: Does https site needs extra configuration after installation of SSL certificate? I recently developed an incentive website for a European bank, and one of the requirements was SSL - the website
I recently developed an incentive website for a European bank, and one of the requirements was SSL - the website displays some personal customer data (though no financial or really sensitive data).
The website is hosted on a shared platform, and I've bought unique IP + Comodo SSL certificate at my webhost, they will take care of the installation.
Next monday the website will be tested by an audit company, so I need to be sure everything is perfectly secured. The web application itself and the server are perfectly secured conforming the requirements (done by a collegue with decent skills) - it's just the SSL that still needs to be installed.
My questions:
Does this require extra configuration in the website source code?
Does this mean the website can not be reached over http, and only over https? My webhost told me I could see the https as an extra feature, and regular http will also remain available. So how can I be sure that all traffic goes over https?
(Sorry for my noob questions - I'm a designer, not a server specialist - and I have absolutely no experience with SSL..)
Thanks!
More posts by @Sent6035632
2 Comments
Sorted by latest first Latest Oldest Best
/etc/rc.d/init.d/iptables
in this add you this line
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
No, no extra configuration is required in the website source code. The HTTPS is handled by the webserver and should be largely transparent to your website codebase. You should though make sure no internal links are hardcoded starting with "http" as they will then (possibly) take the user out of the encrypted transaction. Even if it doesn't those links will possibly raise a security warning if they are for embedded images etc.
It is possible to allow both HTTP and HTTPS access at the same time to the same site. This is a webserver configuration issue and only matters for the website code in that you need to consider the form of absolute links as mentioned above. It is common for sites to have a part of it using HTTP and then require HTTPS for other pars (e.g. log in etc.).
In summary, this is almost entirely a server configuration issue and you shouldn't need to worry about it aside from relative links.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.