About Secure Certificates (SSL)
Setting Up a Secure Certificate

Website security isn’t just one task, but a multitude of tasks. One of the things you should consider doing is having a secure certificate (SSL), especially, if your site has a login or any other type of form. Any site with a dashboard where you can make changes to your own site has a form. In fact the dashboard is full of forms.

There is a yearly charge for a secure certificate. And your web page addresses will change from http to https. Secure certificates may be issued through your web hosting company, but the (SSL) system and code itself is actually provided by a third party. That means that your web host has several options as to who they provide your SSL through.

After your certificate is issued, you have to change those addresses on your site. That affects all addresses, even images, scripts, etc. You don’t want to have any http addresses left anywhere. I usually use a script called Database Search and Replace Script***. It only takes a few minutes to upload the script to the website, run it and then remove it from the website.

But, you also have to check through your file system and make sure that you don’t have any addresses with http in your files. Otherwise, the certificate will show a problem when people load your site.


I Added a Secure Certificate to my Site and Now it’s Broken

I see this problem quite frequently when websites are using the generic certificate the web host provides. Different browsers react differently. The screenshots are from Firefox.

The Firefox help site describes this specific situation as, “This error is telling you that the identification sent to you by the site is actually for another site. While anything you send would be safe from eavesdroppers, the recipient may not be who you think it is.

A common situation is when the certificate is actually for a different address for the same site. For example, you may have visited https://example.com, but the certificate is for https://www.example.com. In this case, if you access https://www.example.com directly, you should not receive the warning. ”


Leave a Reply

Your email address will not be published. Required fields are marked *