Jump to content

Recommended Posts

Let's say that I have domain called www.mydomain.com with SSL certificate. Through .htaccess I have set up the domain to force SSL at all times, so users will see https://www.mydomain.com/... I had this site and SSL for while and there are serveral external links linking to my site, but they are all (or most) in "SSL format" https://www.mydomain.com/... If I should cancel my SSL certificate (and remove force SSL in .htaccess) that will happen when those "SSL formatted" links get clicked on? I assume users will get "not trusted connection" message? Any way arround that? As far as I undersestand the "SSL" handshake takes place before .htaccess gets loaded, so I will not be able to force SSL off on the links.

 

Thoughts?

Edited by pioneerx01

The first question is why you want to stop supporting HTTPS. It will be a lot of trouble for you, it will be a lot of trouble for your users, and it's less security for everybody.

 

Is money the problem? You can get a free certificate from StartCom. If you need more features (like multiple domains), there are still a lot of CAs with reasonable prices.

 

No, you can't just go back to HTTP once the client makes an HTTPS request. That's the whole point of HTTPS. If there's anything wrong with the connection, your users will get an error. You can only choose between different errors:

  • You may close port 443 entirely, in which case all HTTPS requests will fail. Smart users will try plain HTTP on port 80, inexperienced users will think the entire site is dead.
  • You may keep using the expired certificate, which will lead to big red warnings. Some users will simply ignore the warnings, others will leave the site.
  • You may issue your own certificate and use it instead of your current one. This also leads to warnings, but it's more reasonable than using an invalid certificate. Experienced users will understand the difference.

Either way, there will be errors and confusion, and you may lose a lot of users.

Edited by Jacques1
  • 2 weeks later...

You would probably be in trouble if you have built the site with absolute paths... then thay would all not be working as you would not be using http instead of https :-P

 

But keep a SSL certificate i definitly a good idea, as Google will soon incorporate it in their search algoritm and rank sites higher that has full SSL protection :D

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.