Tag Archives: HTTPS

System Engineering

How To Redirect HTTP URLs to HTTPS Via .htaccesss File?

Leave a comment

After the SSL is installed on your domain name, you will need to redirect all non-secure HTTP links to their secure HTTPS connection for several important reasons.

For any website to work over SSL, there are some modifications you will need to make to your .htaccess file, and then it will redirect your visitors to the HTTPS version of your website. To start with the process of HTTP redirection simply login to your Sangkrit.net account and follow these steps:

  1. Go to your product page.
  2. Under the Server, click Manage for cPanel
  3. In the Account Dashboard, click File Manager.
  4. In the cPanel File Manager, click Settings.
  5. Make sure that Show Hidden Files (dotfiles) is checked, and click Save.
  6. Click on public_html, and open your .htaccess if you already have one. If not, click File+, name the file .htaccess and click Create New File.
  7. Select the .htaccess file, and click Edit.
    • If you just created your .htaccess file, use this code:
      RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{HTTP_HOST} ^(www\.)?coolexample\.com RewriteRule ^(.*)$ https://www.coolexample.com/$1 [R,L]
    • If your .htaccess file already exists, insert the lines that begin with ReWriteCond and RewriteRule directly after the already existing ReWriteEngine On.
    • Click Save Changes and Close. 

That’s it. Visit your website and you’ll be re-directed to the HTTPS version.

How To Redirect HTTP To HTTPS In WordPress?

  1. Log into your WordPress Dashboard.
  2. Visit Settings, click General.
  3. Locate the following fields:
    • WordPress Address (URL)
    • Site Address (URL)
  4. In each field, update your URLs from http to https
  5. Scroll down and click Save Changes.
  6. Open your current .htaccess file in the /public_html/ folder with the cPanel file manager for editing. If you don’t already have a .htaccess file, you’ll need to create one.
  7. Insert the following code at the top of your .htaccess file:
  8. Click Save Changes at the top-right corner of the screen.

In some cases, you will need to edit your .htaccess file, if you don’t want that then use a WordPress plugin like Really Simple SSL. This saves you from the technical steps edit file editing on the server.

System Engineering

Wildcard & Multi-Domain SSL Certificates: Which One Do You Need?

Leave a comment

A Wildcard SSL Certificate and a Multi-Domain SSL Certificate (SAN or Subject Alternative Name certificate) allow you to secure multiple websites or subdomains under a single certificate. Here’s an explanation of each.

Wildcard SSL Certificate

A Wildcard SSL certificate is designed to secure a domain and all its subdomains.

For example, if you have a Wildcard SSL for *.example.com, it will secure the main domain, example.com, as well as any subdomains such as blog.example.com, shop.example.com, and other subdomains like mail.example.com. This makes it ideal for businesses or website owners managing several subdomains under one domain, ensuring that all of them are encrypted without needing separate certificates.

Multi-Domain SSL Certificate (SAN Certificate)

A Multi-Domain SSL, or SAN SSL, is meant to secure multiple distinct domain names within a single certificate. It can cover different domains, subdomains, or even various domain extensions.

For example, one SAN certificate could secure example.com, example.net, shop.example.org, and anotherdomain.com. This type of SSL is useful for businesses or individuals managing multiple domains or websites, allowing them to secure each domain or subdomain without purchasing separate SSL certificates.

The main difference between the two is that Wildcard SSL focuses on securing all subdomains of a single domain, whereas Multi-Domain SSL allows for securing multiple different domains and subdomains with one certificate.

Another important thing you should know is that all multi-domain SSL certificates are wild-card compatible but not all wild-card certificates are multi-domain compatible so choose wisely.

Benefits of These SSL Certificates

Both Wildcard and Multi-Domain SSL certificates are cost-effective, reducing the need to purchase and manage multiple certificates. They also simplify the management process, as you only need to handle one certificate instead of several, especially when it comes to renewals.

Apart from this, both certificate types ensure that all domains and subdomains under the certificate are encrypted and secure, enhancing the security of your web presence.

Whether you need to secure multiple subdomains or entirely different domain names, Wildcard and Multi-Domain SSL certificates offer convenient and flexible solutions to ensure that your websites remain secure.

Which SSL Do You Need?

The choice between the two comes down to whether you’re primarily securing subdomains of a single domain or need to cover multiple domains. If your focus is securing multiple subdomains under one main domain, a Wildcard SSL is the best fit.

However, if you need to secure entirely different domains, then a Multi-Domain SSL is the solution. Both options offer robust security but are tailored for different needs. You can easily subscribe to your choice of SSL certificate from here.

System Engineering

Reasons Why Your Website Displays ‘Not Secure’ SSL Warning

Leave a comment

A “Not Secure” warning on your website typically appears when the website does not have an SSL, the SSL is invalid, or is not properly configured. This lesson lists various reasons why your website may show such types of warnings on certain web browsers.

You Have No SSL Certificate

If you have not yet subscribed to an SSL certificate and your website is using HTTP instead of HTTPS then most browsers will show a “Not Secure” warning on your website. The main reason behind this is HTTP connections are not encrypted, leaving data vulnerable to interception.

How To Fix It? Subscribe and install an SSL certificate on your website.

Your SSL Certificate Is Expired

If your SSL certificate has expired, the browser will treat the website as insecure and show the warning, even though you had HTTPS enabled before.

How To Fix It? Renew expired SSL certificates promptly.

Mismatched Domain SSL Certificate

If your SSL certificate is not properly configured to match your domain (e.g., you installed the certificate for example.com but visitors are accessing www.example.com), a warning will be triggered.

How To Fix It? You may either subscribe to a multi-domain wildcard SSL certificate or force all traffic to the correct version of your website and set up a redirect using .htaccess or server configuration.

If you realize that your SSL certificate was issued for the wrong version of your domain, request a reissue from your Certificate Authority (CA).

Mixed Content

Even if your site uses HTTPS, if some elements like images, scripts, or stylesheets are loaded over HTTP, browsers will show a “Not Secure” warning due to the mixed content.

How To Fix It? Ensure all links, images, and scripts on the site are loaded over HTTPS to avoid mixed content warnings. Use a plugin such as Really Simple SSL to fix insecure content warnings.

Untrusted Certificate Authority (CA)

If your SSL certificate was issued by a Certificate Authority (CA) that is not trusted by major browsers, or if it’s self-signed, the website will be flagged as “Not Secure.”

How To Fix It? Subscribe your SSL certificate from a trusted authority.

Domains, System Engineering

How To Enforce HTTPS (SSL) URLs On Your Website?

Leave a comment

SSL securely transforms data from the client to the server by adding encryptions. Before it was used to protect transactions and customer data, but now it has become Google’s official Internet ranking factor.

Once you subscribe and install SSL on your website, the website starts using both HTTP and HTTPS URLs which means visitors landing on HTTP from old links such as old search archives or links on other websites will continue to land on HTTP. Whereas visitors using the new HTTPS will get HTTPS. Here you will need to make sure that all visitors must land on secure HTTPS URLs of your website and that can only be done by enforcing SSL all over your website.

To force your website to use HTTPS on all links you will need to redirect HTTP to HTTPS and there are various methods of doing this.

Redirecting HTTP To HTTPS Via cPanel

  1. Simply log in to your hosting account and open cPanel.
  2. In cPanel, navigate to ‘Domains’ and toggle the “Force HTTPS Redirect” option for your domain.

Redirecting HTTP To HTTPS Via .htaccess File

Another way of enforcing SSL is by adding a few lines of code in .htaccess file which is located in the root directory of your website.

  1. Log in to your hosting account and open cPanel.
  2. Navigate to cPanel -> File Manager
  3. Open Public_HTML and then the directory where your website is located. If your website is on the main domain i.e. yourdomain.com then it would be located in the Public_HTML directory itself.
  4. Add the following code and save the file.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Or, for forcing SSL over one specific domain name use this code:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.url.com/$1 [R,L]

Or, for forcing SSL over some such as domain.com/subdir. First, create a new .htaccess file in that specific directory and then add the following code:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} subdir
RewriteRule ^(.*)$ https://www.url.com/subdir/$1 [R,L]

If you see some existing code in your .htacess file then add these lines on the top where rules start with similar prefixes.

By default .htaccess is kept as a hidden file so if don’t find it on your cPanel hosting’s file manager then click the ‘Settings’ icon (visible on the top right corner of the file manager) and tick ‘Display hidden files’ option.

And if you don’t find any .htaccess file in the file manager then probably your website is not using such .htaccess file. In that case, simply create one by naming it .htaccess and then open it for editing.

Don’t forget to change domain.com with your own domain name and SUBDIR with the name of the sub directory where you want to force an HTTPS connection.

Redirecting HTTP to HTTPS In WordPress

WordPress users may simply use a plugin called Easy HTTPS Redirection (SSL). The plugin lets you automatically set up a redirection to the HTTPS version of a URL when anyone tries to access the old HTTP version.

System Engineering

Elevate Your Website’s Security Standards With Fully Managed SSL Service

Leave a comment

The new Managed SSL Service at Sangkrit.net saves you from the technical steps of installing and implementing HTTPS over your domains.

What Is Managed SSL Service?

It handles the installation, configuration, management, and renewal of SSL(Secure Socket Layer) certificates on your websites and the service ensures that your website stays safe and secure on the internet.

The Managed SSL Service also saves you from common encryption errors such as:

  • SSL not found error
  • Mixed-content error
  • HTTPS redirect failure error
  • SSL certificate mismatch error

SSL certificates are essential for securing data transmitted between a user’s browser and a website’s server, ensuring that sensitive information such as login credentials, personal details, and payment information is encrypted and protected from malicious actors.

What Is Managed SSL Service Offers You?

Here’s an overview of the features that Managed SSL Service offers:

Installation & Setup

Managed SSL Service providers handle the entire process of obtaining and installing SSL certificates on your website. This includes generating a Certificate Signing Request (CSR), validating domain ownership, and configuring the server to use HTTPS.

Automatic Renewal

SSL certificates have an expiration date, typically ranging from a few months to a year. If you leave this option on, the Managed SSL Service ensures that your certificates are automatically renewed before they expire, preventing any disruption in your website’s security.

Certificate Types

Managed SSL services offer various types of SSL certificates, including Domain Validated (DV), Organization Validated (OV), and Extended Validation (EV) certificates. They can also provide Wildcard and Multi-Domain (SAN) certificates to secure multiple subdomains or domains.

Security & Trust

Managed SSL services offer SSL certificates from reputable Certificate Authorities (CAs) that are recognized and trusted by web browsers. This ensures that your website is not flagged as “Not Secure,” and users can browse your site with confidence.

SEO Benefits

Search engines, including Google, consider HTTPS as a ranking factor. Having an SSL certificate can positively impact your website’s search engine rankings, leading to improved SEO performance.

Support & Troubleshooting

Managed SSL services often provide technical support to address any issues related to SSL certificates. They can help with setup, configuration, and troubleshooting to ensure your website’s security is maintained.

Compatibility & Updates

Managed SSL services ensure that your SSL certificates are compatible with modern web standards and are regularly updated to meet evolving security requirements.

Compatibility with CDN & Load Balancers

Managed SSL services can help you configure SSL certificates for content delivery networks (CDNs) and load balancers, ensuring that your entire website’s traffic is securely encrypted.

Simplified Management

By outsourcing SSL management, website owners can focus on other aspects of their business without worrying about the technical details of certificate installation and renewal.

PCI Compliance

For websites that handle online payments, an SSL certificate is essential for Payment Card Industry Data Security Standard (PCI DSS) compliance.

Green Padlock Symbol

An SSL certificate displays a green padlock symbol in the browser’s address bar, indicating that the connection is secure. This symbol builds trust with users and can potentially increase conversions on e-commerce sites.

Managed SSL Service is a convenient option for website owners who want to ensure the security of their visitors’ data without dealing with the complexities of SSL certificate management. It allows businesses to focus on their core activities while benefiting from enhanced website security and improved user trust.

How Managed SSL Service Works?

Authentication is the keystone of SSL protection. After you subscribe to a Managed SSL, the system itself validates your domain and issues an SSL certificate to ensure your website only takes a secure connection.

Once the system configures the SSL certificate on your domain and verifies that everything is accurate, you receive an email saying that your website is now successfully running over a secure HTTPS connection.

The service offers you Domain Validation (DV) SSL certificates via Managed SSL Service. You can purchase a certificate for a single site or a multiple-domains certificate i.e. SAN SSL that secures one primary plus four additional domains i.e. a total of five domains.

Homeschool

Why It Matters To Add SSL To Your Website?

Leave a comment

Adding SSL i.e. HTTPS protocol to your website is a critical step in ensuring data security, building user trust, and improving search engine visibility.

You can successfully implement HTTPS and provide a secure browsing experience to your website visitors, by subscribing to a SSL plan here. Enabling HTTPS i.e. HyperText Transfer Protocol Secure to your website is important for several reasons.

SSL Is Important For Data Security

An SSL certificate will encrypt the communication between a user’s browser and your website, ensuring that sensitive data such as login credentials, credit card information, and personal details remain secure and protected from unauthorized access or interception. It helps prevent data breaches, identity theft, and tampering with information in transit.

SSL Builds The Trust

It provides a visual indicator on the address bar of your website that builds visitors’ trust. When a visitor accesses your website, he doesn’t see the browser warning of an insecure or untrusted zone. Instead, he sees the padlock icon called the secure label, and that makes him know that his connection is encrypted and his data is being securely transmitted.

Hence, it builds trust and confidence in your website, especially when your website is handling sensitive information or conducting online transactions.

Search Engine & SEO Benefits

Now dominant search engines, like Google, consider HTTPS as a ranking factor. Websites having an HTTPS connection are more likely to rank higher on search engine results pages compared to non-secure websites. Hence, implementing an HTTPS connection can improve your website’s visibility and organic traffic from the search.

How To Add SSL To Your Website?

You simply need to subscribe to a general SSL plan or Managed SSL Service and the automated process will guide you in doing that. The Dedicated Server, VPS, Managed WordPress, and certain web hosting users can take benefit from free SSL service.

WordPress

How To Auto Configure SSL In WordPress Website?

Leave a comment

SSL stands for Secured Socket Layer. When configured it can be seen in the address bar of your website as an HTTPS lock icon instead of HTTP which generally works on websites having no SSL certificate.

The main work of an SSL certificate is to implement encryption to protect sensitive information such as log-in details, credit card numbers, and other sensitive data from unauthorized people and bots.

Apart from this, it has now become an SEO and internet ranking factor so now it positively impacts the website’s visibility on search engines. All popular web browsers now show a warning of an insecure zone on websites that don’t use SSL certificates.

Anyone can subscribe to an SSL certificate plan such as Standard SSL and Managed SSL for adding an SSL to their website. Free Auto-SSL service is also available for the VPS and Dedicated Server users at Sangkrit.net.

This lesson will guide you on how you can auto-configure SSL on your WordPress Website. Because even when you subscribe and install SSL on your website’s hosting, common issues such as partial encryption, and mixed content errors arise, and the website doesn’t get redirected to HTTPS. As a result, both HTTP and HTTPS modes remain active for the users, which is not at all good.

How To Automatically Configure Your Website To Use HTTPS?

You simply need to log in to your WordPress site and navigate to Plugins -> Add New page and then search for the Really Simple SSL plugin. Install and activate the plugin, upon activation the plugin will automatically configure your website to use SSL to its fullest potential. It takes your website from HTTP to HTTPS in just one click.

Apart from this it also offers features to keep track of your server’s health, and tweak configuration to keep WordPress fortified and safe by tackling its weaknesses. It keeps you notified when plugins, themes or core contain vulnerabilities and need appropriate action.

Homeschool

Build A Secure Website To Stop Losing Traffic From Browser’s ‘Not Secure’ Warning

Leave a comment

The browser’s not secure warning shows up to your visitors when your website doesn’t provide them a secure connection i.e. HTTPS encryption. To dismiss this warning you will need to add an SSL Certificate to your website.

The servers and hosting services such as Managed WordPress and Cloud Hosting at Sangkrit.net provides you with free auto SSL and hence when you make your website at Sangkrit.net you don’t need to subscribe to SSL separately. Although, there are plans to subscribe to a premium SSL you may stick to a self-signed free SSL also.

To easily start a secure website you simply need to register your domain name and subscribe to a Managed WordPress plan that gives you a highly customizable, professional-looking secure website which you can manage on your own. A Domain and subscription to Managed WordPress is a complete package, you need nothing else. And you won’t have to worry about browsers displaying the Not Secure warning because all Managed WordPress plans also include an SSL certificate displaying that trustworthy lock on the address bar of your website.

System Engineering

Configuring SSL On Linux VPS & Dedicated Servers

Leave a comment

To configure an SSL on your server there are mainly three steps: subscribe to it, generate a certificate signing request, and once SSL is approved, install it on your server.

This lesson shows you the step-by-step process of implementing SSL on a Linux-based server.

What is SSL? The SSL certificate establishes encryption over information that is sent to the server. It scrambles data into an undecipherable format that can only be returned to a readable format with a proper decryption key. 

How Does SSL Works? When a client attempts to send confidential information to a Web server, the user’s browser accesses the server’s digital certificate and establishes a secure connection.

SSL authenticates the identity of a website. It contains the following information: 

  1. The certificate holder’s name & public key 
  2. The certificate’s serial number and expiration date 
  3. The digital signature of the certificate-issuing authority

How to install SSL on your VPS or Dedicated Server?

  1. Open SANGKRIT.net account
  2. Visit your Products page
  3. Select SSL Certificates 
  4. Select Manage for the certificate you want to use
  5. Under Download Certificate, select a Server type and then select Download Zip File.

Launch your dedicated server:

  1. Visit your Products page
  2. Click the Servers tab
  3. Next to the account, you want to use, click Launch
  4. From the management interface, next to cPanel Site,
  5. Click Manage Server (WHM) and click Proceed

Upload & Install SSL certificate

  1. Search SSL on the left sidebar menu on WHM cPanel
  2. Click Install an SSL certificate on the domain
  3. Type your domain name in the first field
  4. Click the Browse button
  5. Select and upload your SSL certificate
  6. Click Install button

When you choose the browse and upload option, the empty fields are auto-discovered and filled from the SSL you are uploading. Once SSL is installed you may redirect your HTTP site to an HTTPS connection.

WordPress

Secure WordPress Login & Admin Pages With SSL (HTTPS)

Leave a comment

Now you know how to install SSL on a domain and how to implement it on your WordPress installation. A few days back a WordPress user emailed us saying that the majority of his website is not sensitive and also he has a resource limit so he only wants to enable SSL on his website login page and not on the rest of his website.

Continue reading Secure WordPress Login & Admin Pages With SSL (HTTPS)

Domains, Websites, WordPress

How To Implement HTTPS (SSL Certificate) In WordPress?

1 Comment

As soon Google declared HTTPS as an official Google ranking signal, the discussions on implementing SSL certificate in WordPress started populating WP forums and social media sites. In this tutorial we are showing you an easy method to enable HTTPS working on your WordPress site.

Continue reading How To Implement HTTPS (SSL Certificate) In WordPress?

Domains, Web Services, Websites

Secure Your Website With HTTPS (SSL Certificate)

Leave a comment

For running your website on HTTPS (SSL Certificate), first thing you need to do is subscribe a SSL Certificate here. You may go for Standard SSL if you just want to verify your domain and secure your website. Premium SSL plan is ideal for eCommerce shopping cart websites as it provides you the most extensive validation.

Continue reading Secure Your Website With HTTPS (SSL Certificate)