Friends I want to know for when a secured hosting is done, we require an unique ip address to associate our SSL Certificate to it. Also, I kinda read in one tutorial that when a browser requests for a secured conncetion then all the SSL process initiates. But how does a browser request for a secure connection. Don't we just write www.chase.com? And then our browser converts the http to https? Whats happening in the background?
Step by step (Assuming HSTS header is not active in which it will automatically use https without making a http request):
www.example.com responds with a moved status code and gives the new location:
HTTP/1.1 301 Moved Permanently
Location: https://www.example.com/
The browser reads that and knows that it must start a Secure HTTPS connection.
Anyway, if what you need is to install an SSL / TLS certificate you must make sure that your client is redirected from HTTP to HTTPS. That should be accomplished from the server configurations.
In your programming code, you evaluate the protocol and redirect using a 301 (server side). This is not done in the browser.
You can do this in ASP.NET in the Global.asax
file
I'm not sure about other programming languages (PHP, Ruby, etc). Others can feel free to chime in and edit my answer with more examples if they please.
if(!Request.IsSecureConnection)
{
string redirectUrl = Request.Url.ToString().Replace("http:", "https:");
HttpContext.Current.Response.Status = "301 Moved Permanently";
HttpContext.Current.Response.AddHeader("Location", redirectUrl);
}
I think you can do this by default in Apache using .htaccess, but as far as I can tell, if you want to do it in IIS you need to run an asp script or include it in your .net application. I could be wrong, but this is what I've come up against in my trials of this.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With