Jump to content
Sign in to follow this  
pioneerx01

What happens when I remove SSL certificate from my domain?

Recommended Posts

Let's say that I have domain called www.mydomain.com with SSL certificate. Through .htaccess I have set up the domain to force SSL at all times, so users will see https://www.mydomain.com/... I had this site and SSL for while and there are serveral external links linking to my site, but they are all (or most) in "SSL format" https://www.mydomain.com/... If I should cancel my SSL certificate (and remove force SSL in .htaccess) that will happen when those "SSL formatted" links get clicked on? I assume users will get "not trusted connection" message? Any way arround that? As far as I undersestand the "SSL" handshake takes place before .htaccess gets loaded, so I will not be able to force SSL off on the links.

 

Thoughts?

Edited by pioneerx01

Share this post


Link to post
Share on other sites

The first question is why you want to stop supporting HTTPS. It will be a lot of trouble for you, it will be a lot of trouble for your users, and it's less security for everybody.

 

Is money the problem? You can get a free certificate from StartCom. If you need more features (like multiple domains), there are still a lot of CAs with reasonable prices.

 

No, you can't just go back to HTTP once the client makes an HTTPS request. That's the whole point of HTTPS. If there's anything wrong with the connection, your users will get an error. You can only choose between different errors:

  • You may close port 443 entirely, in which case all HTTPS requests will fail. Smart users will try plain HTTP on port 80, inexperienced users will think the entire site is dead.
  • You may keep using the expired certificate, which will lead to big red warnings. Some users will simply ignore the warnings, others will leave the site.
  • You may issue your own certificate and use it instead of your current one. This also leads to warnings, but it's more reasonable than using an invalid certificate. Experienced users will understand the difference.

Either way, there will be errors and confusion, and you may lose a lot of users.

Edited by Jacques1

Share this post


Link to post
Share on other sites

You would probably be in trouble if you have built the site with absolute paths... then thay would all not be working as you would not be using http instead of https :-P

 

But keep a SSL certificate i definitly a good idea, as Google will soon incorporate it in their search algoritm and rank sites higher that has full SSL protection :D

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.