Securing Website


#1

So, I purchased and installed an IP, secure hosting, and certificate, but my site does not show as secure in the browser. What do I need to do next?


#2

You haven’t mentioned what site you’re having issues with, so here’s a general checklist for diagnosing why your site isn’t showing up as secure:

[list]
[] Obvious things first: Is it plugged in? That is to say: Are you visiting the secure (https://) version of the site? If you want to make all access to your site secure, you may want to set up the HTTP version of the site to redirect to HTTPS.
[
] If you bought the SSL certificate from us, you were prompted for a confirmation email address. Have you received an email from our SSL provider at that address and clicked on the link in it? If you haven’t, you may need to request the confirmation again. (Make sure you have email set up on the domain!)
[*] If that’s not it, there may be some insecure content on your site that’s making web browsers not display the padlock. If you’re using Google Chrome, insecure content will generate warnings in the developer console. There’s also a handy tool for diagnosing these sorts of issues at http://www.whynopadlock.com/.
[/list]


#3

Thanks for the reply.

Details:
Me=fairly noobish
testamentbooks.com
Purchased from DreamHost

It is only a small “associate store” with Amazon. WhyNoPadlock shows most of the issues with links contained within the Amazon store link. I will check that part out on that end.

If I were to go about your first suggestion, to redirect from http to https, would that just be done at the Panel within DreamHost? Or, is it more complicated than that.


#4

Uh-oh. It looks as though the Amazon associate store interface you’re embedding may not fully support viewing via SSL — I’m seeing SSL warnings on https://astore.amazon.com/testamentbooks-20 as well. You will probably need to get in touch with Amazon about this.

As far as redirecting to HTTPS goes, you’re correct; that would be done through the Panel. Hit the “Edit” button in the “Web Hosting” column of Manage Domains and edit the domain to be a redirect to the “https” version of itself. Before you do this, though, make sure that the HTTPS (“Secure Hosting”) side of the domain is not set to “mirror non-secure settings” — having it mirror the non-secure settings (making it be a redirect… to itself) would create a loop.