Preparation Work ready for SSL certificate

design

#1

wouldn’t it be marvellous if you could just buy the Comodo Certificate from DH and that was it? Job Done? yes that would be lovely, sadly you need to do some work to change from a “Not Secure” site (as the browsers will now tell you) to a “SECURE”

for instance, one huge piece of work that you need to do is to PURGE your html pages of all http links!

So there I am on my page of ‘news items’ That I have on my static page “NEWS”

I am linking back to the Source of the first news item and the link is http://www.telegraph.co.uk/news/newstopics/howaboutthat/ufo/6837200/UFO-pyramid-reported-over-Kremlin.html

But OH DEAR it’s a HTTP link, the browsers won’t like that one bit, in fact they’ll throw up Warning Signs particularly Firefox which will have a field day, am I right?

so I tried https://www.telegraph.co.uk/news/newstopics/howaboutthat/ufo/6837200/UFO-pyramid-reported-over-Kremlin.html nope, the newspaper doesn’t have https

if you put the https you get a warning [quote]Your connection is not private

Attackers might be trying to steal your information from www.telegraph.co.uk (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID[/quote]

so what do I do?


#2

A clickable LINK to an http resource won’t (or shouldn’t) cause any broswer mixed content warnings.

Loading a page asset from a non-https source is what causes the problem.

Soooooo in the case of the http://www.telegraph.co.uk/news/newstopics/howaboutthat/ufo/6837200/UFO-pyramid-reported-over-Kremlin.html if that’s simple a clickable link in the style News Source that is not going to trigger warnings for you. (Just as it doesn’t here in this forum–loading THIS page did not cause you to receive any mixed content warnings.

What does? there maybe multiple answers, but by and large it’s going to be a picture or artwork from the source. i.e. In that case if there is no https://example.com/pic.jgp or SSL version you will need to download the picture or artwork and serve it from your own server.

(and in both cases consider if you are allowed to use someone else’s asset or property but that’s not the topic matter of this thread.)


#3

thanks LakeRat, brilliant reply, as you say THIS page did not cause me to receive any mixed content warnings, quite true, great!

so 1 more question in the same vein. in the Header of all my site pages I have

Because I started these pages back in 2003 I have no idea why that line is there, maybe it is no longer needed now

but what concerns me of course is that there is “http” in that line of code. do you think the line of code can stay as is, be edited to https or just deleted?


#4

I don’t believe it’s relevant, not my area of expertise tho, it seems to deal with character encoding not security(ssl).

http://www.w3schools.com/html/html_charset.asp


#5

John: I don’t understand what you’re trying to do. Are you the manager of Telegraph.co.uk? Checking the https site, you can see why Firefox complains:

www.telegraph.co.uk uses an invalid security certificate.

The certificate is only valid for the following names:
  *.akamaihd.net, *.akamaihd-staging.net, *.akamaized-staging.net, *.akamaized.net, a248.e.akamai.net  

Error code: SSL_ERROR_BAD_CERT_DOMAIN

Technically, you don’t even need to buy a certificate from DreamHost: we offer the free ones from Let’sEncrypt that work as well… what you need to do is to force your site to redirect all calls from http to https (use .htaccess rewrite rules, for example). And as LakeRat suggests, you’ll have to make sure that the whole page only includes content served via https in the “src=” arguments (tipically images and videos).

If you have issues with your website, put the exact information here or we won’t be able to help you: be precise, give URL, error messages, what you tried as debugging, what you expected and what actually happened.