Highlighted

I have CS5 and I don't know how to implement the SSL certificate

New Here ,
Mar 15, 2018

Copy link to clipboard

Copied

Years ago I created my business website using Dreamweaver CS5. I've purchased an SSL certificate and my website host now tells me I have work to do my end in order to finish the implementation. I have absolutely no idea how to do this and I'm not finding anything when I try to search for an answer online. My web address is http://www.heritageceilings.com.au .

Could some dear soul please help me?  I'm not very smart with technical things so simple terminology will be most appreciated.

Thanks in advance.

Adobe Community Professional
Correct answer by BenPleysier | Adobe Community Professional

Your server now requires SSL/TLS to function, this is assuming that the login details and the FTP Address is the same as before.

Try the following settings

junk.png

Views

861

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

I have CS5 and I don't know how to implement the SSL certificate

New Here ,
Mar 15, 2018

Copy link to clipboard

Copied

Years ago I created my business website using Dreamweaver CS5. I've purchased an SSL certificate and my website host now tells me I have work to do my end in order to finish the implementation. I have absolutely no idea how to do this and I'm not finding anything when I try to search for an answer online. My web address is http://www.heritageceilings.com.au .

Could some dear soul please help me?  I'm not very smart with technical things so simple terminology will be most appreciated.

Thanks in advance.

Adobe Community Professional
Correct answer by BenPleysier | Adobe Community Professional

Your server now requires SSL/TLS to function, this is assuming that the login details and the FTP Address is the same as before.

Try the following settings

junk.png

Views

862

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Mar 15, 2018 0
Adobe Community Professional ,
Mar 15, 2018

Copy link to clipboard

Copied

My host has two options to include a certificate, namely the free of charge 'Let's Encrypt' or purchased SSL/TLS Certificates.

Choosing the former involves ticking a checkbox, the latter involves uploading your Certificate.

After you have done that, you will need to ensure that the site is directed to HTTPS://. I have done that using .htaccess as per

# ----------------------------------------------------------------------

# Start rewrite engine

# ----------------------------------------------------------------------

# Turning on the rewrite engine is necessary for the following rules and features.

# FollowSymLinks must be enabled for this to work.

<IfModule mod_rewrite.c>

  Options +FollowSymlinks

  RewriteEngine On

</IfModule>

# ----------------------------------------------------------------------

# Rewrite "www.example.com -> example.com"

# ----------------------------------------------------------------------

<IfModule mod_rewrite.c>

  RewriteCond %{HTTPS} !=on

  RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]

  RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]

</IfModule>

The above code tells the browser, if HTTPS is not used in the address, to remove the 'www.' part of the address after which it automatically chooses HTTPS://


Ben

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 15, 2018 0
New Here ,
Mar 15, 2018

Copy link to clipboard

Copied

Thank you Ben.  I'm not sure I understand a lot of it so far but I will endeavour to figure it out over the weekend.

Mine was a paid certificate organized by my site host. I checked with them, they have uploaded the certificate and they told me I have a Windows server. Does that make any difference to the ,htaccess file that I must write please?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 15, 2018 0
Adobe Community Professional ,
Mar 15, 2018

Copy link to clipboard

Copied

In that case you cannot use .htaccess, for Windows you will need a file called web.config.

Having said that, your Parallels Panel will probably negate having to use web.config. In the panel, go to IIS Settings

and tick the Require SSL box

As far as I can see and judging by the info that you have supplied, this is all you have to do.


Ben

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 15, 2018 0
New Here ,
Mar 15, 2018

Copy link to clipboard

Copied

At the risk of sounding even dumber where do I find this colourful panel that you have included in your two replies please?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 15, 2018 0
Adobe Community Professional ,
Mar 15, 2018

Copy link to clipboard

Copied

When you log into your hosting account, you should be confronted with said panel. Who is your web host?


Ben

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 15, 2018 0
New Here ,
Mar 16, 2018

Copy link to clipboard

Copied

I ended up ringing my host company.  The fellow I spoke to said there is no setting (per se ) for IIS/with a box to check for SSL.

He has done something his end which now results in my website showing up as https://www....... but the information thingee at the side of it says the "site is not fully secure'. The man I spoke to said I now need to go through the whole website and put an 's" at the end of every single http which is a very daunting task because there are so many links.

I had hoped there was an easier way to do this. What do you think please?  My host is a company called Westnet.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
LEGEND ,
Mar 16, 2018

Copy link to clipboard

Copied

jeanmorrison  wrote

I ended up ringing my host company.  The fellow I spoke to said there is no setting (per se ) for IIS/with a box to check for SSL.

He has done something his end which now results in my website showing up as https://www....... but the information thingee at the side of it says the "site is not fully secure'. The man I spoke to said I now need to go through the whole website and put an 's" at the end of every single http which is a very daunting task because there are so many links.

I had hoped there was an easier way to do this. What do you think please?  My host is a company called Westnet.

I've just gone through the same process for one of my clients sites and yes its a pain in the backside changing the links. You can do a sitewide find and replace. Find http:// replace with https://

It was much quicker and easier than I thought. The certificate was already set up by the hosting company, which of course helped.

I would back-up your site-folder before you carry out any updates just incase anything goes wrong, then you have a 'clean' folder to work from again.

Once you have changed your links from http:// to https:// then upload your updated files to your server.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
Adobe Community Professional ,
Mar 16, 2018

Copy link to clipboard

Copied

Create a file in the same directory as your home page (root directory) called web.config. In that file, place the following contents

<configuration>

<system.webServer>

<rewrite>

  <rules>

  <rule name="HTTP to HTTPS redirect" stopProcessing="true">

  <match url="(.*)" />

  <conditions>

  <add input="{HTTPS}" pattern="off" ignoreCase="true" />

  </conditions>

  <action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />

  </rule>

  </rules>

</rewrite>

</system.webServer>

</configuration>

This will save you having to rename all of your links.


Ben

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
New Here ,
Mar 16, 2018

Copy link to clipboard

Copied

Thanks to both of you. So, I copy the code, substitute my (new) url into line 10 and save it, maybe in notepad, as web.config and then upload it. Hopefully I can manage that.

it's 7 pm here so I'll do this tomorrow with a fresh mind to the job. I'll report back my success.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
LEGEND ,
Mar 16, 2018

Copy link to clipboard

Copied

jeanmorrison  wrote

Thanks to both of you. So, I copy the code, substitute my (new) url into line 10 and save it, maybe in notepad, as web.config and then upload it. Hopefully I can manage that.

it's 7 pm here so I'll do this tomorrow with a fresh mind to the job. I'll report back my success.

Personally Id rather have the correct code in my actual pages rather than using Bens method but if it works, then it works. I do things properly, others just paper over the cracks and hope the cracks dont start to show.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
Adobe Community Professional ,
Mar 16, 2018

Copy link to clipboard

Copied

jeanmorrison  wrote

it's 7 pm here so I'll do this tomorrow with a fresh mind to the job. I'll report back my success.

Perth by any chance?


Ben

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
Adobe Community Professional ,
Mar 16, 2018

Copy link to clipboard

Copied

osgood_  wrote

Personally Id rather have the correct code in my actual pages rather than using Bens method but if it works, then it works. I do things properly, others just paper over the cracks and hope the cracks dont start to show.

What happens when you Google the site, before Google has caught up with the change, and it sends you to HTTP instead of HTTPS? Do you call that proper?

Edit: Adding the redirect using web.config, will give you time to change the code as @osgood_ suggested. Even if you miss a few links, web.config will catch those. I'd hate to think that this is not classified as proper coding as suggested by the ill-informed.


Ben

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
LEGEND ,
Mar 16, 2018

Copy link to clipboard

Copied

BenPleysier  wrote

osgood_   wrote

Personally Id rather have the correct code in my actual pages rather than using Bens method but if it works, then it works. I do things properly, others just paper over the cracks and hope the cracks dont start to show.

What happens when you Google the site, before Google has caught up with the change, and it sends you to HTTP instead of HTTPS? Do you call that proper?

Edit: Adding the redirect using web.config, will give you time to change the code as @osgood_ suggested. Even if you miss a few links, web.config will catch those. I'd hate to think that this is not classified as proper coding as suggested by the ill-informed.

Was you NOT suggesting to leave the http:// links in the pages as they were, nothing about Google caching the pages which would also need to be addressed. Rather than go about it half-assed as you always seem to do, do it properly.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
New Here ,
Mar 16, 2018

Copy link to clipboard

Copied

I see your post said you copied the file provided by BenPleysier - Your pages still aren't secure and they won't be because its a redirect. You still need to fix the mixed content issue. A redirect will not fix this. 

You need to change your links, images and css file yourself to https.

Your site still shows this

<link rel="stylesheet" type="text/css" href="style.css" />

instead of this

<link rel="stylesheet" type="text/css" href=" https://www.heritageceilings.com.au/style.css" />

If you have CS5 you should have the find and replace feature. If you don't know how to use it, see this link. Please make a backup of your site first.

Once you've changed your links, scan using Screaming Frog for broken links and insecure content.

If you don't want to change the urls over, then don't change your site to SSL. Its one or the other, not both.

1 - Change urls / images and css to use absolute links - eg. http://www.mysite.com/page/ instead of <a href="../../page/">

2 - Find and replace http://www.mysite.com/ and replace with https://www.mysite.com/

3 - Add http to https rewrites in .htaccess file (basically what Ben was trying to tell you to do but different)- make sure to include either www or non-www rewrite.

4 - scan site to check for broken links / insecure content

5 - request sites that link to you also change to https. Most will have no problem.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
Adobe Community Professional ,
Mar 16, 2018

Copy link to clipboard

Copied

Have a look at the code at bunchokids.org. I have done none of what you are saying.


Ben

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
LEGEND ,
Mar 16, 2018

Copy link to clipboard

Copied

Actually you can have external links in your website as http:// (to other wesbites as you can't do anything about them.) So if you do a replace and find you would most likely need to watch that youre not changing links to ones which dont exist). Its all your internal links that need to be https://

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
New Here ,
Mar 16, 2018

Copy link to clipboard

Copied

Yes and your site is indexed in google using both https and no https. Image attached.

Google site:bunchokids.org

Screen Shot 2018-03-16 at 9.33.15 AM.png

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
Adobe Community Professional ,
Mar 16, 2018

Copy link to clipboard

Copied

Could you please explain the "why" for your first list item?

I have routinely observed the opposite of that advice given to those moving from http to https in a multitude of forums and articles. And from my own development of secure sites, I have never seen a security-based reason for converting from document relative to absolute paths for image and page links within the same site.

I'm curious to see if there is some other valid reasoning I've been missing for doing that.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
Adobe Community Professional ,
Mar 16, 2018

Copy link to clipboard

Copied

Correct and it will stay that way until Google has finished doing the updates. The site was changed about a week ago to accommodate the secure socket layer (SSL)

Edit: All the more reason for using the redirect.


Ben

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
New Here ,
Mar 16, 2018

Copy link to clipboard

Copied

OP could use a protocol relative url. I am referring to his file path as <a href="filename.php"> Regardless of which method OP uses, OP's links still need to be updated.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
Adobe Community Professional ,
Mar 16, 2018

Copy link to clipboard

Copied

kaus1979  wrote

...

1 - Change urls / images and css to use absolute links - eg. http://www.mysite.com/page/ instead of <a href="../../page/">

2 - Find and replace http://www.mysite.com/ and replace with https://www.mysite.com/

3 - Add http to https rewrites in .htaccess file (basically what Ben was trying to tell you to do but different)- make sure to include either www or non-www rewrite.

4 - scan site to check for broken links / insecure content

5 - request sites that link to you also change to https. Most will have no problem.


I'm sorry, I guess I missed the non-numbered items in your list. I'm looking the "why" of #1 on your list of 5 specifically.

What is the reasoning behind changing document relative paths to absolute paths within your secure site?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
New Here ,
Mar 16, 2018

Copy link to clipboard

Copied

I've always used absolute to prevent duplicate content issues.

Absolute specifies the exact url you want indexed. A relative url does not. With a relative url you have multiple versions of your website available. Rewrite rules help but for https, I would rather ensure that the correct protocol is served to avoid any possibility of canonicalization issues.

WP sites will also add a canonical tag in the header. This is another solution as it specifically states what the correct url is.

Here's a good link on the topic

Should I Use Relative or Absolute URLs? - Whiteboard Friday - Moz

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
New Here ,
Mar 16, 2018

Copy link to clipboard

Copied

Darn, now there is a lot of stuff going on here today so I won't be able to start tackling this issue till tomorrow.

Ben I'm in the same time zone as Perth but i live two hours south of Perth.

kaus1979 I don't have an .htaccess file. I think this may be because I have a Windows server. Would this be right?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
Adobe Community Professional ,
Mar 16, 2018

Copy link to clipboard

Copied

I had another look at your site and it is nicely redirected to HTTPS, so in that area there is no need to worry about that, i.e. .htaccess (unix) or web.config (windows)

The problem is contained in this notice

The reason why the site is not fully secure is because the site uses absolute paths that point to HTTP as in

<p class="page-top-links"><a href="http://www.heritageceilings.com.au/index.php" title="Pressed tin budget priced walls, ceilings and splashbacks">Home</a></p>

There are two ways to overcome the issue, namely

  1. change http to https
  2. change the absolute path to a relative path, i.e. remove the part in red

The difference between absolute paths and relative paths is entirely a choice of the web developer. The advantage that a relative path has is that you would not have had to change anything in your document for the site to be fully secure. Some argue that absolute paths are better for SEO, but nothing is further from the truth.

As osgood_ has stated, you can do a search and replace on the whole site to make the changes.

osgood_ I see that you made mention of the fact that I suggested keeping http instead of changing to https. It was quite late at night after a hard day's toil and I did not understand what you were saying. I have always used relative paths so I did not think that there were those that used absolute paths. I did not have to change anything in my documents to get the full security working. To keep a document portable it is always best to use relative paths.


Ben

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 16, 2018 0
New Here ,
Mar 17, 2018

Copy link to clipboard

Copied

So, plan of action is to save a copy of the website and keep it elsewhere on my computer in case it is needed. Then make a decision on whether to make everything an absolute path or a relative path.  Proceed to change everything over making sure not to make changes to  links to other folks websites by accident. I think I'll use Find and Replace on each page after I've checked for any links to outside websites.

I just went to make a minor change on my website and found I can't upload anything at all. I've got to get this issue sorted out first before I make any changes.

Can

I'm guessing something needs updating on the host's end?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 17, 2018 0
Adobe Community Professional ,
Mar 17, 2018

Copy link to clipboard

Copied

Your server now requires SSL/TLS to function, this is assuming that the login details and the FTP Address is the same as before.

Try the following settings

junk.png


Ben

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 17, 2018 0
New Here ,
Mar 17, 2018

Copy link to clipboard

Copied

Thanks Ben.  Under the heading "Connect Using" my choices might be worded a bit differently to yours.  I have one that is SFTP.  Do you think that sounds like it? Otherwise the other options are FTP (current setting), Local/Network, WebDAV or RDS.

The part below "Root Directory" I'll have to check with my host because I don't have any Authentication options.

Under "More Options" I already have Use Passive FTP checked so nothing to change there.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 17, 2018 0
New Here ,
Mar 17, 2018

Copy link to clipboard

Copied

Just rang my host to find out why I don't seem to have an option to connect as suggested. Guy I spoke to cannot understand why I'm on a Windows server when it would be better to be on a Linux server. He is going to swap over my other (non business) site first and if that works successfully then he will swap over the Heritage Ceilings website. He is talking about him inserting some script his end that will save me having to update my whole site. Hopefully this is a good idea because I don't have enough knowledge to know otherwise.  Even if he inserts some script his end I think I will still plod through my site and make the changes my end as well.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 17, 2018 0
New Here ,
Mar 20, 2018

Copy link to clipboard

Copied

Finally my website is secure.  I had a few issues with my host but they all got resolved. I've been through the whole website and found and replaced everything (or at least I think I've found everything).

I want to thank everyone on this forum who has helped me so much. Particular thanks go to BenPleysier and osgood_.

Thanks a million guys.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 20, 2018 0
osgood_ LATEST
LEGEND ,
Mar 20, 2018

Copy link to clipboard

Copied

jeanmorrison  wrote

Finally my website is secure.  I had a few issues with my host but they all got resolved. I've been through the whole website and found and replaced everything (or at least I think I've found everything).

I want to thank everyone on this forum who has helped me so much. Particular thanks go to BenPleysier and osgood_.

Thanks a million guys.

Great news, glad you got it sorted.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 20, 2018 0