[SOLVED] SSL (https://) connections and Apache

[TLawrence]

I'm a complete newbie when it comes to SSL (https://) connections.  I have a client who's trying to setup a secure connection to his website.  When I type in http://www.websitename.com I get his home page.  When I try using SSL, https://www.websitename.com, I get a placeholder page.  I don't know where this page is coming from.  I contacted the hosting company and they told me I need to contact the registrar for the domain name.  I'm lost at this point.  I'm assuming this placeholder page would be somewhere on the hosting server, but where is this page located?  I thought using SSL would be as simple as uploading a page to the "SSL" area of the hosted account (where I thought this placeholder page was coming from), but I don't see any type of directory like this.

 

On the placeholder page, I see the following paragraph:

 

"If you can see this page, then the people who manage this server have installed cPanel and WebHost Manager (WHM) which use the Apache Web server software and the Apache Interface to OpenSSL (mod_ssl) successfully. They now have to add content to this directory and replace this placeholder page, or else point the server at their real content."

 

It seems like my client has SSL installed on the account, but I don't know where to go from here to setup a secure page.  What directory is this paragraph referring to?

 

I wasn't sure what area to post this in.  The site is running off an Apache server, so I thought I'd start in this forum.

 

Can someone point me in the right direction or at least educate me a little more on setting up and using SSL pages?  I'm just trying to make a simple link from the unsecure area of the website to the secured area so users can fill in personal information to submit.

 

Thanks in advance.

[PFMaBiSmAd]

You are correct that the placeholder page is on the web host and the person at the hosting company who responded to you either did not understand what you asked or was not qualified to answer the question. I am guessing that as soon as you mentioned "placeholder" that the person thought "domain parked page", which would be something at the registrar when no host's name server has been entered into the domain record.

 

Once the host's name server(s) has(have) been entered into your domain record at the registrar, that ends the involvement of the domain registrar in the process. This causes any reference to the domain name (http/https, with www. or any other hostname/subdomain or without www.) to be directed to the host's name servers to provide the proper IP address.

 

The https request is either resolving to a global default page, in which case a folder within the domain's account space needs to be setup and the configuration changed to point to it, or the https request is resolving to an existing folder within the domain's account space and you simply need to find where that is.

 

For the first case, it might be possible for you to do this through the control panel, i.e. specific a folder that the https request resolves to, but more likely the web host needs to do this at a higher access level than an account control panel would have.

 

For the second case, use the control panel's file/folder browser to see what you can find. The folder is typically outside the http document root (closer to the disk's root folder.)

[TLawrence]

I have a feeling it was a little of both when I talked with the hosting company.  I think he knew I wasn't talking about the standard domain "parked" page, but he didn't have any idea how to assist me past that.  So my assumption is correct that it should be a simple task?  Typically, when you setup a domain name, should you automatically have SSL (https://) available for that domain? When I try using https:// with my personal website, I get an error...the page doesn't exist, so I'm thinking there's additional steps that need to be taken.

 

Also, is it possible that the SSL certificate is not set up through the domain registrar?  The domain is registered through godaddy.com.  I looked at the domain account and it looks like a SSL certificate may not yet exist (I'm still waiting to hear back from godaddy to clarify this).  If this is the case, could that cause the redirection using https://?  I don't know if you're familiar with godaddy accounts, but it looks like credits exist to put toward a certificate, but I'm not sure if an actual certificate exists yet.  I don't know the process godaddy uses to create SSL certificates.  Hopefully they'll get back to me soon so I have a better idea.

 

I've been doing some research since I posted my question.  Can I bounce a few more questions off of you?  Whether you're using http:// or https://, these both point to the same directory, correct?  They are two different protocols, but the files being accessed are one in the same?  https:// is just another layer used between the page request and response, but both are directed to the same set of files that make up the website. (correct?)

[TLawrence]

BTW, regarding the second case you mentioned, I looked high and low through the directory structure and didn't find anything relating to the index.html page I'm seeing when I try https://.

[PFMaBiSmAd]

The folder structure that a https request resolves to can be the same as that for a http request or it can be completely different. There is no set rule.