Some pages on https

Marco · December 20, 2012, 1:20pm

I’d like to have my contact pages (where visitors submit data to me) to be on a secure page (so with SSL). I’ve looked into SSL and I should be able to by a SSL certificate for my domain. My question is how I am going to make my contact page secure while other pages are just regular pages.

I’ve seen websites that use http://www.companyname.com/whatever.html while their contact page is https://www.companyname.com/contact.html.

On this forum I’ve read that you can only get an SSL certificate for your whole domain. How does this work exactly? Can I use both http and https pages (which I prefer because of speed)? And does this mean that I’ll have to set up a different Freeway document for the secure pages (and files)?

Any help is appreciated!

Regards,
Marco

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

waltd · December 20, 2012, 2:04pm

It is true that you can only apply a secure certificate to a single subdomain, or if you pay more for a “wildcard” certificate, to the entire domain (and any and all subdomains within it). Apache servers can be configured to listen on both ports 80 and 443, and to point both of those virtual servers at the same document root. What becomes incredibly chancy is getting Apache to only accept connections to a single page over port 443 rather than 80. You could probably more easily set up a redirect in a folder, so your contact form might be placed at https://example.com/contact/[index.html] rather than https://example.com/contact.html.

Setting both the secure server and the Apache redirects is not a trivial thing. For one matter, many shared hosting setups will require you to have two separate root folders, which would mean that you would need to maintain two different copies of your site on your server. For another, you will need to make your links into and out of the secure area using “External” URLs in Freeway, rather than the usual automatic page links. This means you will have to type in https://example.com/whatever/ in the Hyperlink dialog, rather than just choosing a page to link to from the popup list.

Modern servers and browsers are very fast at encryption/decryption these days, though, so you might just do what I usually do when I need security, and make the whole site secure. That’s actually a whole lot easier than trying to switch back and forth.

Walter

On Dec 20, 2012, at 8:20 AM, Marco wrote:

I’d like to have my contact pages (where visitors submit data to me) to be on a secure page (so with SSL). I’ve looked into SSL and I should be able to by a SSL certificate for my domain. My question is how I am going to make my contact page secure while other pages are just regular pages.

I’ve seen websites that use http://www.companyname.com/whatever.html while their contact page is https://www.companyname.com/contact.html.

On this forum I’ve read that you can only get an SSL certificate for your whole domain. How does this work exactly? Can I use both http and https pages (which I prefer because of speed)? And does this mean that I’ll have to set up a different Freeway document for the secure pages (and files)?

Any help is appreciated!

Regards,
Marco

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Marco · December 20, 2012, 9:11pm

Many thanks Walter for your explanation. So when I buy an SSL certificate, what I could do is:

Make the whole website secure. That would be the easy way, so I don’t have to bother about creating external links at all. My problem is that some of my product pages are already quite big to load so I’m in doubt whether I should choose this option.
Create a subdomain like secure.mycompany.com and make that subdomain secure. Then I will need to create a separate Freeway document with only the pages in it that I want to be secure. In my ‘main’ document, I’ll add links to the pages on the secure domain.
Create a folder that is secure, however I think I lost you here Walter. How is this exactly done?

Thanks for your help!

Marco

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

waltd · December 20, 2012, 9:27pm

Option 1 is less of a strain on your server and users’ browsers than you might think. This is hands-down the easiest way to do it.

Option 2 is also easy, and you’re right about how to do it. Make all the links into and out of that secure site manually, so you get the https:// on them. All the links within the secure subdomain are relative, so they will automatically be from https to https. The only links you need to make manually are back into your regular non-secure site.

Option 3 will require some clever work with .htaccess files to force-redirect all non-secure links in to the contact folder from http to https. You will also need to hand-configure your Apache server to serve the same folder under http and https – it’s not trivial.

Walter

On Dec 20, 2012, at 4:11 PM, Marco wrote:

Many thanks Walter for your explanation. So when I buy an SSL certificate, what I could do is:

Make the whole website secure. That would be the easy way, so I don’t have to bother about creating external links at all. My problem is that some of my product pages are already quite big to load so I’m in doubt whether I should choose this option.

Create a subdomain like secure.mycompany.com and make that subdomain secure. Then I will need to create a separate Freeway document with only the pages in it that I want to be secure. In my ‘main’ document, I’ll add links to the pages on the secure domain.

Create a folder that is secure, however I think I lost you here Walter. How is this exactly done?

Thanks for your help!

Marco

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Marco · December 21, 2012, 1:47pm

Thanks so much Walter, this helped me a lot!

Marco

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Marco · December 22, 2012, 5:01pm

After giving it some thought, I think option 2 would be the best way to go for me. Some people say that going from http to https with your whole website might have a negative impact on your ranking in the search engines. Even Google can’t guarantee that it will not affect your ranking: Can switching to HTTPS harm ranking? - YouTube

My website ranks really well so I don’t think I will risk that position. Therefore option 2 would be the best bet in my opinion. I thought I’d share this with the FreewayTalk community in case other people are in doubt what they should do.

Marco

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Rustic_Furniture_Out · August 23, 2014, 11:40pm

question… Official Google Webmaster Central Blog: HTTPS as a ranking signal

being not a super user and designer of websites… what does this exactly mean?? do all the pages of a website need to be secure now??? help.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Gary1 · August 24, 2014, 10:47pm

Hi There

This is news to me to be honest. However I would imagine this is a long term strategy.

SSL certificates (https) are used to encrypt sensitive information as it is posted across the internet such as credit card data on an ecommerce site if the checkout is local. This is not applicable to yourself as the cart on Rustic Furniture Outlet is not local (ww6.aitsafe.com) and would be protected at checkout if credit card information is being taken.

In short don’t worry about it, its not an issue at this present time and won’t be for the foreseeable future in my opinion.

If it ever becomes a requirement then just get your hosting company to install a certificate for you, they don’t cost very much these days anyway for the basic requirements.

Hope that puts your mind at rest.

Cheers

Gary

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Rustic_Furniture_Out · August 25, 2014, 12:58am

thanks Gary! I am just desperately trying to understand why my website visits have dropped since Aug 3… do you know anyone who may be able to to help me and guide me?

i have gone from and ave of 130 to i hope i will get 10 today….

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options