Changing website to Https compliant

Report · Jun 04, 2019

Hello,

I just switched from DW CS6 to DW CC and I know I am way behind the curve with the Https thing. Can anyone point the way to how I get my sites changed for Https?

Thanks for any help on this. I am waking up from a long hobby-web-designer sleep....

Frank B.

Report · Jun 04, 2019

Google the subject or have a look at https://smallbiztrends.com/2015/04/changing-from-http-to-https.html

Wappler, the only real Dreamweaver alternative.

Report · Jun 04, 2019

Hi Frank,

That isn't something you do in Dreamweaver at all. Your hosting provider likely has free options for you to add that.

Report · Jun 04, 2019

Thank you all for helping - it is supplied by the Hosting provider but it is far from free.

Report · Jun 04, 2019

brightbelt wrote
Thank you all for helping - it is supplied by the Hosting provider but it is far from free.

Save money and do it yourself.

If you're not selling anything from your site, you probably don't need high level certificates and could just as easily use free ones from trusted authorities like Let's Encrypt or Comodo CA.

Let's Encrypt - Free SSL/TLS Certificates
https://letsencrypt.org/
Free SSL Certificates from No 1 Trust Provider - Comodo SSL
https://ssl.comodo.com/free-ssl-certificate.php

I require more than free certs offer so I purchase my SSL/TLS certificates from Namecheap.com. They have an excellent knowledge base on how to generate a CSR code and activate certificates on the server through your hosts c-Panel or Plesk panel, etc..... Once you've done it a few times, it's not difficult to manage certis yourself.

Decide beforehand how much assurance, browser support, warranty and encryption you will need for your site. Additionally, there are 3 types of verification levels to consider.

Domain Verified (DV) is the most common and takes as little as 15 minutes with no paperwork to complete.
Organization Verfiied (OV) -- takes 1-3 business days to verify domain name, business ownership records and address.
Extended verified (EV) - similar to OV above but adds a green organization name to the browser address bar.

For more on obtaining and installing SSL/TLS Certificates, refer to the knowledge base at Namecheap.com.

https://www.namecheap.com/security/ssl-certificates/

https://www.namecheap.com/support/knowledgebase/category.aspx/14/ssl-certificates

After the certificate is installed, you will want to redirect all HTTP server requests to secure HTTPS. On Linux hosting plans, you can do this with your c-Panel or by editing a plain text file called .htaccess.

Nancy O'Shea— Product User, Community Expert & Moderator

Report · Jun 05, 2019

brightbelt wrote
Thank you all for helping - it is supplied by the Hosting provider but it is far from free.

Any half decent hosting provider should provide free 'lets encrypt' ssl certificates via the websites control panel. Then it's a case of re-directing to https using a bit of scripting in your htaccess file if youre using php.

The free ssl scripts are fine for low-level security such as sending form data/information etc directly from the website and to instill confidence in your visitors. If you are handing financial transactions then you need a more robust ssl certificate which is not free.

Report · Jun 05, 2019

Hi brightbell,

As osgood_ says a lot of hosting companies offer Lets Encypts as a free TLD/SSL option - usually its an easy ' one click' install from a hosting control panel like CPanel. If your current host doesn't offer it I'd consider switching to a new host ....

Then let us know what hosting platform you are on as you will need redirect all non https requests to https equivelant once you are up and running on https. This is an example of how you would do the redirect in a htaccess file on an apache server:

RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,NE,R=301]

This is a bit more advanced to make sure all requested are routed to a url on https with www.

RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=301]

Paul-M - Community Expert

Report · Jun 05, 2019

Adding to the other replies, a couple of facts

All decent hosts serve HTTP/2 with security settings on an Nginx box (does not support .htaccess to make the rewrite mods).
All major browsers (i.e. Firefox [09], Chrome, Safari, Opera, IE, Edge) have decided that they will only support HTTP/2 over TLS,

Wappler, the only real Dreamweaver alternative.

Report · Jun 06, 2019

hello Ben,

from this screenshot, we see that you are using PLESK, isn't that a wonderful management tool? I find this software purely fantastic

By the way, what type of hosting do you subscribe to?

have a pleasant day

birnou

Report · Jun 06, 2019

I have a cousin that runs the server for me. It is a cloud based system running Nginx alongside Apache. Needles to say, the system serves HTTP/2 protocol and I have a choice of SSL certificates depending on the wishes of my client. The server has many security features to alleviate interfering factors. It also has many tools to choose from, ranging from SEO to Wordpress and all in between. His website is https://www.gpkgroup.com.au/

Wappler, the only real Dreamweaver alternative.

Report · Jun 06, 2019

yep using nginx as a reverse proxy of apache, that a real way to go, and that is what we test in production (differents configuration, pure static, wordpress, heavy templates... and so on) since a year on a virtual machine with my provider. they (the techs of my provider) are very cool and the final performance's test should be out soon.

the funny part is that we get the http2 philosophy (gzip optimization for large heavy web site) and the minimal needs from nginx , while benefiting from apache's on-demand and on-the-fly configuration advances

Changing website to Https compliant

1 Correct answer