| Posted by jason2004, 03-27-2015, 07:59 AM | | We are starting a new site for loan business with long domain name (25 letters). We would probably need SSL certificate for applications.
- Should we force SSL on whole site from the start? To force http:// to https://
- How we should handle Google search results appearance?
1. To set Preferred domain in GWT and use non-www or www?
3. Canonical setting?
4. What .htaccess code to use for non-www to www and http:// to https://
|
| Posted by MilesWeb, 03-27-2015, 08:04 AM | | If you wish to force the website to work from https. Here is the code you should use.
|
| Posted by jason2004, 03-27-2015, 10:42 AM | | Is the "www" vs "non-www" decided when you generate the CSR for PositiveSSL in cPanel or when you actually purchase the certificate?
|
| Posted by edigest, 03-27-2015, 01:13 PM | | You must choose when you generate the CSR.
As far as www or no, this is one of those things that tends to cause inane arguments. Choose one and 301 redirect from the other:
https://support.google.com/webmaster...er/44231?hl=en
The www argument:
http://www.yes-www.org
The no argument:
Well, there is a "no-www" organization but their site doesn't have an update since 2012 and it really looks like it was created for attention or page-views. Here's the gist of their argument:
"Succinctly, use of the www subdomain is redundant and time consuming to communicate. The internet, media, and society are all better off without it."
|
| Posted by my247webhosting, 03-27-2015, 01:51 PM | | Buy wildcard ssl which will work for www and non www
Preferable to use https on checkout page rather on main page
|
| Posted by SneakySysadmin, 03-27-2015, 03:19 PM | | No one here can answer that question for you.
Do you actually need to use SSL all the time? Is the information on your site of such a sensitive nature that you wouldn't want anyone other than the end user reading it?
Probably not.
You only need SSL when sensitive information is being exchanged. ie, passwords when logging in, credit card data or personal contact/medical/financial information is being provided by the visitor etc. At any time that kind of exchange is not happening SSL is not necessary or expected.
If you turn it on all the time you increase overhead on server resources but your site probably doesn't have enough traffic to have that as an actual concern so.. meh - turn it on if you want to, but "should" or not is for you to decide.
|
| Posted by Website themes, 03-27-2015, 04:18 PM | | Force ssl from the start. Google gives bonus points for ssl sites and this is the new default from now on. Even chrome will start warning users when they visit non-ssl sites
1. Doesn't matter as long as you are consistent.
3. what about it? Add your chosen url from 1.
4. Are you using wordpress? If yes then it will automatically redirect to the correct version.
Otherwise http to https will be something like this:
non-www to www:
|
| Posted by Website themes, 03-27-2015, 04:21 PM | | Purchase a cert with a common name of non-www and it will automatically work for www too. The vice versa may not work. Positive ssl adds an alt-name field in the cert for the www version of your site.
|
| Posted by jason2004, 03-27-2015, 05:00 PM | | Thank you for your inputs. I appreciate it. Are you saying if I generate CSR with www.example.com - positiveSSL will not work for example.com?
|
| Posted by Website themes, 03-27-2015, 05:57 PM | | It may not. Basically the CA is only supposed to sign what you've asked it to sign in your CSR. If you ask for www.example.com that is what they'll sign.
But if you ask for example.com they throw in www.example.com as an alt-name for free. Why? Probably because it's the smart thing to do and if they didn't they'd get a lot of angry customers and their support burden would increase.
|
|
 Add to Favourites
 Print this Article
|
