Setting SSL

Started by jina, Jun 20, 2022, 02:19 AM

Previous topic - Next topic

jinaTopic starter

I conducted some SSL research and have a couple of inquiries. Do I require a separate IP address for SSL purposes? Is it possible to utilize both secured and unsecured connections using the same domain/IP address (http versus https)?

Thank you in advance!
  •  

Movut

There is a website called https://www.startssl.com where you can acquire legitimate SSL certificates for free, and these certificates are compatible with all of the popular web browsers.
  •  

diy05

Obtaining a dedicated IP will require an expense exceeding $24 per year. Therefore, if you plan to set up your own SSL on your website, it is recommended to have at least $50 available. Keep in mind that free SSL certificates typically only offer extensions ranging from 30 to 90 days.
  •  

organictextiles

To set up a website to function over the HTTPS protocol after installing the SSL certificate, it's necessary to configure secure connections for all site elements and pages. Firstly, the website must be redirected to the secure HTTPS protocol by adding the following directives to the beginning of the file .htaccess:

RewriteEngine on
SetEnvIf X-Forwarded-Proto https SERVER_PORT=443
SetEnvIf X-Forwarded-Proto https HTTPS=on
RewriteCond %{HTTP:HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

In addition, all links on the site must be checked for explicit usage of the HTTP protocol, as connection through an insecure protocol will result in an untrusted connection displayed in the address bar. If there are elements available only through the HTTP protocol, the links to them should be changed to relative or explicitly specify the use of HTTPS. External resource links require updates as well.

It is also essential to ensure that the web site where the element is located has a valid SSL certificate. The HSTS mechanism can be included by adding a directive to the file .htaccess:

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

To rank highly on Google, HTTP addresses should be redirected to an HTTPS page or resource using 301 redirection on the server side. It's highly suggested to use relative URLs for resources located on the same domain, which reduces the likelihood of errors during local web site development. Protocol-similar URLs should be used for other domains or web site links should be updated to directly link to the HTTPS resource.
  •  

rcbeatrice

In the past, SSL certificates required a dedicated IP address due to the nature of how the SSL handshake process worked at the server level. Each SSL certificate was bound to a unique IP address, and this posed limitations, particularly in shared hosting environments where multiple websites shared one IP address. However, with the introduction of SNI (Server Name Indication), the need for a separate IP address for each SSL certificate has been mitigated. SNI allows the server to present multiple certificates on the same IP address, enabling hosting providers to allocate SSL certificates to individual websites sharing the same IP address. It's important to note that while SNI has become widely supported, there are still some older systems, particularly outdated browsers, that do not fully support it. Therefore, it's essential to consider your target audience and their technology capabilities when deciding whether to rely on SNI for SSL deployment.

Now, onto the second inquiry. Yes, it is possible to serve both secured (https) and unsecured (http) connections using the same domain/IP address. However, from a security best practices standpoint, it's strongly recommended to enforce HTTPS across your entire website. This can be achieved through server configurations, such as redirecting all HTTP traffic to HTTPS. By doing so, you ensure that all data transmitted between the client and the server is encrypted and secure. It also helps in avoiding mixed content issues, where a secure page includes non-secure resources, potentially compromising the security of the entire page.

While the need for a separate IP address for SSL has evolved with the introduction of SNI, the best approach for modern web development is to prioritize HTTPS across the entire website for enhanced security and data integrity. This not only aligns with industry best practices but also contributes to a safer and more trustworthy online experience for users.
  •