However, when I type "http://www.parked_domain_name.com/store/" on the address bar, it redirects to "https://www.parked_domain_name.com/store/" without getting any SSL errors. How can I view the store w/o SSL errors when I type "https://www.parked_domain_name.com/store/" in the address bar?
In general, you can only have HTTPS running on a single domain name for a site.
There are exceptions, for example a certificate for *.example.org would let you run HTTPS on both www.example.org and web.example.org subdomains. Also, some certificate providers will issue certificates for a fixed list of several domain names.
But in common usage, one IP address can have only one certificate, and one certificate can have only one domain name.
The behaviour you describe of the http URL redirecting the the https URL without warnings does not sound like it is possible. Perhaps try a few different browsers - they all act a bit differently on this front. How you reached the URL is not relevant. If you access example.org over HTTP and the certificate says anotherdomain.com then you will get SSL warnings.
You're best off running the site only on e.g. https://example.org/ and redirecting any other domains to that one, rather than hosting the site from multiple domains.
I hope this helps.