If I use an ssl certificate on my site, will people get a warning pop up?

[Ashley Gable]

Hi, I have to get a ssl certificate for my domain if I want to use a my tracking software with my merchant account. Because there checkout pages area all https, If i put an http code in there, the customers will get a warning.


So if I make my site an https, will my visitors also get a warning? What else, other than a code from a non-secure site, will trigger that warning?

I have to be honest, I dont really understand what an ssl is I have read up on it but cant get my head around it.

I asked about ssl's in general on here a few days ago, that post saved me A LOT of money! I was about to spend $995 on a ssl! After some help from some warriors, I was able to find one for less than $20!!!

Ashley

Quote:

Originally Posted by AshleyAA

Hi, I have to get a ssl certificate for my domain if I want to use a my tracking software with my merchant account. Because there checkout pages area all https, If i put an http code in there, the customers will get a warning.


So if I make my site an https, will my visitors also get a warning? What else, other than a code from a non-secure site, will trigger that warning?

I have to be honest, I dont really understand what an ssl is I have read up on it but cant get my head around it.

I asked about ssl's in general on here a few days ago, that post saved me A LOT of money! I was about to spend $995 on a ssl! After some help from some warriors, I was able to find one for less than $20!!!

Ashley

Hi Ashley,
SSL is used for the purpose to protect information being passed on your website. It encrypt this information (normally credit cards, names, address, and etc) so it can not be picked up by a third party during transmissions.

That is basically what SSL is .. You visitors will not get a popup if your site is fully SSL but you need to make sure that all your code (html) is also using the full url for SSL also.

For example your images normally would look like this:

Code:

<img src="http://www.mysite.com/images/myimage.jpg">

But now they need to be like this:

Code:

<img src="https://www.mysite.com/images/myimage.jpg">

So in other words any urls on your site need to use https now instead of http. If any images are using http then they will get a popup.

James

[GeorgettaSterling]

The other reason users might get a security warning is if the security certificate isn't "registered" in the browser. SSLs are issued by "issuing authorities", and if you get your SSL cert from a company that isn't pre-registered in the popular browsers (Explorer and Firefox) then the user will still get a security warning.

The solution is easy enough - get an SSL from one of the companies that are already registered in most peoples' browsers. If you use Firefox, you can see the default list by clicking Tools|Options|Advanced|View Certificates. Some of the biggest issuers are already registered there (with a new Firefox installation) like Thawte, Godaddy, and Comodo (Namecheap sells those).

Best Regards, Georgetta

[Ashley Gable]

Quote:

Originally Posted by TheRichJerksNet

Hi Ashley,
SSL is used for the purpose to protect information being passed on your website. It encrypt this information (normally credit cards, names, address, and etc) so it can not be picked up by a third party during transmissions.

That is basically what SSL is .. You visitors will not get a popup if your site is fully SSL but you need to make sure that all your code (html) is also using the full url for SSL also.

For example your images normally would look like this:

Code:

<img src="http://www.mysite.com/images/myimage.jpg">

But now they need to be like this:

Code:

<img src="https://www.mysite.com/images/myimage.jpg">

So in other words any urls on your site need to use https now instead of http. If any images are using http then they will get a popup.

James

Thanks James, I didnt realize this! But that should be easy enough, I only have a few pages, but I do have a wordpress blog, so that might be annoying, having to go change all the links.

But will all my incoming links be nullified by the extra “s”?

Quote:

Originally Posted by GeorgettaSterling

The other reason users might get a security warning is if the security certificate isn't "registered" in the browser. SSLs are issued by "issuing authorities", and if you get your SSL cert from a company that isn't pre-registered in the popular browsers (Explorer and Firefox) then the user will still get a security warning.

The solution is easy enough - get an SSL from one of the companies that are already registered in most peoples' browsers. If you use Firefox, you can see the default list by clicking Tools|Options|Advanced|View Certificates. Some of the biggest issuers are already registered there (with a new Firefox installation) like Thawte, Godaddy, and Comodo (Namecheap sells those).

Best Regards, Georgie

Thanks, I just went and looked at the one I was thinking of getting, and it says it has a browser recognition of 99.9%. It also shows little icons of all the browsers. So I think that it is a good one.

Thanks
Ashley

Quote:

Originally Posted by AshleyAA

Thanks James, I didnt realize this! But that should be easy enough, I only have a few pages, but I do have a wordpress blog, so that might be annoying, having to go change all the links.

But will all my incoming links be nullified by the extra “s”?

No just make sure your .htaccess is set properly to redirect http to https - this is done on most servers by a 301 redirect and should be done automatically when you install the cert on your server.

As for wordpress you should just have to change the domain name in the settings. If your images are only using images/myimage.jpg without the full url then you do not have to change anything.

James

[Ashley Gable]

Quote:

Originally Posted by TheRichJerksNet

No just make sure your .htaccess is set properly to redirect http to https - this is done on most servers by a 301 redirect and should be done automatically when you install the cert on your server.

As for wordpress you should just have to change the domain name in the settings. If your images are only using images/myimage.jpg without the full url then you do not have to change anything.

James

Okay cool. so when I have my host install the certificate (I am on shared hosting, so apparently I cannot do it myself), I should just remind them to put into place an .htaccess that redirects all http links to https.

And just so I am clear, I dont need to manually change any of the http links to https? And I wont lose my rankings? I am number 2 for my main keyword so I really dont want to lose it!

Thanks so much for the help! You helped me with my last ssl question a few days ago I appreciate it

Quote:

Originally Posted by AshleyAA

Okay cool. so when I have my host install the certificate (I am on shared hosting, so apparently I cannot do it myself), I should just remind them to put into place an .htaccess that redirects all http links to https.

And just so I am clear, I dont need to manually change any of the http links to https? And I wont lose my rankings? I am number 2 for my main keyword so I really dont want to lose it!

Thanks so much for the help! You helped me with my last ssl question a few days ago I appreciate it

You are on shared hosting ... Make sure you have your own IP as a SSL does require your own IP.

As for the site, if any links do have the full url with http then yes I would manually change those to use https. The .htaccess is to take care of links leading to your site from outside sites that may be http.

You will not lose your rank at all, it will just add that redirect which does not effect any rankings or anything.

Also I would like to add when you get the SSL installed be careful when marketing because there are many sites that do not take https because they had a coder that did not think ahead and realize some sites are secured. So in this case just use http and it will redirect with the .htaccess..

For example if you add an article to articlesbase.com then in your resource box use the http because if you use https it will break the link and it will not work.

James

[Ashley Gable]

Okay I get it. The .htaccess is for when someone clicks an outside link with http only, or if they type http://ww...

I know I dont have my own ip though, once I went to a 'stat checker' kind of site, and it listed a bunch of sites under a heading that said: "other sites on this ip"

I will have to ask my host what they can do for me. Hopefully I will be able to get it up soon, I really want to start tracking my conversions!

Thanks again James for all your help.

Quote:

Originally Posted by AshleyAA

Okay I get it. The .htaccess is for when someone clicks an outside link with http only, or if they type http://ww...

I know I dont have my own ip though, once I went to a 'stat checker' kind of site, and it listed a bunch of sites under a heading that said: "other sites on this ip"

I will have to ask my host what they can do for me. Hopefully I will be able to get it up soon, I really want to start tracking my conversions!

Thanks again James for all your help.

Your very much welcome ... Most host can sell you an ip address for like $2 a month or something (some do not have the ability). So yeah check with them and make sure before spending money on your SSL.

Good luck with the site...

James

[GeorgettaSterling]

Some hosts also offer shared SSL for shared IP addresses, so you don't necessarily HAVE to get your own IP address. Personally, though, I wouldn't really want to share an SSL and IP with a bunch of strangers...when I can get my own cert for $20 and an IP addy for $1/month.

Regards, Georgetta

[seasoned]

The main domain should show up on the task bar as https. EVEN if http worked, it would scare customers off. And you CAN'T know if http within a page will work as some browsers might not support that.

The cert has to have an expiration date past todays date, be for the PRECISE DOMAIN, www.mydomain.com is different from mydomain.com, and be from a VALID C/A! ALL loaded URLS must be https, and from the same site! ANY deviation can trigger a warning.

Keep in mind that their are TWO types of warnings. One is the popup, another is that ICON that shows it is secured, like on the lower right of the status bar in IE.

BTW an SSL cert is an encrypted file that contains the data needed to ensure what I mentioned above. The purpose is that the vistor gets a special PUBLIC key from your site, passes you theirs, and you each use that to decrypt data. THAT way, if anyone "sniffs" your connection, they will see GARBAGE, because THEY won't have the keys necessary to decrypt it. The keys you pass are tied to the other system, so even THEY are worthless.

Steve

[seasoned]

Quote:

Originally Posted by AshleyAA

Okay I get it. The .htaccess is for when someone clicks an outside link with http only, or if they type http://ww...

I know I dont have my own ip though, once I went to a 'stat checker' kind of site, and it listed a bunch of sites under a heading that said: "other sites on this ip"

I will have to ask my host what they can do for me. Hopefully I will be able to get it up soon, I really want to start tracking my conversions!

Thanks again James for all your help.

OOPS!!!!! The order you should do it in is:

1. Get new IP.
2. Get CSR
3. Use CSR to get SSL CERT
4. Install SSL cert on your server

SSL certs are IP resolved, so name resolution doesn't work.

Steve