service:ssl
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
service:ssl [2012/11/29 22:45] – superwizard | service:ssl [2018/06/17 04:32] (current) – superwizard | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Testing ssl ====== | ||
+ | |||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | SSL Server Test | ||
+ | This free online service performs a deep analysis of the configuration of any SSL | ||
+ | web server on the public Internet. Please note that the information you submit here | ||
+ | is used only to provide you the service. We don't use the domain names or the test | ||
+ | results, and we never will. | ||
+ | </ | ||
+ | |||
+ | Also: https:// | ||
+ | |||
+ | ====== Purchase ssl certificate ====== | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | |||
+ | |||
+ | Single-domain SSL | ||
+ | Multi-domain SSL | ||
+ | Wildcard SSL | ||
+ | |||
+ | Comodo SSL Certificates | ||
+ | |||
+ | Domain validation | ||
+ | Organization validation | ||
+ | Extended (EV) validation | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | ====== Install SSL Certificate for Drupal on Godaddy ====== | ||
+ | |||
+ | From: godaddy.com | ||
+ | |||
+ | < | ||
+ | SSL Class 1 purchased from Godaddy they setup | ||
+ | had to verify website through creation of TXT file | ||
+ | |||
+ | Change of htaccess file to alter all http to https | ||
+ | </ | ||
+ | |||
====== StartCom ====== | ====== StartCom ====== | ||
http:// | http:// | ||
- | Free Clas 1 (personal) SSL Certificates. | + | Free Class 1 (personal) SSL Certificates. |
Trustedness | Trustedness | ||
Line 20: | Line 66: | ||
You must install the intermediate and primary certificates to your Microsoft® IIS 6 Web server to complete installation. | You must install the intermediate and primary certificates to your Microsoft® IIS 6 Web server to complete installation. | ||
+ | ====== After installing SSL Certificate and verifying ownership for Godaddy Drupal website ====== | ||
+ | |||
+ | Had to modify htaccess | ||
+ | Per Godaddy instruction and Drupal help sites | ||
+ | |||
+ | Plus had to search for http references and change to https | ||
+ | found two css references to fonts using http | ||
+ | changed and formatting problems disappeared | ||
+ | |||
+ | This repaired the display problems on website with http changed to https (Drupal site) | ||
+ | |||
+ | < | ||
+ | |||
+ | < | ||
+ | RewriteEngine on | ||
+ | # Set " | ||
+ | # if you enable " | ||
+ | # you don't bounce between http and https. | ||
+ | # RewriteRule ^ - [E=protossl] | ||
+ | # RewriteCond %{HTTPS} on | ||
+ | # RewriteRule ^ - [E=protossl: | ||
+ | RewriteCond %{HTTPS} off | ||
+ | RewriteRule ^(.*)$ https:// | ||
+ | |||
+ | L= last | ||
+ | R= type of rewrite | ||
+ | NE= By default, special characters, such as & and ?, for example, will be converted to | ||
+ | their hexcode equivalent. Using the [NE] flag prevents that from happening. | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | < | ||
+ | up vote5down voteaccepted If you have enabled SSL it may happen that some browsers may block the resources that are not using the https:// in their url. | ||
+ | While Chrome and firefox manage to work fine in some cases. But IE does give a strange behaviour. | ||
+ | I would suggest you to please cross check if any external scripts or images or styles that you are using in you website uses the http:// in their urls. If any please change them to use https:// | ||
+ | It may not be the exact cause of your problem but since i faced this problem in one of my sites, I am suggesting this option. | ||
+ | shareimprove this answer | ||
+ | answered Dec 30 '13 at 8:09 | ||
+ | Sudheesh Damodaran | ||
+ | 23114 | ||
+ | 1 | ||
+ | Thank you! That was precisely the problem. I was pulling in some fonts from fonts.googleapis.com. Changing that to " | ||
+ | |||
+ | From < | ||
+ | |||
+ | Finally, after a lot of tests | ||
+ | selinav commented 2 months ago | ||
+ | Finally, after a lot of tests, the code below works. | ||
+ | As Bairnfather says, | ||
+ | < | ||
+ | RewriteEngine on | ||
+ | # Set " | ||
+ | # if you enable " | ||
+ | # you don't bounce between http and https. | ||
+ | # RewriteRule ^ - [E=protossl] | ||
+ | # RewriteCond %{HTTPS} on | ||
+ | # RewriteRule ^ - [E=protossl: | ||
+ | RewriteCond %{HTTPS} off | ||
+ | RewriteCond %{HTTP: | ||
+ | RewriteRule ^(.*)$ https:// | ||
+ | | ||
+ | RewriteCond %{HTTP_HOST} ^mydomain.com$ | ||
+ | RewriteRule ^(.*) | ||
+ | | ||
+ | # Make sure Authorization HTTP header is available to PHP | ||
+ | # even when running as CGI or FastCGI. | ||
+ | RewriteRule ^ - [E=HTTP_AUTHORIZATION: | ||
+ | # Block access to " | ||
+ | # includes directories used by version control systems such as Subversion or | ||
+ | # Git to store control files. Files whose names begin with a period, as well | ||
+ | # as the control files used by CVS, are protected by the FilesMatch directive | ||
+ | # above. | ||
+ | # | ||
+ | # NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, | ||
+ | # not possible to block access to entire directories from .htaccess, because | ||
+ | # < | ||
+ | # | ||
+ | # If you do not have mod_rewrite installed, you should remove these | ||
+ | # directories from your webroot or otherwise protect them from being | ||
+ | # downloaded. | ||
+ | RewriteRule " | ||
+ | # | ||
+ | RewriteCond %{HTTP_HOST} ^mydomain.fr$ | ||
+ | RewriteRule ^(.*) https:// | ||
+ | |||
+ | # | ||
+ | RewriteCond %{HTTP_HOST} ^blog.mydomain.com$ | ||
+ | RewriteRule ^(.*) https:// | ||
+ | RewriteCond %{HTTP_HOST} ^www.mydomain.fr$ | ||
+ | RewriteRule ^(.*) https:// | ||
+ | RewriteCond %{HTTP_HOST} ^mydomain.fr$ | ||
+ | RewriteRule ^(.*) https:// | ||
+ | Thanks a lot | ||
+ | |||
+ | From < | ||
+ | |||
+ | HSTS & Redirection within .htaccess | ||
+ | Bairnsfather commented 2 months ago | ||
+ | Here's what I did that seems to work for D7 & D8 (specifically as of 7.54 & 8.3.1 on Apache 2.4.5 with php 5.6.30) using the stock .htaccess file with only the modifications mentioned below. In simple terms, the Strict-Transport-Security line will not initially redirect traffic from http to https. (That line is not seen on http requests and older browsers don't understand it.) Thus the interest in redirection with a RewriteRule; | ||
+ | First, make sure you have your server available via https and your certificate includes all subdomains you use. Max-age is in seconds, customize it for your needs, and be sure to read (at least) https:// | ||
+ | Below the lines: | ||
+ | # Various rewrite rules. | ||
+ | < | ||
+ | RewriteEngine on | ||
+ | paste in | ||
+ | # Take advantage of HSTS if it's available & the request was over https. | ||
+ | Header always set Strict-Transport-Security " | ||
+ | # Force all traffic to be https & strip ' | ||
+ | RewriteCond %{HTTP_HOST} ^www\. [NC,OR] | ||
+ | RewriteCond %{HTTPS} off | ||
+ | RewriteCond %{HTTP_HOST} ^(?: | ||
+ | RewriteRule ^ https:// | ||
+ | Then put a # in front of the three lines below to comment them out; it no longer applies since we just forced all traffic to https. The following lines are already in the .htaccess file and just below what you pasted in. | ||
+ | # RewriteRule ^ - [E=protossl] | ||
+ | # RewriteCond %{HTTPS} on | ||
+ | # RewriteRule ^ - [E=protossl: | ||
+ | Also note the HSTS module https:// | ||
+ | Tip - go here to get free certs: | ||
+ | RFC 6797: | ||
+ | You can test things by opening your terminal application and curl -I your domain in various ways to inspect the header. | ||
+ | |||
+ | From < | ||
+ | |||
+ | Order allow,deny syntax | ||
+ | You can see the Order directive used in two ways. | ||
+ | Order allow, | ||
+ | Order allow, | ||
+ | Order deny, allow means that the deny rules are processed before the allow rules. If the client does not match the deny rule or it does match the allow rule, then it will be granted access. | ||
+ | |||
+ | From < | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | AllowOverride Directive | ||
+ | Description: | ||
+ | Syntax: | ||
+ | Default: | ||
+ | Context: | ||
+ | Status: | ||
+ | Module: | ||
+ | When the server finds an .htaccess file (as specified by AccessFileName), | ||
+ | Only available in < | ||
+ | AllowOverride is valid only in < | ||
+ | When this directive is set to None and AllowOverrideList is set to None, | ||
+ | When this directive is set to All, then any directive which has the .htaccess Context is allowed in .htaccess files. | ||
+ | The directive-type can be one of the following groupings of directives. | ||
+ | |||
+ | From < | ||
+ | |||
+ | On Drupal 7, if you want to support mixed-mode HTTPS and HTTP sessions, open up sites/ | ||
+ | |||
+ | From < | ||
+ | |||
+ | |||
+ | |||
+ | For best possible security, set up your site to only use HTTPS, and respond to all HTTP requests with a redirect to your HTTPS site. Drupal 7' | ||
+ | You may want to redirect all traffic from http:// | ||
+ | < | ||
+ | ServerName www.example.com | ||
+ | Redirect "/" | ||
+ | </ | ||
+ | < | ||
+ | ServerName www.example.com | ||
+ | # ... SSL configuration goes here | ||
+ | </ | ||
+ | The use of RewriteRule would be appropriate if you don't have access to the main server configuration file, and are obliged to perform this task in a .htaccess file instead: | ||
+ | RewriteCond %{HTTPS} off [OR] | ||
+ | RewriteCond %{HTTP_HOST} ^www\.example\.com* | ||
+ | RewriteRule ^(.*)$ https:// | ||
+ | There are existing comments in .htaccess that explain how to redirect http:// | ||
+ | |||
+ | From < | ||
+ | |||
+ | </ | ||
service/ssl.1354229123.txt.gz · Last modified: 2012/11/29 22:45 by superwizard