Where to install SSL Certificate
chrisl1985 said 1 year ago:
I use Plesk 9.5.2 to manage files as well as some Domain stuff. But my server is windows IIS 7 based. I have worked with IIS to redirect/rewrite URLs for my site. Where should I install my SSL Certificate? Plesk or IIS? Plesk seems a lot easier per the instructions, but which is correct or what is the difference?
Also, I have everything in my http directory on my server and I’d like to not have to change that once I install a SSL Certificate. Do I need to move my application over to https or can I just use http but still be secure?
Thanks all.
mike42 said 1 year ago:
@chrisl1985,
For your SSL certificate, it would depend on what method you used to set up your domain name on the server. If you set up that particular domain through IIS, you would want to use IIS to install the certificate. If you used Plesk to set up the domain, you would want to use Plesk to install the certificate.
In order for the application to be secure, you would want it to redirect to https requests. Using http only would not secure the site.
Thanks.
–Mike
chrisl1985 said 1 year ago:
I set up my domain through plesk, so I will use plesk for the ssl certificate.
I have read that there are ways to make the httpdocs and httpsdocs be the same and both be secure. I know on Plesk 10 there is only one directory and it is secure, but I am using 9.5. How can I not duplicate my application between the two directories and only use one that is secure?
chrisl1985 said 1 year ago:
I installed the SSL Certificate and I can navigate to my site using https:// So that is good. But now it says that my site is not secure because it reference non secure items. I just want to make everything secure in the httpdocs directory. How can I do that? Also, how do I make sure that even if the user goes to mysite.com it is forwarded to https://mysite.com? I assume just through basic url redirects?
chrisg said 1 year ago:
@chrisl1985,
Generally if you are seeing errors indicate ‘referenceing non secure items’, the page in question is pulling information from a server or site that is not being secured by the same SSL certificate. You want to make sure you page is only referencing information from a location that is being secured by the same SSL certificate you have installed.
As for making sure visitors are being directed to ‘https’, you would be correct in using basic URL redirect methods for this purpose.
Christopher G.
3 min expected wait time